Page 65 - 2019 Mil/Aero eBook
P. 65

fibers don’t radiate or emit signals and would thus have to be physically compromised in order to intercept communications. However, fiber optic network equipment is more costly than equivalent copper components and also results in higher maintenance costs by virtue or requiring more maintenance than copper.
Copper networks are commonly used for classified communications, but require very specific installation practices, such as those defined by the NSTISSAM TEMPEST/2-95 RED/BLACK separation guidelines. In RED/BLACK protocols, the RED cabling and equipment, which is dedicated to handling unencrypted classified information, is separated and/or shielded from the BLACK cabling and equipment, which is dedicated to handling properly encrypted SNI and unclassified data, to prevent coupling. RED equipment and cabling are also protected from both unauthorized external access as well as proximity to other potential signal radiators. Equipment that could potentially listen to, carry, or propagate emanations, such as cell phones and radios, is forbidden in RED zones.
Shielded copper cables provide an additional layer of physical security by significantly limiting emissions. In theory, this approach would allow for reduced RED/BLACK separation distances and potentially less complicated network architectures, but TEMPEST installation practices may not allow this reduction in practice. Still, shielded cable is mandated for all higher-level security, inspectable space, and threat levels. The use of shielded cable can reduce cable separations, eliminate or reduce the need for signal isolation and filtering, and can reduce or even eliminate the need for additional cable shielding or other network shielding. Shielded cable can also be used for BLACK cabling and equipment to further prevent them from receiving or emanating external signals. As such, shielded cable is usually required for use with TEMPEST-approved equipment,
Siemon’s fully shielded, Category 7A, 1,200MHz end-to-end cabling solution features individual foils around each twisted pair coupled with an outer braid, exceeds all ISO/IEC requirements for Cat 7A/Class FA transmission performance, is qualified for mechanical reliability in high-temperature environments up to 75°C, and is amongst the most secure and highest performing twisted-pair copper cabling systems available on today’s market.
Foil-shielded unshielded-twisted-pair (UTP) cable has one overall foil shield surrounding four unshielded twisted pairs and is traditionally used when shielded cable is specified; although it may not be sufficient for all TEMPEST installations. In such cases, additional signal isolation can be provided with braided shields, tighter braids, foil with braids, or individual-pair shields with an overall foil shield. Metallic distribution systems and facilities themselves can also provide signal isolation. But, regardless of the approach, TEMPEST installations must employ cables, equipment, and network configurations expressly designed to limit any emanated signals to within defined controlled or inspectable spaces.
Most federal agencies dealing with classified information employ certified TEMPEST technical authorities (CTTAs) to advise on and ultimately approve classified system installations. CTTAs undergo significant TEMPEST training to learn how to optimally balance RED/BLACK security criteria against the potential threats to a given system and achieve cost-effective, TEMPEST-approved network security solutions. There is less of a need for TEMPEST security in certain areas, including as those with a large controlled or inspectable space around the secured network system components, and more of a need for TEMPEST security in areas with minimal controlled or inspectable spaces but, per the National Security Telecommunications and Information Systems Security Instruction #7000 (NSTISSI 7000), only a certified TEMPEST technical authority can identify inspectable spaces and necessary levels of protection criteria.

   63   64   65   66   67