Tempest (codename)

TEMPEST (Telecommunications Electronics Materials Protected from Emanating Spurious Transmissions^[1]) is a U.S. National Security Agency specification and a NATO certification^[2]^[3] referring to spying on information systems through leaking emanations, including unintentional radio or electrical signals, sounds, and vibrations.^[4]^[5] TEMPEST covers both methods to spy upon others and how to shield equipment against such spying. The protection efforts are also known as emission security (EMSEC), which is a subset of communications security (COMSEC).^[6] The reception methods fall under the umbrella of radiofrequency MASINT.

The NSA methods for spying on computer emissions are classified, but some of the protection standards have been released by either the NSA or the Department of Defense.^[7] Protecting equipment from spying is done with distance, shielding, filtering, and masking.^[8] The TEMPEST standards mandate elements such as equipment distance from walls, amount of shielding in buildings and equipment, and distance separating wires carrying classified vs. unclassified materials,^[7] filters on cables, and even distance and shielding between wires or equipment and building pipes. Noise can also protect information by masking the actual data.^[8]

While much of TEMPEST is about leaking electromagnetic emanations, it also encompasses sounds and mechanical vibrations.^[7] For example, it is possible to log a user's keystrokes using the motion sensor inside smartphones.^[9] Compromising emissions are defined as unintentional intelligence-bearing signals which, if intercepted and analyzed (side-channel attack), may disclose the information transmitted, received, handled, or otherwise processed by any information-processing equipment.^[10]

^ "What is Tempest?". blog.enconnex.com. Enconnex.
^ Product Delivery Order Requirements Package Checklist (PDF), US Air Force, archived from the original (PDF) on 2014-12-29
^ TEMPEST Equipment Selection Process, NATO Information Assurance, 1981, archived from the original on 2019-02-02, retrieved 2014-09-16
^ "How Old IsTEMPEST?". Cryptome.org. Retrieved 2015-05-31.
^ Easter, David (2020-07-26). "The impact of 'Tempest' on Anglo-American communications security and intelligence, 1943–1970". Intelligence and National Security. 36: 1–16. doi:10.1080/02684527.2020.1798604. ISSN 0268-4527. S2CID 225445718.
^ "Emission Security" (PDF). US Air Force. 14 April 2009. Archived from the original (PDF) on December 23, 2013.
^ ^a ^b ^c Goodman, Cassi (April 18, 2001), An Introduction to TEMPEST, Sans.org
^ ^a ^b N.S.A., TEMPEST: A Signal Problem (PDF), archived from the original (PDF) on 2013-09-18, retrieved 2014-01-28
^ Marquardt et al. 2011, pp. 551–562.
^ "NACSIM 5000 Tempest Fundamentals". Cryptome.org. Retrieved 2015-05-31.

[what_is_tempest-1] "What is Tempest?". blog.enconnex.com. Enconnex.

[USAF140107011-2] Product Delivery Order Requirements Package Checklist (PDF), US Air Force, archived from the original (PDF) on 2014-12-29

[NIA1981-3] TEMPEST Equipment Selection Process, NATO Information Assurance, 1981, archived from the original on 2019-02-02, retrieved 2014-09-16

[4] "How Old IsTEMPEST?". Cryptome.org. Retrieved 2015-05-31.

[5] Easter, David (2020-07-26). "The impact of 'Tempest' on Anglo-American communications security and intelligence, 1943–1970". Intelligence and National Security. 36: 1–16. doi:10.1080/02684527.2020.1798604. ISSN 0268-4527. S2CID 225445718.

[6] "Emission Security" (PDF). US Air Force. 14 April 2009. Archived from the original (PDF) on December 23, 2013.

[tempest_intro-7] Goodman, Cassi (April 18, 2001), An Introduction to TEMPEST, Sans.org

[tempest-history-nsa-8] N.S.A., TEMPEST: A Signal Problem (PDF), archived from the original (PDF) on 2013-09-18, retrieved 2014-01-28

[FOOTNOTEMarquardtVermaCarterTraynor2011551–562-9] Marquardt et al. 2011, pp. 551–562.

[10] "NACSIM 5000 Tempest Fundamentals". Cryptome.org. Retrieved 2015-05-31.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]