GCN Tech Blog

By GCN Staff

Blog archive

Curtains for the Tempest threat?

Intell IT blog entry



Concern about remote eavesdropping on intelligence community computers by intercepting unintentional emissions from the equipment surfaced in the general press in the 1990s, followed by a series of news stories generally debunking the security risks.

Some practitioners reportedly said that although eavesdropping on a computer in an adjacent hotel room, for example, might be feasible, the resulting data probably would be fragmentary or worthless. Anecdotes about long-distance eavesdropping using Tempest technology from, say, hundreds of yards away, were bunk, those sources said.

It does seem clear that the level of advertising and publicity surrounding Tempest technology has quieted dramatically.

Some practitioners point to the notion that Tempest is not an acronym for an eavesdropping technology but rather a description of ways to foil such eavesdropping. They cite the rarely used expansion of the acronym to support their views: Telecommunications Electronics Material Protected from Emanating Spurious Transmissions.

However, a technology shift since Tempest's heyday in the mid-1990s might have severely restricted the opportunities for would-be eavesdroppers. Cathode ray tube (CRT) displays have been progressively replaced by various types of flat screens, which appear comparatively resistant to such eavesdropping.

On the other hand, spurious emissions can also come from other components.

Whatever the status of these technology developments, an unobtrusive slice of the federal information technology vendor community has been marketing Tempest services and equipment for two decades or more. To follow up, check with companies such as Tempest.

Comments on the unintentional electronic emissions of CRT monitors as compared with flat-screen monitors are welcome.

Posted by Wilson P. Dizard III on May 27, 2008 at 9:39 AM


inside gcn

  • When cybersecurity capabilities are paid for, but untapped

Reader Comments

Thu, May 29, 2008 Ron Waranowski

Commercial mindset, stuck with the emperor's clothes with encryption, authenication, etc. drink the kool-aid that commerical equipment vendors offer. Unless the "practioneers" have the background they will "debunk" it. Secondly, TEMPEST is old school and even the Gov has evolved to "threat specific" approaches (way too $$ to TEMPEST all). Third, the onslaught of wireless deployment of commercial products is making remote eavesdropping all the more easier - check the 2005 GAO report on wireless security.

Thu, May 29, 2008 John Turner VA

Mr. Dizard,You should really be very careful reporting in this area as it relates directly to National Security. Being dismissive of electronic threats due to advancements in technology directly contradicts the fact that the evolution of technology has also provided more sophisticated electronic eavesdropping capabilities, perhaps making TEMPEST even more important now than ever. Advancements in laser technologies, for example, have provided the ability to retrieve information from far greater distances, unperceived, and with extreme accuracy. While it is true and widely known that CRT monitors do radiate less than LCD panels, that does not make them unsusceptible to retrieval of compromising emanations. Other communication technologies create even larger challenges than the mere PC screen. Your story, to the contrary, should be asking if TEMPEST, which was defined decades ago, is enough given the advancements and increased reliance on electronic means of communication in the Government. Your title, suggesting that we become more lax in information security measures, is particularly irresponsible in this day and age.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

resources

HTML - No Current Item Deck
  • Transforming Constituent Services with Business Process Management
  • Improving Performance in Hybrid Clouds
  • Data Center Consolidation & Energy Efficiency in Federal Facilities

More from 1105 Public Sector Media Group