5 June 1998 link to Tempest Security Systems, Inc. [now dead]
Progressive Architecture, March 1995, pp. 82-84.
A variety of strategies and technologies are now available to architects to thwart electronic surveillance of buildings.
by George R. Wilson
The author is an architect who consults on security issues and lives in Tuckahoe, New York. More technical information for architects on security is available in ITEM, a journal published by Robar Industries of West Conshohocken, Pennsylvania.
Abstract
Most office buildings are designed to stop physical intrusion, but electronic surveillance makes it easy to lift computer data and to eavesdrop on meetings. The author discusses a number of techniques the architect can use to deter electronic surveillance, including metal shielding and specially designed windows.
A confidential meeting is in progress in the executive offices of a large corporation. Spreadsheets and proposals involving new product development that represent millions of dollars in research and development are displayed on computer screens. At the same time, outside the building and three stories below, someone in an innocuous-looking van is electronically reproducing all of the information displayed on the computer screens above - information eagerly sought by and quickly sold to the corporation's competitors. Electromagnetic radiation from computer screens is easily and inexpensively accessible to anyone once it leaves the corporation's premises, and its reproduction is legal.
The scenario above represents a security issue that is little known to and understood by architects and is just one of many ways confidential corporate data are at risk to interception. As documented in Peter Schweizer's recent book, Friendly Spies, there are many people with the training to use ingenious ways to gather information from American businesses.
With dialogue that might come from a Le Carre novel, Dr. James Hearn, Deputy Director for Information Systems Security, National Security Agency (NSA), brought members of the House Subcommittee on Economic and Commercial Law face to face with the new reality of business. Despite old Cold War alliances, even friendly nations are willing to use their spy agencies to gather American corporate secrets. Pierre Marion, the former head of French intelligence, admitted on NBC's "Dateline" that the U.S. and France are not allied on economic matters, which was his justification for spying on IBM, Corning, and Texas Instruments.
Readily obtainable, inexpensive technology is capable of breaching corporate security and can be used to steal vital corporate information. We exist in the age of information and, as Hearn emphasized, "if people understand and appreciate the value of the information they hold and the value of keeping it from their competitors, we will take a major step toward reducing the vulnerability of our information systems." Further, Hearn added, "Information has value; in fact, information is equity and there must be a focus in protecting that asset ...."
Electronic Eavesdropping
Within the electronic office there are routine security measures to protect valuable information. Besides locks or passwords, encryption can be used to code all information at the point of interface with the computer operator. Yet such encryption can easily be breached. All electronic circuitry emits an electromagnetic field. The more powerful the source or the density of the circuitry, the more powerful the field. A handheld calculator gives off a field that can be measured several feet away. Computers, even desktop models, give off emissions that can be picked up as far away as half a mile. Most of these emissions are "behind" the encrypted interface and therefore are not coded. The computer processor, busy with millions of operations a second, gives off a discernible signal. The emissions from the computer screen can be clearly reproduced at a remote distance. The equipment necessary includes a broad band radio scanner, a good antenna, and a TV set - all available at electronics stores such as Radio Shack for a few hundred dollars.
Various surveillance techniques developed during the Cold War can be used to eavesdrop on a business meeting whose members are completely oblivious of the surveillance. The techniques include the use of a laser beam pointed at the outside of the window of the room in which the meeting is taking place. The laser picks up vibrations on the glass, causing variations in the beam. A converter can electronically reproduce the conversation.
Designing the Electronic Fortress
Architects need to be aware of these potential breaches in business security. Buildings not only house people, but must also shelter sensitive information.
The technology of electromagnetic or radio frequency (RF) shielding has been around for some time; the State and Defense departments have used it for years in a variety of facilities to ensure that information relating to national security does not fall into the wrong hands. RF shielding materials incorporated within a building's structure provide a high level of background security that is crash proof. Airborne emissions from a computer are contained and dissipate. Electronic bugs cannot transmit conversations from a shielded room.
The electromagnetic spectrum covers an infinite range of frequencies from large to small. In the middle range are frequencies that are used for radio and television transmission. The Faraday "cage" principle is required to shield an enclosed environment from the passage of radio signals. This cage is a continuous electrically conductive membrane that catches a signal and conducts it to ground. A whole industry has developed to construct such facilities for the Defense and State departments and their contractors. Shielded facilities often resembled vaults. The technologies are rarely found in private sector office environments, particularly those where appearance is of any concern.
The rating of protection against leakage of electromagnetic fields is measured in decibels (dB) of attenuation. Government facilities are usually designed for 100 dB of signal attenuation across a broad band-width. This level of protection theoretically ensures 100 percent loss of any signal across the membrane. To achieve this, the membrane usually consists of steel plating for walls, floors, and ceilings. Heavy steel doors are used with delicate copper finger stock seals at all joints which require frequent maintenance. The cost of these systems is approximately $50 per square foot of shield surface area.
With the rise in the sophistication and the intensity of threats to business security, there has been an increase in the sophistication and cost effectiveness of the palette of high performance materials available. Companies that have catered to the government's security needs now see the private sector as a new market. Shielding technology for private business must be more cost effective and more attractive than that used by the government. Secure rooms have to meet the same criteria of attractiveness, cost efficiency, functionality, and design flexibility that businesses require of all their facilities. There have been significant and rapid advances in the attractiveness, performance, and cost of shielding materials. Special wall fabrics and paints provide a high level of security, while shielding glass or advanced metal screens can protect windows.
Research into the nature of the emissions of electronic office technology indicates that they are not so broad-band. An attenuation of 60 dB will stop more than 99.9 percent of the information emanating from such machines. Businesses have yet to develop a commercial specification standard for signal attenuation, so architects must be judicious in their selection of materials and must beware of false claims of effectiveness.
Electronic Nets
Fabric technologies that are by-products of defense and aerospace research and development are now viable for shielding private sector businesses. One such device uses a sophisticated nonwoven fabric with fibers running in random directions, which shields electronic emissions in other than the X or Y-axis. This nonwoven fabric is then covered with an electronically conductive metallic coating. The latest variation provides broad-band shielding ability where electromagnetic waves are randomly refracted and reflected as they try to penetrate. In the end this results in a relatively broad-band shielding level of 60 dB. Copper foils can also be used for the same purpose, although these delicate foils require special care during installation. All joints between sheets require soldered connections.
The past few years have brought a proliferation of fabric materials that have matched the nonwoven ones in shielding ability. Additionally there are now metallic shielding paints available. While these create a metallic shielding film with the stroke of a brush, the increased regulation of the volatile chemicals used in such paints and the high level of precision necessary to achieve the needed uniform thickness make future use of these paints uncertain.
Secure corporate interiors require viable transparent shielding material for windows. To give glass electromagnetic shielding properties, it is possible to use "off-the-shelf" materials. A British manufacturer has combined various coatings used to achieve high shading coefficients into a laminated composition glass. This product provides an advertised shielding level of 60 dB when it is a component of a complete shielded wall system.
Less costly alternatives to this imported product for shielding windows include fine metal screens that are inserted in a standard glass window and continuously integrated with the wall shield. These are far less expensive than shielded glass and provide up to 50 dB attenuation (95 percent protection) but they have the drawback of being visible and can obscure the view.
Wiring, including electric, telephone, cable TV, and computers, is best designed with the fewest number of shield penetrations. Because such wiring acts as an antenna broadcasting information through the shield, filters are required at the point of penetration. One may choose among a variety of manufacturers of such filters, which are usually inexpensive, and small enough to fit within typical wall construction.
Specifier Beware
The market for shielding products is rife with exaggerated claims of exceptional performance. Some products have not been thoroughly tested and provide only limited broad-band shielding.
To evaluate manufacturer claims, a comprehensive, viable, scientifically based commercial standard specification is needed. Such a specification would set minimum design levels of shielding attenuation, would describe recommended before-and-after-system testing procedures, and would force manufacturers to be forthcoming with actual performance capabilities.
An informed architect conferring with a security-sensitive client can bring to the table knowledge of the risks the client faces and solutions to security needs. Businesses that have been stung by losses through weak security usually insist on a secure building envelope, but other businesses remain blissfully ignorant of the risks. The most knowledgeable people within the client's business are those who handle security issues, and they should be included in discussions regarding a building's security. Knowing the potential security risks for a client, and how to minimize them, will continue to be a growing service opportunity for architects.
Fabrics, such as this one manufactured by Faraday Systems (1), are placed within the walls to shield the room from electronic surveillance. Shielded glass (2), known as Datastop by Pilkington, is used on a federal building in Oklahoma City, designed by Frankfurt Short Bruza Architects.
3 Shielded Room Section; 4 Shielded Room Plan
Security Product Information
See related article on more general architectural security.
Thanks to the author and the late, lamented P/A.
http://cryptome.info/0001/nsa-tempest.htm
For a broad survey of TEMPEST electronic surveillance see:
http://www.eskimo.com/~joelm/tempest.html [now dead; mirror:]http://cryptome.org/2014/04/complete_unofficial_tempest_page.pdf
See US Army Corps of Engineers on TEMPEST protection:
http://cryptome.org/jya/emp.htm