Today’s military forces increasingly find themselves fighting on two battlefields – the more traditional force-on-force, alongside the growing threat of cyber and electronic warfare.
Unintentional signals emanating from equipment on military vehicles and communications installations can result in the enemy picking up sensitive data.
The term used by the military for naturally occurring and unintentional electromagnetic radiation and signals from equipment is Tempest. These electromagnetic signals can result in the recovery of sensitive information from a distance.
Tempest certification and testing was introduced by NATO to address the vulnerability of classified information, ensuring energy from IT equipment, communication systems and military platforms is not accessible to eavesdroppers.
Unlike EMC testing, Tempest is not looking for the level of emissions, but data within those emissions. It is not a concern if a product or platform emits radio waves, or interferes with other products, but if someone from outside can see classified data within those emissions.
The National Cyber Security Centre (NCSC) Tempest service therefore helps manufacturers to understand how vulnerable their ICT system is to unintentionally emitting classified information and then ensures that appropriate countermeasures are put in place for the level of risk.
Tempest certification is designed to enable manufacturers of electronic equipment, which handles classified information, to supply the military and secure government organisations throughout NATO and Europe.
This equipment can be anything such as IT, communications systems, crypto products, worn/personal systems and even printers, as well as entire platforms such as ships, aeroplanes and land vehicles.
Certification is based on testing which demonstrates conformity with verifiable and repeatable standards specified by NCSC, which represents NATO in the UK.
The Tempest testing service therefore enables manufacturers of electronic products, which are intended to handle classified information, to be added to the UK Approved Products list.
The Tempest Certification Scheme, which is the NCSC implementation of the NATO standard SDIP-55, seeks to achieve assurance based on compliance at every stage of a product’s life, from its initial design onwards. It supports the UK Government’s UK Cyber Strategy, also ensuring that testing services comply with the European Union’s IASG4-04 standard.
Manufacturers wishing to have their product or mobile platform (such as military vehicle or ship) certified must work with a NCSC accredited test facility, which can issue Tempest product certificates on behalf of NCSC. The scheme enables these accredited test facilities to certify products on behalf of NCSC.
The NCSC accreditation scheme has been developed to provide Tempest testing for first of type military ships, land vehicles and aircraft, to ensure risks are identified in order to enable correction or mitigation of the risk prior to entry into service. The first of type test plans, and reports are scrutinised by NCSC before accreditation is awarded.
In order to be accredited, and to verify its performance, a test facility must submit a facility qualification report to NCSC every three years. Test engineers must also have their qualifications revalidated by NCSC every three years.
Tempest: the paperwork
There are three CESG (NCSC) documents which relate to Tempest and electromagnetic security (EMS), which can be referenced by both test laboratories and manufacturers to support them in their work.
The IA Implementation Guide No 14 (IG14) gives practical guidance to support users with understanding the CESG Good Practice Guide No 14, as well as the NATO Military Committee Communication and Information Systems Security and Evaluation Agency (SECAN) Document and Information Publications policy for testers (specifically SDIP-27 testing of equipment and SDIP-29 installation of equipment). IG14 also interprets SDIP-27 for UK national use.
The CESG Good Practice Guide No 14 (GPG14) assists anyone involved in managing risks and accrediting ICT systems, as well as those involved in their design and installation, to manage emissions security.
GPG14 supports the UK Government’s Security Policy Framework, which states that departments and agencies must follow specific government procedures to manage the risk posed by eavesdropping and electromagnetic emanations.
The IA Busy Reader’s Guide No 17 aims to help readers achieve a more pragmatic approach to managing risks associated with electromagnetic vulnerabilities. It does this by clarifying risk management considerations for electromagnetic vulnerabilities and how these support technical risk assessment and treatment processes outlined in the supplement to HMG IA Standard Numbers 1 & 2 (Supplement), Technical Risk Assessment and Risk Treatment.
The tests consider how close people can get to the equipment in question and how it will be used.
For example, is it held within a secure room, or an embassy to which members of the public can get quite close? If it is the latter, there may be a risk that an individual could use an antennae outside the embassy to pick-up what is on a laptop screen within the building.
NCSC qualified engineers will examine a manufacturer’s product against the standard, using NCSC accredited equipment.
However, while CFTCS testing ensures that a new product is tested thoroughly for unwanted electromagnetic emanations, it is only performed on one product sample. Consequently, to ensure that the build standard remains consistent throughout the product’s production, Tempest Production Assurance testing (TPAT) is carried out on samples from the production run of the product to ensure that integrity is maintained.
As well as submitting products for testing by an accredited laboratory, manufacturers must also undergo regular NCSC Tempest production audits to maintain certification for their equipment.
As the details of the certification process are classified and considered restricted documentation, some manufacturers may not have the required level of security for document storage. So, reports and other documents relating to the certification will be held on their behalf by the accredited testing laboratory.
As the process is complex and classified, it is encouraged that manufacturers make Tempest considerations during the early design stages, and support is sought from an accredited test laboratory throughout the production and product lifecycle.
Jean-Louis Evans is managing director at TÜV SÜD Product Service, the product testing and certification organisation.