Donate for the Cryptome archive of files from June 1996 to the present

16 December 2012

US Army TEMPEST Technical Security

Related: http://cryptome.org/nsa-tempest.htm


http://www.dami.army.pentagon.mil/site/TechSec/TEMPEST.aspx

To prescribe policies, procedures, and responsibilities for the Department of the Army (DA) to evaluate and control compromising emanations (TEMPEST). The procedures implement national-level and DOD policies to protect information from foreign intelligence collection. It requires that the application of TEMPEST countermeasures be proportional and appropriate to the threat and potential damage to national security. It explains the selection, training, utilization, and operational requirements for appointment of an Army certified TEMPEST Technical Authority (CTTA) and provides Army protected distribution policy.


PDS's - National Authorities

NSTISSI 7003, Protected Distribution Systems (PDS)

AR 380-27, Control of Compromising Emanations

Army Regulation 380-27, Control of Compromising Emanations

Responsibilities

  • Roles and Responsibilities of the Army Commands, Army Service Component Commands, Direct Reporting Units
  • Army endorsement of National Security Doctrine
  • Army Certified TEMPEST Technical Authorities (CTTA)
  • TEMPEST Countermeasures Review
  • INSCOM role in Army TEMPEST program
  • Protected Distribution Systems
  • Revised AR 380-27 focus is on the customer and need for TCR
-Status: Published on 19 May 2010, effective date 19 June 2010

AR 25-2, Information Assurance

AR 380-5, Department of the Army Information Security Program


PDS's-Requirements

Definition

Wire line or fiber-optic distribution systems used to transmit unencrypted classified national security information through an area of lesser classification or control.

Is It Required?

Does an unencrypted RED wire line or fiber-optic line pass through an area of lesser classification?
  • If the area is all cleared and controlled 24/7 to the same level, no PDS is required.
  • If the information is encrypted, no PDS is required. (Compare costs. Encryption devices may be more cost effective than a PDS.)

PDS Requirements

1. PDS terminal equipment should be installed in a CAA.

2. PDS should not be concealed.

3. Employees should be aware PDS exists.

4. Directions for maintaining PDS security should be posted.

5. Un-cleared personnel who require access to PDS must be monitored continuously.


PDS- Approval Authorities

The DAA is the final PDS approval authority.

Per NSTISSI 7003 and AR 380-27, the DAA can decide, based on a risk management decision and a risk assessment from the CTTA, to disregard the requirements of NSTISSI 7003, Annex B.

Installation NEC is the final authority for SIPRNET connectivity.

Information Security

-Enforce provisions of AR 380-5 pertaining to SIPRNET terminal equipment.

CTTA is the final authority for TEMPEST requirements for PDS.


PDS - Simple or Hardened

Simple PDS

Hardened PDS

Reduced level of physical
security protection
- Data cables should be
installed in a carrier

- Carrier can be constructed of
any material (wood, PVC, EMT,
ferrous conduit, etc.)

- Joints and access points
should be secured and
controlled by cleared personnel

- Carrier must be inspected IAW
requirements of NSTSSI
7003, Table B-2

Significant physical security
protection
- Hardened Carrier

- Alarmed Carrier

- Continuously Viewed Carrier

Raceway products and Armored
fiber-optic have not been
approved for hardened PDS
without modification

Table B1, Annex B of NSTISSI No. 7003, provides a PDS Installation Matrix that helps the DAA determine if the PDS should meet the security requirements for a hardened or for a simple PDS.


PDS - Carriers

Hardened Carrier

  • Install data cables in a carrier.
  • Construct carrier from EMT, ferrous conduit or pipe, or rigid-sheet steel ducting.
  • Permanently seal all connections.
  • If buried, install at least 1 meter below the surface.
  • If suspended between buildings, elevate at least 5 meters.

Alarmed Carrier

  • Approve alarm system through cognizant COMSEC and/or physical security
  • Verify alarm system performance IAW NSTISSI 7003, Table B-4
  • Ensure security personnel will respond with 15 minutes
  • Provide for inspection to determine cause of any alarm
  • Define action if transmission terminated
  • Initiate investigations of actual intrusion attempts.

Continuously Viewed Carrier

  • Carrier must be under continuous observation
  • Standing orders should include requirement to investigate any attempts to disturb the PDS
  • Security personnel should investigate suspected penetrations with 15 minutes
  • Not used for TS or Special category information for non-US UAA.


Training:

U.S./Canada TEMPEST Professional Certification Testing Schedule

February, June and October at Fort Meade, MD
(San Antonio, T.X. & Ottawa, Canada 45 days advance request for date required)
POC: Mrs. Gina DuBell, Chairman; Mr. Michael Cabrera, Alternate

National TEMPEST School Training Locations: All TEMPEST training for Army must be approved by Mrs. Gina DuBell or Mr. Richard Niederkohr.

TEMPEST Fundamentals (L7OATXXXXX 0T3A) - 3 Days
23 - 25 Jan 13 6 - 8 Mar 13 17 - 19 Apr 13
10 - 12 Jul 13 7 - 9 Aug 13 11 - 13 Sep 13

TEMPEST for System Installation & Facility Design (L7OATXXXXX 0T4A) - 8 Days
28 Jan - 6 Feb 13 11 - 20 Mar 13 23 Apr - 1 May 13
15 - 24 Jul 13 12 - 21 Aug 13 16 - 25 Sep 13

TEMPEST Test Equipment Familiarization (L7OATXXXXX 00TA) - 7 Days
30 May - 7 Jun 13

TEMPEST Lab Testing Basics (L7OATXXXXX 0T5A) - 10 Days
10 - 21 Jun 13

Lackland AFB San Antonio TX. National TEMPEST School Course Schedule

TEMPEST Fundamentals (L3OARXXXXX 0T3A) - 3 Days
31 Oct - 2 Nov 12 28 - 30 Nov 1
9 - 11 Jan 13 3 - 5 Apr 13 1 - 3 May 13

TEMPEST Test Equipment Familiarization (L7OATXXXXX 00TA) - 7 Days
30 May - 7 Jun 13

TEMPEST Lab Testing Basics (L7OATXXXXX 0T5A) - 10 Days
10 - 21 Jun 13

Lackland AFB San Antonio TX. National TEMPEST School Course Schedule

TEMPEST Fundamentals (L3OARXXXXX 0T3A) - 3 Days
31 Oct - 2 Nov 12 28 - 30 Nov 1
9 - 11 Jan 13 3 - 5 Apr 13 1 - 3 May 13

TEMPEST for System Installation & Facility Design (L3OARXXXXX0T4A) - 8 Days
5 - 15 Nov 12 3 - 12 Dec 12
14 - 24 Jan 13 8 - 17 Apr 13 6 - 15 May 13

TEMPEST Test Equipment Familiarization (L3OARXXXXX 00TA) - 7 Days
24 Jan - 1 Feb 13 2 - 10 May 13

TEMPEST Field Testing Basics (L3OARXXXXX 0T6A) - 10 Days
13 - 24 May 13

TEMPEST Lab Testing Basics (L3OARXXXXX 0T5A) - 8 Days
4 - 15 Feb 13
16 - 27 Sept 13

NONSTOP Testing (L3OARXXXXX 0T7A) - 10 Days
3 - 14 Dec 12

Advanced TEMPEST Testing (L3OARXXXXX 0T9A) - 16 Days
29 Jul - 16 Aug 13

TRAINING POCs:

Mr. Richard Niederkohr
HQDA G-2
Chief, Technical Security Branch
(703)695-3050
Richard.a.niederkohr.civ[at]mail.mil
richard.niederkohr[at]us.army.smil.mil

Ms. Gina Dubell
902nd MI Group
(301)677-3536
gina.l.dubell.civ[at]mail.mil
Gina.dubell[at]us.army.smil.mil

Army POC/CTTA's Group Email and Mailing Addresses:

usarmy.meade.902-mi-grp.list.310th-tempest[at]mail.mil
902d310thTEMPEST[at]mi.army.smil.mil