All electric and electronic devices radiate energy that is mostly heat, but one part of that energy is emanated in a form of electromagnetic waves which correlate with information processed, stored or transmitted within equipment. That gives to an unauthorized person possibility to gain access to information.

In order to response to this type of threats, TEMPEST protection measures should be applied. TEMPEST refers to investigation and study of compromising emanation propagated as electromagnetic emanation and/or unintentional electrical conductivity from equipment and system. TEMPEST is a subset of information system protective measures that are used to protect information classified as CONFIDENTIAL, SECRET, and TOP SECRET from its disclosure through electromagnetic emanation and/or electrical conductivity.

Implementation of TEMPEST protective measures makes a risk of information interception acceptable. TEMPEST measures include three levels of protection:

  • Facility TEMPEST zoning
  • Equipment TEMPEST zoning
  • Project and installation requirements for equipment and facility.
Facility TEMPEST zoning is a procedure of assigning an appropriate facility TEMPEST zone to a certain facility, considering criteria of measurement or distance limitations. In both case scenarios facility is valuated from the perspective of its capabilities to reduce signal strength.

Equipment TEMPEST zoning is a procedure of laboratory equipment measurement, or measurement on the site, for the purpose of determining the nature and value of conductive or emanated signals which contain compromising emanations, including signals detection and measurement, their analysis, and relation between received signals and those potentially compromising.

All facility TEMPEST zones and TEMPEST zones of equipment on which information classified as CONFIDENTIAL, SECRET or TOP SECRET is processed, stored or transmitted, must comply with general and specific installation requirements of the facility TEMPEST zone and equipment TEMPEST zone in accordance with information system’s degree of secrecy.

Implementation of TEMPEST protection measures, along with technical security measures for facility and equipment protection, creates a set of measures applicable to the specific security environment.