Archie MacIntyre, TEMPEST Capability Lead at QinetiQ Farnborough
The first question you probably want to ask is: what is TEMPEST and what does it stand for?
That’s the easy part: TEMPEST is simply a code word which refers to the study of the phenomenon of compromising emanations; unfortunately, it doesn’t mean ‘Tiny Electro Magnetic Particles Emitting Secret Things’ (a running joke in the TEMPEST community!) The accepted definition of a compromising emanation is unintentional intelligence-bearing signals which, if intercepted and analysed, may disclose the information transmitted, received, handled, or otherwise processed by any information-processing equipment.
The important issue to understand with the TEMPEST phenomenon is that all electronic and electro-mechanical equipment produces emissions to a lesser or greater degree. The objective for a system designer is to control the phenomenon, and the objective for a TEMPEST test engineer is to identify the problem and resolve the TEMPEST issue.
On 6 February 2013, QinetiQ’s TEMPEST Test facility in Farnborough, Hampshire, UK, was awarded accreditation by CESG, the UK National Authority for Information Assurance under the new CESG Formal TEMPEST Certification Scheme (CFTCS). The facility is used to test equipment and systems that process classified information, from single box units to large scale communications systems. The CFTCS evolved in response to the UK government’s Cyber Strategy and ensures that UK Information Assurance services meet NATO and EU requirements.
The study of the TEMPEST phenomenon has previously been exclusively related to military and defence organisations, but security-conscious commercial enterprises are showing increasing interest in TEMPEST testing, to ensure that the design and performance of their systems prevents the unintentional transmission of secure data.
Get further information on how QinetiQ can provide assurance, technical expertise and test and evaluation services for equipment, systems and platforms.