Page 63 - 2019 Mil/Aero eBook
P. 63

Physical Security Measures
Physical security measures fall into multiple categories, are often combined for maximum protection, and must be implemented in addition to information security measures in order to reliably prevent unauthorized access to network cabling and connected equipment. The government uses protected distribution systems (PDS) ranging from glued conduit and piping to alarms and video monitoring to physically protect network cabling. Operational security measures for critical military networks often include documenting and labeling the cabling and connected equipment to mitigate the possibility of mistakenly allowing classified information to be transmitted to uncontrolled media or unauthorized personnel to access sensitive cabling and equipment. Distribution labeling is an effective operational security measure that helps control access by clearly labeling, appropriately securing, and routinely surveying each and every cable termination point to prevent and detect unauthorized network ingress or egress. Documentation and periodic inspection serve to both address potential network breach points as well as to identify and terminate actual breaches.
Critical military networks also require physical protection that extends beyond restricting physical accessibility. Networks dedicated to the storage and transmission of highly classified data, like those at the Department of Homeland Security, must also physically prevent network cables from emitting detectible, discernable signals. The task of limiting any and all potentially compromising emanations to within safe, strictly controlled spaces falls under what the U.S. government refers to as EMSEC (Emissions Security), INFOSEC (Information Security), and TEMPEST (Telecommunications Electronics Material Protected from Emanating Spurious Transmissions and/or Transient Electromagnetic Pulse Emanation Standard). These programs work to assure that normally radiated network signals are effectively shielded from adversaries and other unscrupulous listeners who could potentially use the captured data for unauthorized means.
Compromising Emanations
Radiated signals or emissions occur in every piece of computer equipment and in all copper cabling. In the U.S., the Federal Communications Commission (FCC) controls the amount of allowable emissions but international counterparts, like the International Electrotechnical Commission’s (IEC’s) International Special Committee on Radio Interference (CISPR) also exist. The unwanted variety of signal emissions are known as compromising emanations. Compromising emanations can be transmitted through power lines or data and telephone cabling, or simply radiated through the air. When a compromising emission is received or intercepted, it’s possible for the signals to be reconstituted, revealing the secure information. Microchips, diodes, transistors, and other non-linear electronic components in data processing equipment are all potential sources of compromising emanations. Signals on copper cables — and especially data signals, whose sharp transitions produce significantly higher- frequency signals — can also create compromising emanations.
Governments and defense organizations worldwide have instituted stringent network security measures designed to ensure the secure storage and transmission of sensitive and classified data and effectively protect it from adversaries.

   61   62   63   64   65