Emission Security

(EMSEC)

Information Guide





Created March 1997

(TSgt Wilson)


This guide was produced for all EMSEC management personnel to use. Reproduction for the purpose of training personnel or other EMSEC related duties is highly recommended. A copy of this guide is available in a Word 6.0 document. Protect the forest; save some trees. Print only what is needed.
































55 CS/SCBBT

201 Lincoln Highway, Suite 2040

Offutt AFB, Ne

68113-2040

DSN: 271-2045

COMM: (402) 294-2045

TABLE OF CONTENTS


Section Page

I - INTRODUCTION TO EMSEC

Introduction 2

Objective 2

What is EMSEC? 2

Why Should You Be Interested? 2

Policy 2


II - EMSEC INFORMATION

How Can You Help? 4

What Should You Do? 5

How To Minimize the Risk 5

Compromising Emanations 6

Is EMSEC Classified? 7


III - WING EMSEC PROGRAM

Wing EMSEC Manager Responsibilities 8

EMSEC Process 9

EMSEC Assessment 9

EMSEC Countermeasure Review 9


IV - UNIT EMSEC PROGRAM

Unit EMSEC Monitors Duties 12

Unit EMSEC Monitor Training 12

EMSEC Continuity Folder 12


V - TERMS AND DEFINITIONS 13


VI - EXAMPLES

EMSEC Tips While Processing Classified Information on AISs 15

SAMPLE EMSEC Manager Appointment Letter 16

SAMPLE Annual Survey and Classified Equip Processing Letter 17

SAMPLE Request EMSEC Evaluation 18

SECTION I


INTRODUCTION TO EMSEC


1. Introduction. The Air Force Emission Security (EMSEC) program has experienced many changes over the years. Although these changes were attempts to meet the variances of a dynamic world, they require security protection measures far beyond the needs of the average user. We now require a more balanced approach to the control of compromising emanations and must include NONSTOP and HIJACK (definitions of both are classified).


2. Objective. The objective of EMSEC is to identify requirements from the broader view of Information Protection (IP) and provide the appropriate protection at the least possible cost. Key to this is a partnership between the user and the IP office. Together, they assess the need for EMSEC; determine the required countermeasures; advise commanders of vulnerabilities, threats, and risks; and recommend a practical and feasible course of action. The national managers used risk management principles to develop the minimum requirements identified in AFSSM 7011, The Emission Security Countermeasures Review. Since the risk has been accepted at national level, no further risk can be accepted.


3. What is EMSEC? "EMSEC (Emission Security)" is the protection resulting from all measures taken to deny unauthorized persons information of value which might be derived from intercept and analysis of compromising emanations from cryptographic-equipment, automated information systems (AIS), and telecommunications systems.


4. Why Should You Be Interested? Everyone working with electromechanical or electronic equipment and AISs which process classified information should be sure that the equipment or AIS is not an EMSEC risk. To do this, you should know the nature of the problem so that you can be aware of potential EMSEC hazards.


5. Policy. Air Force organizations and contractors acquiring or using systems to process classified information must apply EMSEC proportional to the threat of exploitation and the potential damage to national security if the classified information is compromised.


a. Assess the EMSEC requirement for each aspect (control of compromising emanations, NONSTOP, and HIJACK), the inspectable space, and the specific countermeasures before beginning architectural engineering and facility design, acquiring systems, or beginning engineering and installation.


b. Implement or apply required countermeasures before using systems to process classified information.

c. Operate and maintain systems to preserve the integrity of required countermeasures.


d. Processing classified information without complying with the above requirements is a reportable security incident under AFI 31-401, Information Security Program Management, except as allowed for by either a temporary or permanent waiver.

SECTION II


EMSEC INFORMATION


1. How Can You Help? Understand what EMSEC is and how it threatens security.


a. Use and Maintain TEMPEST Equipment Properly. TEMPEST certified systems or equipment are certified within the requirements of the effective edition of NSTISSAM TEMPEST/1-91, Level I, or TEMPEST specifications as determined by the department or agency concerned. TEMPEST equipment now in use has TEMPEST protection built in. Don't try to defeat it. Be sure all panels are secure, all screws are in place, and all grounds are connected. When maintaining equipment, follow the technical order even if you feel there is a better way. Short cuts can create EMSEC hazards.


b. Observe Telephone Security. Remember, the telephone is our greatest security hazard. It picks up more than the voice of the person holding it, i.e., other voices or equipment sounds in the background. Don't discuss classified information within the area when someone is on the phone. Never leave the phone off the hook. Equipment sounds may reveal the text being processed!


c. Personally Owned Equipment. Personally owned receiving, transmitting, recording, and amplification equipment (such as radios, tape recorders, TVs, and stereos) are all normally prohibited from areas where national security information is being processed. If a personally owned radio or TV is authorized, it does not mean that it is free of all emanations. Keep all radios and other electronic equipment well away from equipment processing classified information--in another room, if possible. Also, don't leave test equipment hooked up to classified processors. A test device, like a radio, can retransmit compromising emanations. Personally owned equipment is prohibited from processing classified.


d. Government Owned Equipment. Government-owned receiving, transmitting, recording, and amplifying equipment, not directly involved in processing national security information (i.e.; radios, receivers, music systems, tape recorders, TV monitors{standard broadcast or closed circuit}, TV cameras, and amplifiers) must be considered mission essential by the local commander and authorized in writing by the facility chief or a responsible official before admittance in any facility. Government-owned equipment introduced into the facility will be considered as RED or BLACK equipment, as appropriate, and is subject to the installation standards of AFI 33-203 and AFSSM 7011.


e. Keep Physically Secure. Be sure normal security rules are followed without fail. It only takes a few seconds to plant a "bug", which can intercept compromising emanations and relate them to an area outside the secure zone. Don't assume that just because they look familiar, they're cleared. Be sure!

f. Don't Provide "Antennas." Power cords and other wires can act as antennas to pick up compromising emanations and pass them on to power lines outside the secure area. Keep all cords as short as possible and as far away from classified processors. Avoid using extension cords and unplug all equipment which is not being used.


g. Watch That Typewriter/Computer! When using an electric typewriter or computer to type classified material, ensure that you comply with guidance in EMSEC guidelines and directives. If you're unsure, contact the wing EMSEC manager. While you're at it, don't forget to check the location of administrative telephones in the area.


h. TEMPEST Equipment Versus Non-TEMPEST Equipment. Recent changes to the TEMPEST guidelines have reduced the requirement for the use of TEMPEST equipment when processing certain types of classified information. Contact the wing EMSEC manager prior to purchasing any equipment.


2. What Should You Do? First, understand what EMSEC is. It is not necessary or expected that everyone have a detailed technical knowledge of EMSEC. However, a basic understanding is essential to appreciate the problem. Second, understand what you can and cannot do about EMSEC. Your unit/user EMSEC monitor or the wing EMSEC manager can answer most of your questions. The wing EMSEC manager can get further information, if necessary, from the MAJCOM EMSEC Office.


3. How To Minimize the Risk. There are several ways:


a. Proper Equipment Design. Low power levels are used in most newly purchased equipment to reduce emanations. Well-grounded metallic shielding and soundproofing will stop most radiated signals. Special power supplies with filters will contain conducted signals of the power lines. Still, there is some danger of compromising emanations even with the newest equipment.


b. Proper Installation. The use of metallic conduit for all power signal lines, along with separation of power signal lines and equipment handling classified information from all other lines and equipment, reduce the danger of compromising emanations. Filters installed on power and phone lines can block conducted signals from leaving a building. Elimination of unused wires or other conductors (such as pipes), reduces the risk of conducting or reflecting signals out of the equipment area. Soundproofing and properly designed ventilation systems prevent sound from escaping and carrying classified information out of the area.


c. Physical Security. Even at best, some compromising emanations will be present. However, they are of no value to an enemy agent unless they can be intercepted. These measures can confine them to a limited area, ideally to the room or building where the classified information is processed. If this area is then protected from intrusion by unauthorized personnel, the danger of compromising emanations reaching the enemy is minimized.

d. EMSEC Inspections. As stated above, all facilities, areas, AISs and equipment processing classified information must be inspected prior to processing classified information. The countermeasures placed on the facility, AIS, area or equipment by the wing EMSEC manager will determine if annual inspection must be accomplished by the Wing IP Office. If necessary, field tests may be run by EMSEC test teams to ensure compromising emanations do not escape from the controlled area.


4. Compromising Emanation (CE). Air Force EMSEC efforts are concerned with the control of compromising emanations at all Air Force organizations with equipment or systems that process classified information. The program objectives of the Air Force are to:


- Identify compromising emanations in equipment and systems


- Apply effective control measures


- Install equipment properly


- Educate personnel about EMSEC


- Test equipment used to process classified


A CE is energy unintentionally emitted from AIS(s) or equipment processing classified information which has some characteristics that make it possible to recover the classified information.


a. Unintentional Signals. Every electronic, electro-optical or electromechanical device, whether or not it was designed as a transmitter, gives off some type of electromagnetic signals, or "emanations." An electric shaver, for example, may radiate strongly enough to interfere with nearby radio or television reception. Transistor radios are banned from airlines because their unintentional signals can interfere with navigational equipment. Equipment may also give off unwanted signals in the form of sound. Proper design minimizes the unintentional signals given off by a device, but some unintentional signals will always be present.


b. Information Bearing Signals. When a device processes information such as printed text or voice, it may "leak" that information through unintentional signals. A common example is "crosstalk" on telephone lines; Signals "leak" from one line to another, and someone else's voice intrudes on your phone call. Equipment that process information in printed text, such as a teletypewriter or electric typewriter, are equally subject to information "leaks."


c. Interceptable Signals. If strong enough, information-bearing unintentional signals may travel through the air or through wires to areas allowing enemy agents to receive them. It is then possible for such an agent to convert the signals to clear text, and read the original message--or listen to the spoken word(s).


d. Signals Disclosing Classified Information. If the message happens to contain classified information and is intercepted, the information could fall into the hands of our enemies. This potential for compromise exists wherever classified information is processed. Unintentional, information-bearing, interceptable signals can carry that information to the enemy. These signals are called "compromising emanations." It is the objective of EMSEC efforts to deny these signals to the enemy, and to preserve EMSEC security.

For a device to emit a compromising signal, there must be classified information within the device. If there is no classified information in the device, then it cannot emit a compromising signal. It may emanate at a level that permits unauthorized recovery of the information being processed; but, if the information is not classified, it is not a compromising emanation. EMSEC, then, is concerned only with the unintended data related signals from devices that process classified information and with devices which, although not processing classified information, are located in areas where classified information is being processed. Often two identical devices may be used, one processing classified information and the other processing unclassified material. Only the device processing classified information is considered from an EMSEC viewpoint.


5. Is EMSEC Classified? A lot of EMSEC information is classified. Any information that indicates an EMSEC weakness in a facility will always be classified. If in doubt, play it safe and visit your Wing IP Office and talk to the wing EMSEC manager.

SECTION III


WING EMSEC PROGRAM


1. What are some Wing EMSEC Manager responsibilities? The Wing EMSEC Manager has various duties. These duties include:


a. Conduct and document initial EMSEC assessment and countermeasure reviews of all facilities, AISs, areas and equipment that process classified information.


b. Conduct an annual inspection of facilities, AISs, areas and equipment that a countermeasure requires annual EMSEC inspection IAW AFI 33-203.


c. Request EMSEC Test and Evaluations as required.


d. Develop and update as necessary, a directive to implement the Air Force EMSEC program at the wing level.


e. Maintain and document a training program for unit EMSEC monitors.


f. Maintain and document a customer education program to educate all personnel on EMSEC and their role in the EMSEC program. The customer education program will include items published in the official bulletin, briefings, information letters, and articles in the base newspaper.


g. Be a point of contact for all EMSEC matters for the wing. This includes assisting both the unit/user EMSEC monitors and the MAJCOM EMSEC office with emission security matters pertaining to Offutt AFB.


h. Ensure follow-up inspections are done on all facilities with discrepancies identified during initial/annual EMSEC inspections and that the appropriate temporary or permanent waiver request is submitted before processing classified information. Follow-up contact with the unit EMSEC monitor on systems, facilities, or equipment that is operating under a temporary waiver should be conducted monthly to ensure corrective action is being taken on any discrepancies identified during the initial/annual EMSEC inspection.


i. Assist in the installation or relocation of classified processing equipment. Also, participate in the planning of new or reconfigured base classified processing facilities.


j. Develop and update as necessary, an EMSEC Information Guide. The information guide should explain the Air Force and Offutt AFB EMSEC program and the unit monitor's responsibilities.


2. EMSEC Process. Assess equipment and facilities to determine the need for EMSEC (control of compromising emanations, NONSTOP, and HIJACK); determine which countermeasures are required; validate the required countermeasures; implement or apply the required countermeasures; and periodically re-assess EMSEC requirements.


The countermeasures review (initial inspection) is the basis for the EMSEC inspection. The Unit EMSEC monitor must ensure that all deficiencies are corrected that were identified during the wing EMSEC manager's inspection or request a temporary or permanent waiver before processing classified information.


a. Initial. The Wing EMSEC Manager will make an initial inspection on all C4 facilities, AISs, and equipment before processing classified information. An initial EMSEC inspection is also required after a C4 facility, AIS, or equipment is reconfigured, repositioned, renovated, or relocated.


b. Annual. The Wing EMSEC Manager makes an annual inspection to ensure EMSEC CMs are still effective. An on-site inspection is required only for equipment or facilities that process TOP SECRET information. The wing EMSEC manager will send an annual equipment listing to unit EMSEC monitors that have equipment or facilities that process classified information that is SECRET or below. This list will be endorsed back to the wing EMSEC manager verifying that the facility, AIS or equipment identified is still being used to process classified information. If equipment has been turned in, the item will be lined through by the unit/user EMSEC monitor.


3. The EMSEC Assessment. This determines the need for EMSEC on a system that processes classified information.


a. The using organization determines if the system will process classified information. If the system will process classified information, you must contact the wing EMSEC manager at extension 4-2045.


b. The Wing EMSEC Manager determines the required countermeasures and specific installation procedures according to EMSEC guidelines/procedures based on classification level and the amount of information processed. There are three parts to the assessment: control of compromising emanations, NONSTOP, and HIJACK. Each part has three outcomes: Not applicable; no countermeasures are required; or countermeasures are required. The Wing EMSEC Manager will explain these to you, and what will be required of you.


4. The EMSEC Countermeasure Review. There are three reviews required to identify countermeasure requirements; control of compromising emanations, NONSTOP, and HIJACK. The countermeasure review will be documented on an AFCOMSEC Form 7001, which is classified when filled in. These are explained below:


a. The Control of Compromising Emanations Countermeasure Review. This review uses the inspectable space, the equipment TEMPEST characteristics, and the facility characteristics to determine the required countermeasures that need to be applied.


b. The NONSTOP Countermeasure Review. This review uses distance, the equipment TEMPEST characteristics, and the facility characteristics to determine the required countermeasures that need to be applied. The possibility that compromising emanations can escape is a function of many variables. Chief among these are the:


(1) Separation distance between RED processors and radio equipment.

(2) Radiation characteristics of the system(s) processing classified information.

(3) Radio frequency attenuation offered by the facility containing the systems

processing classified information.


c. The HIJACK Countermeasure Review. This review uses the type of information processed to determine the required countermeasures that need to be applied. When the need for HIJACK countermeasures is indicated by the HIJACK assessment, the HIJACK countermeasure review determines the required countermeasures. The possibility of the escape of classified information is a function of many variables. Chief among these are the:


(1) Separation distance between RED processors and cryptographic equipment.

(2) Radiation characteristics of the systems processing classified information.

(3) Type of information processed.

SECTION IV


UNIT EMSEC PROGRAM


1. Unit EMSEC Monitors Duties. You have been appointed as your unit's EMSEC monitor and now you ask, "What does an EMSEC monitor do?" Your primary job is to advise and assist your unit commander in identifying, controlling, and/or eliminating compromising emanations associated with electrical processing of classified information. This guide was developed to assist you in managing your unit's EMSEC program.


The unit EMSEC monitor should perform, at a minimum, the following duties:


a. Notify the wing EMSEC manager of any changes in the name, office symbol, phone number, clearance of unit EMSEC monitors.


b. Be a point of contact for the wing EMSEC manager on all EMSEC matters concerning your unit.


c. Develop, and update as necessary, a list of all AISs and equipment in your unit that are used to process classified information. This list must include the location of the classified processing AIS and equipment. A copy of this list must be provided to the Wing IP Office (55 CS/SCBBT). Units/agencies that have equipment or facilities that process TOP SECRET information, must also provide the Wing IP Office with a room/building drawing where the AIS or equipment is located. The drawing must show where the classified processor is located. During the annual EMSEC inspection, the Wing EMSEC inspector will check to make sure that the AIS or equipment has not been moved. Classified processors cannot be moved unless prior coordination has been accomplished with the Wing IP Office.


d. As a minimum, maintain a current copy of AFI 33-203 and OAFBI 33-11 (when published), and this guide.


e. Maintain a file for all correspondence concerning EMSEC for your unit.


f. Conduct initial and annual EMSEC training for all personnel who operate or maintain equipment/systems which process classified information. Initial training should be accomplished within 60 days of assignment to your unit (this could be accomplished by adding initial EMSEC training to your unit's/agencies in-processing list).


g. Conduct and document follow-up EMSEC inspections on all facilities where discrepancies were identified during the wing EMSEC inspection. NOTE: The processing of classified information cannot be accomplished unless a temporary or permanent waiver has been approved. Inspections on facilities operating under a temporary waiver should be conducted monthly until the discrepancy(s) are closed. Ensure that the wing EMSEC manager is advised monthly on the status of these inspections.


h. Ensure that all AISs obtain a Designated Approving Authority (DAA) approval prior to operating. A countermeasure review or EMSEC inspection does not constitute approval to operate the AIS(s). You must work together with your unit Computer Security Manager (UCM) and the user(s) of the AIS(s) to ensure that the appropriate DAA approval is obtained prior to operating the AIS. Operating an AIS without an appropriated approval could result in punishment under Article 92, of the UCMJ. If you have any questions on DAA approval , contact your UCM or the Wing Information Protection office.


2. Unit EMSEC Monitor Training. Receive training from the wing EMSEC manager. The Wing EMSEC Manager will conduct training using this EMSEC Training Guide. Training is documented and filed in the appropriate unit/user EMSEC folder that is maintained in the Wing Information Protection Office.


3. EMSEC Continuity Folder. Unit/user EMSEC monitors will maintain a continuity folder with directions from the wing EMSEC manager. Following sections will be required in the continuity folder:


- Appointment Letter

- Facility Ground Checks

- Meeting Minutes and Misc.

- Self-Inspection Checklist

- Annual Survey Letter and Equipment Listing

- Approval to Operate letter


Reference our EMSEC Training Guide (available upon request) for further details on maintaining a continuity folder.

SECTION V


TERMS AND DEFINITIONS


1. BLACK - Any information or equipment which carries information that is unclassified.


2. Compromising Emanation (CE) - Unintentional signal that, if intercepted and analyzed, would disclose the classified information transferred, received, handled, or otherwise processed by any information-processing equipment.


3. Countermeasure (CM) - The form of military science that by the employment of devices and/or techniques, has as its objective the impairment of operational effectiveness of enemy activity. Any action, device, procedure, technique, or other means that reduces the vulnerability of an Automated Information System.


4. Countermeasures Review - A technical evaluation of a facility to identify the inspectable space, the required countermeasures, and the most cost effective way to apply required countermeasures.


5. Emanation - Unintended signals or noise appearing external to an equipment.


6. Emission Security (EMSEC) - The protection resulting from all measures taken to deny unauthorized persons information of value which might be derived from intercept and analysis of compromising emanations from cryptographic-equipment, Automated Information Systems, and telecommunications systems.


7. EMSEC Assessment - An evaluation of a facility to determine the need for EMSEC.


8. EMSEC Countermeasure Review - A review of a facility to determine needed countermeasures.


9. HIJACK - The definition of HIJACK is classified.


10. NONSTOP - The definition of NONSTOP is classified.


11. RED - Any information or equipment which carries information that is classified.


12. RED and BLACK Concept - Separation of electrical and electronic circuits, components, equipment, and systems which handle classified plain text (RED) information in electrical signal form from those which handle unclassified (BLACK) information in the same form.


13. TEMPEST - Short name referring to the investigation, study, and control of compromising emanations from telecommunications and AIS systems equipment.


14. TEMPEST Certified Equipment - Systems or equipment which were certified within the requirements of the effective edition of NSTISSAM TEMPEST/1-91, Level I, or TEMPEST specifications as determined by the department or agency concerned

SECTION VI


EMSEC TIPS WHILE PROCESSING CLASSIFIED ON

AUTOMATED INFORMATION SYSTEMS


1. DO NOT process classified information on any equipment that has not been approved to process classified information by the Wing Information Protection Office.


2. DO NOT put telephones on the same metallic desk as the classified processing equipment.


3. Keep telephones and telephone lines as far away from the AIS equipment as possible. NOTE: During the initial wing EMSEC inspection/countermeasure assessment, you will be advised as to where the equipment must be placed, DO NOT MOVE THE EQUIPMENT OR PLACE ANY TELEPHONE'S, RADIO'S, OR TV'S NEXT TO THIS EQUIPMENT. Contact your unit/user EMSEC monitor or the wing EMSEC manager if you are not sure of the separation distance required from telephones, radios, etc.


4. Keep all buttons "up" on telephones when not in use.


5. Stop typing when a telephone is off-hook.


THESE ARE THE MINIMUM GUIDELINES FOR USING AUTOMATED INFORMATION SYSTEMS TO PROCESS CLASSIFIED INFORMATION. IF YOU ARE NOT SURE, ASK THE WING INFORMATION PROTECTION OFFICE FOR MORE INFORMATION.

SAMPLE EMSEC MANAGER APPOINTMENT LETTER

Date




MEMORANDUM FOR 55 CS/SCBBT


FROM: (Organization/Office Symbol)


SUBJECT: Appointment of Unit Emission Security (EMSEC) Manager


1. The following individuals have been appointed as primary/alternate unit EMSEC manager(s):


NAME/RANK CLEARANCE EXT. PRI/ALT


Smith, John D./1Lt Secret 1111 Primary

Jones, Paul M./SSgt Top Secret 1112 Alternate


2. Security clearances have been verified by the Unit Security Manager.




JOE E. FRANKS, Lt Col, USAF

Commander, (your unit)



NOTE: Appointment letters must be signed by the Unit Commander.


NOTE: Forward original copy of appointment letter to the Wing Information Protection Office (55 CS/SCBBT).

SAMPLE ANNUAL CLASSIFIED EQUIPMENT PROCESSING LETTER

Date



MEMORANDUM FOR 55 CS/SCBBT


FROM: (Unit)


SUBJECT: Annual Classified Equipment Processing Letter


1. In accordance with OAFBI 33-11, para 2.3.2, this unit processes classified material in electronic, electrical, and electromechanical from outside of a SCIF.


2. In accordance with OAFBI 33-11, para, this unit processes classified material on the following equipment located in bldg xx, room x.


MANUFACTURER MODEL SERIAL DATE LAST EMSEC INSPECTION


GTSI 466DX2 25BNAV 10 Jan 97


IBM 4029 12-12345 10 Jan 97


CODEX LSI 9600 278450 10 Jan 97





JOE E. FRANKS, MSgt, USAF

Unit EMSEC Monitor


SAMPLE REQUEST FOR EMSEC EVALUATION

Date



MEMORANDUM FOR 55 CS/SCBBT


FROM: (Organization/Office Symbol)


SUBJECT: Request EMSEC Evaluation



1. Request an EMSEC countermeasure assessment and review be conducted on the following systems/facilities:


a. Zenith ZCV-1-AA Computer

Zenith ZVM-122-T Monitor

Genicom 3184 Printer


b. Zenith ZVD-0004-AB Computer

Zenith ZVM-133-T Monitor

Dataproducts TCG200 Printer


2. Percentages of data processed:


a. TS-0 S-20 C-10 U-70


b. TS-1 S-29 C-5 U-65


3. Does any system process Special Category Information: Yes or No


4. How many hours per day is information processed:


a. 4


b. 6


5. Location of equipment/system:


a. Bldg. 500, Rm 2X6


b. Bldg. 500, Rm 2X7


6. POC is Capt Saturn, 4-4321.




JOHN H. DOE, TSgt, USAF

Unit EMSEC Monitor