JEWELLLW@VM.CC.PURDUE.EDU (Larry W. Jewell) (02/06/91)
From: "Larry W. Jewell" <JEWELLLW@VM.CC.PURDUE.EDU>
On pg 248 of the March 1991 "Computer Shopper" the article
titled "How to Kick the Spy-Business Blues" starts with:
"When the Central Intelligence Agency, the Defense Intelli-
gence Agency, or any other James Bond-like ministry in the
U.S. Government buys a PC, the machine needs to meet so-called
Tempest security specifications that prevent the other side's
spies from electronically snooping around."
**UNCLASSIFIED ANSWERS PLEASE!!!***
What are the specs. for Tempest? I'm curious because some of
the stuff I will be doing is VERY subject to industrial
espionage, and I'd like to know if the Government's standards
are good enough for industry?
P.S. I am building one hell of a hardened revetment out ot the
backissues of "COMPUTER SHOPPER" :-).
"E-MAIL ANSWERS COMPILED, CREDITED, AND POSTED."
************************************************************************
*It works better if you plug it in. *
******************* Sattinger's Law ************************************
Larry W. Jewell JEWELLLW@VM.CC.PURDUE.EDUhenry@zoo.toronto.edu (Henry Spencer) (02/07/91)
From: henry@zoo.toronto.edu (Henry Spencer) >From: "Larry W. Jewell" <JEWELLLW@VM.CC.PURDUE.EDU> >Tempest security specifications that prevent the other side's >spies from electronically snooping around." > >**UNCLASSIFIED ANSWERS PLEASE!!!*** > >What are the specs. for Tempest? No unclassified answer is available. The Tempest specs themselves are classified, available only to suitably-cleared contractors. -- "Maybe we should tell the truth?" | Henry Spencer at U of Toronto Zoology "Surely we aren't that desperate yet." | henry@zoo.toronto.edu utzoo!henry
howard@cos.com (Howard C. Berkowitz) (02/08/91)
From: howard@cos.com (Howard C. Berkowitz) In article <1991Feb6.032648.22323@cbnews.att.com> JEWELLLW@VM.CC.PURDUE.EDU (Larry W. Jewell) writes: >What are the specs. for Tempest? I'm curious because some of >the stuff I will be doing is VERY subject to industrial >espionage, and I'd like to know if the Government's standards >are good enough for industry? Unfortunately, the exact Tempest specs are classified; I can, on an unclassified basis, say what you would need to get access to in order to get a reasonably good Tempest specification.. While I think the numbers have changed, the main documents used to be MIL-HDBK-232, "Red/Black Engineering Criteria," and NACSIM 5100 and 5200. I can't remember which were which in the NACSIMs; one specified maximum radiation limits and one specified test methods. MIL-HDBK-232 and the test method were CONFIDENTIAL; the radiation limits were SECRET. The bottom line, however, is that (1) you probably don't have a sufficient threat to warrant the HIGH expense of Tempest for industrial use, and (2) it's not impossible to build Tempest-compliant boxes even without the specs, as there are approved enclosures, power line filters, etc., that you can wrap around any device. EXPENSIVE. -- howard@cos.com OR {uunet, decuac, sun!sundc, hadron, hqda-ai}!cos!howard (703) 883-2812 [W] (703) 998-5017 [H] DISCLAIMER: Opinions expressed are not necessarily those of the Corporation for Open Systems, its members, or any standards body.