21 November 1998
Note: The Webmaster of the AF source of this document confirms that this document is unclassified and available for public use. Deletions (-----) in the original.

For comprehensive public TEMPEST information: http://www.eskimo.com/~joelm/tempest.html


BY ORDER OF THE
SECRETARY OF THE AIR FORCE

AIR FORCE SYSTEMS SECURITY INSTRUCTION 7010

1 MAY 1998

Communications and Information

* EMISSION SECURITY ASSESSMENTS (U)

COMPLIANCE WITH THIS PUBLICATION IS MANDATORY


NOTICE: This publication is available digitally on 3-1/2 inch floppy diskette. Contact your MAJCOM IP office for a copy.


OPR: HQ AFCS/GCIS (Dwight Bohl)
Supercedes AFSSI 7010, 1 August 1996         

Certified by: HQ AFCIC/SYNI (Neil Knowles)
Pages: 40
Distribution: F


* (U) According to Air Force Instruction (AFI) 33-203, Emission Security, as a part of information protection (IP), this instruction provides the procedures to make the emission security (EMSEC) assessments for the control of compromising emanations, NONSTOP, and HIJACK. It interfaces with Air Force Systems Security Memorandum (AFSSM) 7011, Emission Security Countermeasures Reviews. Use of classified extracts of this instruction for local use is permitted. Direct questions and comments on the contents of this instruction through appropriate command channels to Headquarters Air Force Communications Agency (HQ AFCA/GCI), 203 W. Losey Street, Room 2040, Scott AFB IL 62225-5234. Refer recommended changes and conflicts between this and other publications, using Air Force (AF) Form 847, Recommendation for Change of Publication, to HQ AFCA/GCIS, 203 W. Losey Street, Room 2040, Scott AFB IL 62225-5234.

(U) Restrict this instruction to official activities of U.S. Government organizations and to contractors who are under contract to perform the procedures described herein. Recover this instruction immediately upon completion or termination of the contract. Contracting officers may make this instruction a part of a bidders library where cleared prospective bidders may view it. The Air Force may issue this instruction to other nongovernmental organizations on a case-by-case basis; contact HQ AFCA/GCIS for approval. The Freedom of Information Act does not provide for the general release of this instruction.

(U) Do not release this instruction or disclose the information it contains to foreign nationals without prior specific approval from HQ AFCA/GCIS. All requests for release or disclosure must identify the specific information or copies of this instruction requested for release and the specific foreign holders receiving the information. Send all requests for additional release to HQ AFCA/GCIS.

(U) The overall classification of this document is stamped at the top and bottom of each page to achieve production efficiency. The table of contents and authentication elements are unclassified which accounts for the absence of portion classification markings in those areas.


(UC) SUMMARY OF REVISIONS (U)

(UC) This document was substantially revised and must be completely reviewed. This revision removes IP requirements (paragraph 1.3) from the EMSEC process and moves validation instructions to AFSSM 7011. It revises what is excepted from the EMSEC assessments process (Chapter 2) and moves defining the inspectable space to AFSSM 7011. It introduces the requirement to include the volume of information (paragraph 3.7) in the basic EMSEC assessments data. It clarifies ----- - ----- requirements for commercial broadcast ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- -----(Table 5.1), and adds ----- ----- precautions (paragraph 5.7) when ----- ----- countermeasures are not required. It identifies sensitive ----- ----- ----- ----- ----- -----(Attachment 4) for the ----- ----- process. It moves Secure Telephone Unit (STU)-III guidance from the exception chapter to the HIJACK chapter (Chapter 6) and adds guidance for the cryptographic system KIV-7 (Chapter 6). It removes the guidance for cryptographic equipment used to protect unclassified information from the EMSEC assessments process (paragraph 6.4). It adds instructions for EMSEC certification (paragraph 7.7) and adds numerous tips and guidance throughout the instruction. It replaces AFI 33-203 as the prescribing publication for Air Force Communications Security (AFCOMSEC) Form 7001, Emission Security Assessments/Emission Security Countermeasures Reviews. The * symbol indicates new or changed information.

Chapter 1 Introduction, Responsibilities, and IP Requirements (U)

1.1. (U) Introduction
1.2. (U) Responsibilities
1.3. (U) IP Requirements

Chapter 2 Exceptions to the EMSEC Assessment Process (U)

2.1. (U) Introduction
2.2 (U) Typewriters
2.3. (U) Tactical Systems
2.4. (U) Deployable Systems
2.5. (U) Aircraft
2.6. (U) Secure Telephone Unit III

Chapter 3 Basic EMSEC Assessments Data (U)

3.1. (U) Introduction
3.2. (U) Basic EMSEC Assessments Data
3.3. (U) Define the Scope of the Assessments
3.4. (U) Equipment, System, or Facility
3.5. (U) Location
3.6. (U) Classification Level
3.7. (U) Volume and Percentage Information
3.8. (U) The Geographic Location

Chapter 4 The Control of Compromising Emanations Assessment (U)

4.1. (U) Introduction
4.2. (U) Determining the Requirement to Control Compromising Emanations
4.3. (U) Documenting the Requirement to Control Compromising Emanations
4.4. (U) Requirement to Control Compromising Emanations

Chapter 5 The NONSTOP Assessment (U)

5.1. (U) Introduction
5.2. (U) Identify Transmitters and Receivers
5.3. (UC) Identify Signal and Control Lines To and From ----- ----- ----- -----
5.4. (U) Determining the Requirement for NONSTOP Countermeasures
5.5. (U) Special NONSTOP Guidance
5.6. (U) Documenting the Requirement for NONSTOP Countermeasures
5.7. (U) NONSTOP Precautions
5.8. (U) Requirement for NONSTOP Countermeasures

Chapter 6 The HIJACK Assessment (U)

6.1. (U) Introduction
6.2. (U) Determining the Requirement for HIJACK Countermeasures
6.3. (U) Documenting the Requirement for HIJACK Countermeasures
6.4. (U) Special HIJACK Guidance
6.5. (U) Requirement for HIJACK Countermeasures

Chapter 7 Completing the EMSEC Assessments (U)

7.1. (U) Introduction
7.2. (U) Classification Marking
7.3. (U) Authentication Documentation
7.4. (U) Validation
7.5. (U) Inform the User
7.6. (U) Date
7.7. (U) EMSEC Certification
7.8. (U) File Copy
7.9. (U) Form Prescribed

(U) Tables

4.1. (U) Requirement to Control Compromising Emanations (U)
5.1. (U) Requirement to Apply NONSTOP Countermeasures (U)

(U) Figures

A2.1. (U) State Change in an Electronic Circuit (U)
A5.1. (U) Sample Completed EMSEC Assessments Documentation (U)

(U) Attachments

1. (US) Glossary of Terms and Supporting Information (U)
2. (US) The Emission Security Problem (U)
3. (U) Defining the Scope of the Assessments (U)
* 4. (UC) Sensitive Areas Within the United States (U)
5. (UC) Documenting the EMSEC Assessments (U)


Chapter 1

INTRODUCTION, RESPONSIBILITIES, AND IP REQUIREMENTS (U)

1.1. (U) Introduction. An understanding of the EMSEC problem is essential to meeting EMSEC goals. The EMSEC problem is explained in Attachment 2. The objective of EMSEC is to identify requirements from the broader view of IP and provide the appropriate protection at the least possible cost. Key to this is a partnership between the IP office and the user. The wing IP office assesses the need for EMSEC as part of IP; it determines the required countermeasures; advises commanders of vulnerabilities, threats, and risks; and recommends a practical course of action. The user identifies the systems that will process classified national security information; the volume, relative sensitivity, and perishability of the information; the physical control measures in effect around the area that will process classified national security information; and applies identified countermeasures. The national managers used risk management principles to develop the minimum requirements identified in this instruction. Since the risk has been accepted at the national level, no further risk can be accepted.

1.2. (U) Responsibilities. These responsibilities are assigned:

1.2.1. (U) AFCA:
1.2.1.1. (U) Certified TEMPEST Technical Authority (CTTA) responsibility.

1.2.1.2. (U) Distribute guidance on the domestic and foreign threat environment provided by the National Security Agency.

1.2.1.3. (U) Make EMSEC assessments when requested.

1.2.1.4. (U) Make EMSEC countermeasures reviews when requested.

1.2.1.5. (U) Manage the EMSEC portion of IP for the Air Force.

1.2.2. (U) Major Command (MAJCOM) IP Office:

1.2.2.1. (U) Assist subordinate wing IP offices by making EMSEC assessments, countermeasures reviews, and inspections when you permit a wing to not have a wing IP office.

1.2.2.2. (U) Make EMSEC assessments for your MAJCOM programs.

1.2.2.3. (U) Make EMSEC assessments when your MAJCOM is identified as the lead command for a program.

1.2.2.4. (U) Manage the EMSEC portion of IP for your MAJCOM.

1.2.3. (U) Wing IP Office:

1.2.3.1. (U) Make EMSEC assessments of all systems that process classified national security information on the base; include those of tenant organizations unless other formal agreements are made according to AFI 33-203.

1.2.3.2. (U) Make EMSEC countermeasures reviews, when required.

1.2.3.3. (U) Make EMSEC inspections, as required.

1.2.3.4. (U) Certify systems as meeting EMSEC requirements.

1.2.3.5. (U) Maintain a file of all current EMSEC assessments and countermeasures reviews.

1.2.3.6. (U) Manage the EMSEC portion of IP for the base.

1.2.4. (U) Program Managers. Program managers are responsible for early coordination with the appropriate IP office, special category (SPECAT) EMSEC person, or CTTA according to AFI 33-203.

1.2.4.1. (U) Make sure EMSEC requirements are included in mission need statements, operation requirement documents, etc.

1.2.4.2. (U) Identify EMSEC requirements at locations where the system will be used.

1.2.5. (U) Air Force Users.

1.2.5.1. (U) Contact the local IP office as soon as you know classified national security information will be processed.

1.2.5.2. (U) Implement or apply required countermeasures.

1.2.5.3. (U) Maintain the required countermeasures to the as-implemented or as-installed condition.

* 1.3. (U) IP Requirements. When processing classified national security information, all users are reminded they must meet the following minimum IP requirements established in AFSSI 4100 (C), Communications Security Program (U) (will be replaced by AFI 33-201 [S]), without exception:

1.3.1. (U) To prevent crosstalk:
1.3.1.1. (U) Separate RED equipment from BLACK signal wire lines by 0.5 meters. This separation is not required for fiber optic cables.

1.3.1.2. (U) Do not let telephone instruments touch RED equipment.

1.3.2. (U) To preclude losing control of classified national security information, make sure that every signal line from a RED equipment is routed only to another RED equipment or is encrypted before connection to a BLACK equipment.

1.3.3. (U) Make sure all RED signal lines remain within the controlled access area (sometimes abbreviated CAA) or are secured before leaving the controlled access area. Secure them by using (listed by preference): cryptographic equipment, intrusion detection optical carrier system, or protected distribution system (sometimes abbreviated PDS).

1.3.4. (U) To preclude losing control of classified national security information (sometimes abbreviated NSI), account for and maintain accountability of all RED signal lines.

1.3.5. (U) Separate RED signal lines from BLACK signal lines by a distance sufficient to easily distinguish RED lines from BLACK lines.

1.3.6. (U) Mark all RED signal lines with a 1-inch wide strip of red tape or red paint at intervals of approximately 1-1/2 meters. Do not mark RED signal lines less than 2 meters long unless they penetrate a wall, ceiling, or floor. Do not mark protected distribution systems.

1.3.7. (U) To preclude losing control of classified national security information, separate RED patch panels from BLACK patch panels by a distance greater than the longest patch panel cord or use dissimilar jack fields.


Chapter 2

* EXCEPTIONS TO THE EMSEC ASSESSMENT PROCESS (U)

2.1. (U) Introduction. Because of their unique nature, certain facilities and equipment are exempt from the EMSEC assessment process for the control of compromising emanations, NONSTOP, or HIJACK.

2.2. (U) Typewriters. Those electric typewriters without special features do not require a control of compromising emanations assessment. Special features include magnetic tape, magnetic card, internal memory, or line display. The following guidance differentiates between typewriters used within the United States, its trust territories, and possessions (hereafter called the United States), and outside the United States.

2.2.1. (U) SECRET and Below. Typewriters that process SECRET and below classified national security information do not require control of compromising emanations countermeasures.

2.2.2. (U) TOP SECRET-Within the United States. Typewriters that process TOP SECRET information within the United States do not require control of compromising emanations countermeasures.

2.2.3. (UC) TOP SECRET-Outside the United States. For typewriters that process TOP SECRET information outside the United States, separate the typewriter from BLACK equipment ----- ----- , use ----- ----- ----- (----- ----- ----- ----- ----- ----- ----- ----- ----- ), and install ----- ----- ----- ----- ----- ----- away from the typewriter. Separate BLACK signal wire lines ----- ----- ----- from the typewriter or use ----- ----- ----- and BLACK ----- ----- ----- ----- for telephone lines that exit the inspectable space unless the lines distance of the telephone lines from the room containing the typewriter to the boundary of the inspectable space is greater than 2,000 meters.

2.3. (U) Tactical Systems. These are systems developed for the tactical environment. They are usually contained within a transportable or mobile van and thus are shielded to some degree. These systems are usually further characterized by an "AN/" type nomenclature (e.g., AN/TGC-39).

2.3.1. (U) Make EMSEC assessments prior to the development of the system based on the projected deployment scenario.

2.3.2. (U) When deployed according to the standard scenario used for development; that is, in the field with field physical security measures implemented, separate EMSEC assessments are not required.

2.3.3. (U) Deployment to a fixed location on an installation as emergency mission support does not require EMSEC assessments if the deployment is less than 90 days. When deployed for more than 90 days, make the EMSEC assessments. Use the guidance in AFSSM 7011, Attachment 17.

* 2.4. (U) Deployable Systems. Typically, these systems are standard commercial-off-the-shelf systems used to perform the normal mission that are taken with the user when the user or unit deploys.

2.4.1. (U) For deployments of less than 60 days, EMSEC assessments are not required.

2.4.2. (U) When you know a future deployment will exceed 90 days, make the EMSEC assessments prior to deployment.

2.4.3. (U) For deployments whose initial schedule was for less than 60 days but are extended to more than 90 days, make the EMSEC assessments before the 90th day.

2.5. (U) Aircraft.

2.5.1. (U) Aircraft normally do not require an EMSEC assessment. Implement required EMSEC countermeasures for aircraft using AFSSM 7011, Attachment 18.

2.5.2. (U) When an aircraft is operated on the ground at the same location (parking spot) for more than 90 days (even if not continuous), make EMSEC assessments treating the aircraft as a facility.

2.6. (U) Secure Telephone Unit III.

2.6.1. (U) STU-IIIs installed in stand-alone modes and used for secure voice purposes are considered as BLACK devices. In this mode, a HIJACK assessment is not required.

2.6.2. (U) When connecting ancillary items such as facsimiles and computers to the secure digital data port, consider the STU-III as cryptographic equipment and make the HIJACK assessment.


Chapter 3

BASIC EMSEC ASSESSMENTS DATA (U)

3.1. (U) Introduction. There are three areas of concern in the EMSEC assessments. Each must be addressed separately.

3.1.1. (U) The control of compromising emanations assessment determines the need for countermeasures for information systems that process classified national security information.

3.1.2. (US) The NONSTOP assessment determines if countermeasures are required for information systems that process classified national security information ----- ----- ----- ----- ----- ----- ----- ----- ----- -----.

3.1.3. (U) The HIJACK assessment determines the need for countermeasures for cryptographic equipment.

3.2. (U) Basic Emission Security Assessments Data. Identify and enter the data indicated in the following paragraphs on AFCOMSEC Form 7001.

3.3. (U) Define the Scope of the Assessments. Identify the systems and areas processing classified national security information. For SPECAT information, define these processing areas separately from the collateral information processing areas. See Attachment 3 for help in defining the scope.

3.4. (U) Equipment, System, or Facility. Enter in block 1, AFCOMSEC Form 7001, a listing of the equipment used to process classified national security information; manufacturer and model number are sufficient. The central processing unit part of a personal computer, with monitor and keyboard, is sufficient; list printers (e.g., [U] Unisys Desktop-III, Unisys Desktop-III external removable hard disk, Unisys Desktop-III laser printer).

3.5. (U) Location. Enter in block 2, AFCOMSEC Form 7001, the location of the system (e.g., [U] HQ AFCA/GCIS, Bldg. 1700, Room 2040, Scott AFB IL).

3.6. (U) Classification Level. Identify the levels of classified national security information processed. In block 3a, AFCOMSEC Form 7001, place an "X" after the highest level of classified national security information processed. The identification of the level of the classified national security information is unclassified except for some SPECAT programs. In these cases, see the program security manager for classification guidance.

3.6.1. (U) There are times when the highest level authorized for processing is not used for the assessments. Use the next lower level when:
3.6.1.1. (U) The system is accredited to process at a level but never does (e.g., accredited for TOP SECRET but processes no higher than SECRET).

3.6.1.2. (U) The highest level is seldom processed (e.g., TOP SECRET information is processed once every 3 months).

3.6.1.3. (U) The volume of the highest level is very low compared to the total volume and done at random intervals (e.g., the system is used all day but SECRET information is processed only for a few minutes every other day on a random basis).

3.6.1.4. (U) Never use lower than the CONFIDENTIAL level when the identified classification level is the next lower level.

EXAMPLE (U) a. (U) CLASSIFICATION LEVEL

(U) UNCLASSIFIED

(U) CONFIDENTIAL

(U) SECRET                 X

(U) TOP SECRET

3.6.2. (U) For EMSEC assessments involving SPECAT information, type or print the word "SPECAT" following the word for the level of classified national security information. The association of the level of classified national security information is usually unclassified; contact the SPECAT security manager for classification guidance.

EXAMPLE (U) a. (U) CLASSIFICATION LEVEL

(U) UNCLASSIFIED

(U) CONFIDENTIAL

(U) SECRET                      SPECAT                    X

(U) TOP SECRET

* 3.7. (U) Volume and Percentage Information. In block 3b, AFCOMSEC Form 7001, following the title "Volume," enter the approximate total volume of information processed on the systems; indicate per hour, day, week, month, etc. Indicate the volume by number of pages, bytes, time, etc. Enter the approximate percentage for each level of information processed, including unclassified. The identification of the level of classified information is usually unclassified; contact the security manager for classification guidance.

EXAMPLE (U) b. (U) VOLUME 2 hrs/wk %

(U) UNCLASSIFIED 95

(U) CONFIDENTIAL 3

(U) SECRET 2

(U) TOP SECRET 0

3.8. (U) The Geographic Location. In block 3c, AFCOMSEC Form 7001, place an "X" in the box following the threat rating for the geographic location. Obtain threat ratings from the MAJCOM IP office.

3.8.1. (US) The threat level for a country ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- -----.

3.8.2. (UC) When the threat level ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- -----.

EXAMPLE (U) c. (U) GEOGRAPHIC LOCATION

(U) CONUS X

(UC) OCONUS, LOW THREAT

(UC) OCONUS, MEDIUM THREAT

(UC) OCONUS, HIGH THREAT


Chapter 4

THE CONTROL OF COMPROMISING EMANATIONS ASSESSMENT (U)

4.1. (U) Introduction. Use the following process to determine the requirement to control compromising emanations.

4.2. (U) Determining the Requirement to Control Compromising Emanations. Use Table 4.1 to determine the requirement to control compromising emanations. Find the intersection of the highest level of classified national security information processed as marked in block 3b (row) and the threat level as marked in block 3c (column). Then follow the instructions in the following paragraphs.

(UC) Table 4.1. Requirement to Control Compromising Emanations (U)

UNCLASSIFIED CONFIDENTIAL

THREAT AREA

INFORMATION CONUS OCONUS LOW OCONUS MEDIUM OCONUS HIGH

Warner--Type Information -- -- -- -- -- -- -- --

CONFIDENTIAL -- -- -- -- -- -- -- --

SECRET -- -- -- -- -- -- -- --

TOP SECRET -- -- -- -- -- -- -- --

1. (C) ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- 2. (C) ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- .

4.3. (U) Documenting the Requirement to Control Compromising Emanations.

4.3.1. (U) Indicate the requirement to control compromising emanations in block 4a, AFCOMSEC Form 7001, by placing an "X" in the appropriate box.
4.3.1.1. (U) If there is no requirement to consider the control of compromising emanations or if Table 4.1 indicates a "No," place an "X" in the "No Control of Compromising Emanations Required" box. Additionally, in block 5, AFCOMSEC Form 7001, under the heading "Control of Compromising Emanations Countermeasures." enter "Not Applicable" if there was no requirement to control compromising emanations or "Not Required" if Table 4.1 indicated "No."

4.3.1.2. (U) If Table 4.1. indicates a "Yes," place an "X" in the "Control of Compromising Emanations Required" box.

4.3.2. (U) Marking "No Control of Compromising Emanations Required" or "Control of Compromising Emanations Required," when the classification level and geographical location are identified, is classified CONFIDENTIAL.

4.3.3. (U) Make the NONSTOP and HIJACK assessments.

4.4. (U) Requirement to Control Compromising Emanations. When the control of compromising emanations is required, make the control of compromising emanations countermeasures review following the guidance in AFSSM 7011.


Chapter 5

THE NONSTOP ASSESSMENT

5.1. (U) Introduction. Use the following process to determine the requirement for NONSTOP countermeasures.

5.2. (UC) Identify Transmitters and Receivers. Identify transmitters located within ----- ----- of equipment processing classified national security information. Identify receivers located within ----- ----- of equipment processing classified national security information. Use Table 5.1 to identify the type of transmitter or receiver identified.

(C) Table 5.1. Requirement to Apply NONSTOP Countermeasures (U)

UNCLASSIFIED CONFIDENTIAL

WITHIN THE U.S. (limited to the 50 states) OUTSIDE THE U.S.

TYPE OF EQUIPMENT TRANSMITTER RECEIVER TRANSMITTER RECEIVER

RADAR1 -- -- -- -- -- -- -- --

SATELLITE -- -- -- -- -- -- -- --

HIGH FREQUENCY RADIO -- -- -- -- -- -- -- --

GROUND -TO-AIR UHF2 & VHF2 RADIOS -- -- -- -- -- -- -- --

BASE NET RADIO STATIONS (SUCH AS IBR3 &LMR3) -- -- -- -- -- -- -- --

HAND HELD IBR3 OR LMR3 -- -- -- -- -- -- -- --

BEEPERS OR PAGERS -- -- -- -- -- -- -- --

ALARM SYSTEMS -- -- -- -- -- -- -- --

CELLULAR TELEPHONES -- --, -- -- -- -- -- --

CORDLESS TELEPHONES -- -- -- -- -- -- -- --

CORDLESS MICROPHONES -- -- -- -- -- -- -- --

CORDLESS KEYBOARDS -- -- -- -- -- -- -- --

* WIRELESS LAN4 -- -- -- -- -- -- -- --

* INFRARED DEVICES No No No No

* AM5-FM5 RADIO RECEIVERS6 No No No No

1 (U) Includes all pulsed transmitters like tactical air navigation (TACAN); Identification, Friend or Foe/Selective Identification Feature (IFF/SIF); and radar altimeters. 2 (U) UHF = Ultra High Frequency. VHF = Very High Frequency. 3 (U) IBR = Intrabase Radio. LMR = Land Mobile Radio. 4 (U) LAN = Local Area Network 5 (U) AM = Amplitude Modulation. FM = Frequency Modulation. 6 (U) Commercial Broadcast.

* 5.3. (UC) Identify Signal and Control Lines To and From ----- ----- ----- ----- ----- -----. For those ----- ----- ----- ----- ----- ----- identified in paragraph 5.2:

* 5.3.1. (U) Identify all signal wire lines (e.g., microphone and speaker) and control wire lines (e.g., transmitter keying and remote channel changing) for transmitters when the wire lines are located within ----- ----- of RED equipment. There is no need to identify fiber optic signal or control lines.

* 5.3.2. (U) Identify all signal wire lines (e.g., microphone and speaker) and control wire lines (e.g., remote channel changing) for receivers when the wire lines are located within ----- ----- of RED equipment. There is no need to identify fiber optic signal or control lines.

5.4. (U) Determining the Requirement for NONSTOP Countermeasures. Use Table 5.1 to determine the requirement for NONSTOP countermeasures for transmitters and receivers identified in paragraph 5.2 and any signal or control wire lines identified in paragraph 5.3. Find the intersection of the type of transmitting or receiving equipment (row) and the geographic location (column) to determine the requirement for NONSTOP countermeasures.

5.5. (U) Special NONSTOP Guidance.

5.5.1. (U) Ultra High Frequency and Very High Frequency Radios.
* 5.5.1.1. (UC) Transmitters. A NONSTOP ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- -----.

* NOTE: (US) ----- ----- ----- ----- ----- -----.

* 5.5.1.2. (UC) Receivers. A NONSTOP ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- -----.

* NOTE: (US) ----- ----- ----- ----- ----- -----.

* 5.5.2. (UC) Base Net Radio Stations. A NONSTOP ----- ----- -- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- -----.

* NOTE: (US) ----- ----- ----- ----- ----- -----.

* 5.5.3. (UC) Hand-Held Radios. A NONSTOP ----- ----- --- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- -----.

* NOTE: (US) ----- ----- ----- ----- ----- -----.

* 5.5.4. (UC) Beepers or Pagers. A NONSTOP ----- ----- --- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- -----.

* NOTE: (US) ----- ----- ----- ----- ----- -----.

5.5.5. (U) Alarm Systems. The mode of operation of alarm systems transmitters will determine the need for a NONSTOP countermeasures review.

* 5.5.5.1. (UC) A NONSTOP ----- ----- --- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- -----.

* NOTE: (US) ----- ----- ----- ----- ----- -----.

* 5.5.5.2. (UC) A NONSTOP ----- ----- --- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- -----.

* 5.5.5.3. (UC) NONSTOP ----- ----- --- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- -----.

* 5.5.6. (U) Cellular Telephones. A NONSTOP countermeasures review is required for cellular telephones used within 10 meters of RED equipment. Cellular telephones are excluded from operating within 20 meters of the classified national security information processing area when the facility is located outside the United States.

* NOTE: (US) ----- ----- ----- ----- ----- -----.

* 5.5.7. (U) Cordless Telephones. A NONSTOP countermeasures review is required for cordless telephones used within 10 meters of RED equipment. Cordless telephones are excluded from operating within 20 meters of the classified national security information processing area when the facility is located outside the United States.

* NOTE: (US) ----- ----- ----- ----- ----- -----.

* 5.5.8. (U) Cordless Microphones.

* 5.5.8.1. (UC) Radio Frequency Cordless Microphones. Using an unencrypted radio frequency cordless microphone for briefing classified national security information is prohibited. Using an encrypted radio frequency cordless microphone for briefing classified national security information is permitted; a NONSTOP countermeasures review is required when used within ----- ----- equipment. Using a radio frequency cordless microphone for briefing unclassified information is permitted; a NONSTOP countermeasures review is required when used within ----- ----- equipment.

* 5.5.8.2. (U) Infrared Cordless Microphones. An encrypted infrared cordless microphone used for briefing classified national security information is permitted. An unencrypted infrared cordless microphone used for briefing classified national security information is permitted; a NONSTOP countermeasures review is required.

* 5.5.9. (UC) Cordless Keyboards. The use of radio frequency cordless keyboards to process classified national security information is prohibited. A NONSTOP countermeasures review is required for cordless keyboards used to process unclassified information within ----- ----- of RED equipment.

* 5.5.10. (UC) Wireless Local Area Networks. Using an unencrypted radio frequency wireless local area network processing classified national security information is prohibited. A NONSTOP countermeasures review is required for encrypted radio frequency wireless local area networks when a transmitter/receiver is within ----- ----- of RED equipment. NONSTOP countermeasures are not required for infrared wireless local area networks.

* 5.5.11. (U) Infrared Devices. NONSTOP countermeasures are not required for infrared devices except as noted in preceding paragraphs.

5.6. (U) Documenting the Requirement for NONSTOP Countermeasures.

5.6.1. (U) Indicate the requirement for NONSTOP countermeasures in block 4b, AFCOMSEC Form 7001, by placing an "X" in the appropriate box.
* 5.6.1.1. (U) If there is no need to consider NONSTOP or if Table 5.1 indicates a "No," place an "X" in the "No NONSTOP Countermeasures Required" box. Additionally, in block 5, AFCOMSEC Form 7001, under the heading "NONSTOP Countermeasures." enter "Not Applicable" if there were no radios within the distances specified in paragraph 5.2 of RED equipment or "Not Required" if Table 5.1 indicated "No."

5.6.1.2. (U) If Table 5.1 indicates a "Yes," place an "X" in the "NONSTOP Countermeasures Required" box.

5.6.2. (U) Marking "No NONSTOP Countermeasures Required" or "NONSTOP Countermeasures Required," when the classification level and geographic location are identified, is classified CONFIDENTIAL.

5.6.3. (U) Make the HIJACK assessment.

* 5.7. (U) NONSTOP Precautions. Because of their portability and easy introduction into the area where classified national security information is processed, always include NONSTOP precautions to the user.

* 5.7.1. (U) Enter in block 5, AFCOMSEC Form 7001, under the heading, "NONSTOP Precautions." warnings not to use hand-held radios, beepers, pagers, cellular telephones, and cordless telephones within 10 meters of RED equipment until the user contacts the IP office. List each warning separately (e.g., "(U) Do not use cellular telephones within 10 meters of RED equipment until contacting the IP office." See example, Attachment 5.

* 5.7.2. (U) It is not necessary to include those items used in the facility at the time of the NONSTOP assessment in the above statement since they are included in the NONSTOP assessment.

5.8. (U) Requirement for NONSTOP Countermeasures. When NONSTOP countermeasures are required, make the NONSTOP countermeasures review following the guidance in AFSSM 7011.


Chapter 6

THE HIJACK ASSESSMENT

6.1. (U) Introduction. Use the following process to determine the requirement for HIJACK countermeasures.

* 6.2. (U) Determining the Requirement for HIJACK Countermeasures.

* 6.2.1. (U) If cryptographic equipment is used to secure classified national security information, HIJACK countermeasures are required.

* 6.2.2. (U) If a STU-III is used to secure ancillary items such as a facsimile or computer, HIJACK countermeasures are required.

* 6.2.3. (U) If a KIV-7 is used to secure a computer, HIJACK countermeasures are required.

* 6.2.4. (U) If cryptographic equipment is used to protect unclassified information, HIJACK countermeasures are not required. Follow the guidance in paragraph 6.4, below.

* 6.2.5. (U) If no cryptographic equipment is used, HIJACK countermeasures are not required.

6.3. (U) Documenting the Requirement for HIJACK Countermeasures.

6.3.1. (U) Indicate the requirement for HIJACK countermeasures in block 4c, AFCOMSEC Form 7001, by placing an "X" in the appropriate box.
6.3.1.1. (U) If cryptographic equipment is used to secure classified national security information, check the "HIJACK Countermeasures Required" box.

6.3.1.2. (U) If a STU-III is used to secure ancillary items such as facsimiles or computers, check the "HIJACK Countermeasures Required" box.

6.3.1.3. (U) If a KIV-7 is used to secure a computer, check the "HIJACK Countermeasures Required" box.

6.3.1.4. (U) If cryptographic equipment is used to protect unclassified information, check the "No HIJACK Countermeasures Required" box and include the guidance in paragraph 6.4 in block 5, AFCOMSEC Form 7001. Additionally, in block 5, AFCOMSEC Form 7001, after the heading "HIJACK Countermeasures." enter "Not Applicable" if cryptographic equipment was used to protect unclassified information.

6.3.1.5. (U) If no cryptographic equipment is used, check the "No HIJACK Countermeasures Required" box. Additionally, in block 5, AFCOMSEC Form 7001, after the heading "HIJACK Countermeasures." enter "Not Applicable" if cryptographic equipment was not within the scope of the HIJACK assessment.

6.3.2. (U) Checking "No HIJACK Countermeasures Required" or "HIJACK Countermeasures Required" is unclassified.

* 6.4. (U) Special HIJACK Guidance. The following is the guidance for using cryptographic equipment to protect unclassified information.

* 6.4.1. (U) Since a facility that processes unclassified information does not have RED power, connect all equipment (cryptographic and information processing equipment) to the existing facility power.

* 6.4.2. (U) It is not necessary to shield the RED signal wire lines on the RED side of the cryptographic equipment and the BLACK signal wire lines on the BLACK side of the cryptographic equipment although it is a good engineering practice to do so. If the lines are shielded, connect the shields to the appropriate grounds on the cryptographic equipment. It is not necessary to ground the shields at the BLACK equipment end although it is a good engineering practice to do so.

* 6.4.3. (U) RED and BLACK signal ground systems are not required.

* 6.4.4. (U) There are no minimum separation requirements for equipment, power lines, signal wire lines, or other electrical or electronic equipment on the RED or BLACK side of the cryptographic equipment.

* 6.4.5. (U) Separate RED and BLACK cable distribution facilities are not required.

* 6.4.6. (U) Separate patch panels and connection facilities (e.g., distribution frames) are not required.

6.5. (U) Requirement for HIJACK Countermeasures. When HIJACK countermeasures are required, make the HIJACK countermeasures review following the guidance in AFSSM 7011.


Chapter 7

COMPLETING THE EMSEC ASSESSMENTS

7.1. (U) Introduction. Do this only when there is no need to make a control of compromising emanations, NONSTOP, or HIJACK countermeasures review. When a control of compromising emanations, NONSTOP, or HIJACK countermeasures review is required, use the "Completing the Countermeasures Reviews" instructions in AFSSM 7011.

7.2. (U) Classification Marking. Re-mark the completed AFCOMSEC Form 7001 with the highest classification of information contained on the form if higher than CONFIDENTIAL. Enter the date in the upper right hand box 10 years from the date of the EMSEC assessments in block 6c, AFCOMSEC Form 7001.

7.3. (U) Authentication Documentation. Type or print the name of the IP person, organization, and office symbol making the EMSEC assessments in block 6a of AFCOMSEC Form 7001. The IP person signs the form in this block. Signing by the IP person establishes EMSEC requirements the user must adhere to according to AFI 33-203. When a CTTA makes the EMSEC assessments, use "CTTA" as the organization and office symbol. The CTTA signs the form in this block.

* 7.4. (U) Validation. Validation is only required for countermeasures reviews. When the EMSEC assessments result in no control of compromising emanations, NONSTOP, and HIJACK countermeasures required, there is no validation requirement.

7.5. (U) Inform the User. Type or print the name of the user, organization, office symbol, and telephone number in block 6b of AFCOMSEC Form 7001. The user signs the form in this block. Signing by the user is acknowledgment that the user has been informed of EMSEC requirements and understands what is required.

7.6. (U) Date. Type or print the date of the EMSEC assessments in block 6c, AFCOMSEC Form 7001.

* 7.7. (U) Emission Security Certification. Since no control of compromising emanations, NONSTOP, or HIJACK countermeasures are required, an EMSEC inspection is not required. Type or print the name of the IP person, organization, and office symbol making the EMSEC assessments in block 9a of AFCOMSEC Form 7001. The IP person signs the form in block 9b. Enter the date in block 9c. Give the user a copy of the completed AFCOMSEC Form 7001. This copy used to satisfy the EMSEC certification requirement for the system certification and accreditation process. To avoid classifying the certification and accreditation package, the IP office may issue a letter to the user stating EMSEC certification is met. If this is done, assign a tracking number to the AFCOMSEC Form 7001 and refer to this tracking number in the letter. The tracking number has four parts: MAJCOM, base, year, 3-digit number (e.g., AFCA-Scott-97-001). The 3-digit number is unique for each assessment. Enter the tracking number in AFOCMSEC Form 7001, block 7.

7.8. (U) File Copy. Both the IP office and the user will maintain a copy of the EMSEC assessments on file until the system no longer processes classified national security information. Check with the user annually and verify the information in blocks 1, 2, and 3 is still valid. When you make and document new EMSEC assessments, destroy the previous one.

* 7.9. Form Prescribed. AFCOMSEC Form 7001, Emission Security Assessments/Emission Security Countermeasures Reviews.

DONALD W. SOLANO, Lt Col, USAF
Chief, Information Protection Branch
Air Force Communications and Information Center


Attachment 1

(S) GLOSSARY OF TERMS AND SUPPORTING INFORMATION (U)

(U) References

(U) AFI 33-203, Emission Security

(U) AFSSI 4100 (C), Communications Security Program (U)

(U) AFSSM 7011, Emission Security Countermeasures Reviews

(U) NSTISSI 7000 (C) TEMPEST Countermeasures for Facilities (U)

(U) The Freedom of Information Act

(U) Acronyms and Abbreviations

(U) AF Air Force (used on forms only)

(U) AFCA Air Force Communications Agency

(U) AFCOMSEC Air Force Communications Security

(U) AFI Air Force Instruction

(U) AFPD Air Force Policy Directive

(U) AFSSI Air Force Systems Security Instruction

(U) AFSSM Air Force Systems Security Memorandum

(U) AM Amplitude Modulation

(U) C4 Command, Control, Communications, and Computers

(U) CAA Controlled Access Area

(U) CONUS Continental United States

(U) CTTA Certified TEMPEST Technical Authority

(U) DIA Defense Intelligence Agency

(U) EMSEC Emission Security

(U) FM Frequency Modulation

(U) IBR Intrabase Radio

(U) IP Information Protection

(U) LMR Land Mobile Radio

(U) MAJCOM Major Command

(U) NSTISSI National Security Telecommunications and Information Systems Security Instruction

(U) OCONUS Outside the Continental United States

(U) SPECAT Special Category

(U) STU Secure Telephone Unit

(U) UHF Ultra High Frequency

(U) USAF United states Air Force

(U) VHF Very High Frequency

(S) Terms (U)

(U) Analog Signal--A signal whose amplitude, phase, or frequency content is continuously proportional to the stimulus.

(U) BLACK--Designation applied to telecommunications and information systems, and associated areas, circuits, components, equipment, and wire lines in which only unclassified or encrypted signals are processed.

(U) BLACK Line--Any line, other than the primary or secondary RED conductors, external to classified national security information processing equipment.

(U) BLACK Signal--Any signal (e.g., control signal, encrypted signal, or signals from BLACK equipment) that would not divulge classified national security information if recovered and analyzed.

(U) Certified TEMPEST Technical Authority (CTTA)--An experienced, technically qualified U.S. Government employee who has met established certification requirements according to National Security Telecommunications and Information Systems Security Committee-approved criterions and has been appointed by a U.S. Government department or agency to fulfill CTTA responsibilities.

(U) Compromising Emanation--Unintentional signals that, if intercepted and analyzed, would disclose the information transmitted, received, handled, or otherwise processed by information systems.

(U) Countermeasures Review--The evaluation of the posture of a facility where classified national security information will be processed which identifies the vulnerabilities and threats and determines the required countermeasures.

(U) Emission Security (EMSEC)--Protection resulting from all measures taken to deny unauthorized persons information of value which might be derived from intercept and analysis of compromising emanations from cryptographic equipment, telecommunications systems, and information systems.

(U) Emission Security Assessments--The determination of whether emission security countermeasures are required or not.

(U) Equipment Radiation TEMPEST Zone (ERTZ)--A zone established as a result of determined or known equipment radiation TEMPEST characteristics. The zone includes all space within which a successful intercept of compromising emanations is considered possible.

(U) Fortuitous Conductor--Any conductor that may provide an unintended path for RED signals or compromising emanations. Fortuitous conductors include cables, wires, pipes, conduits, and structural metal work in the vicinity of a RED equipment or RED wire line.

(US) HIJACK (U)--An ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- -----.

(U) Inspectable Space--The three-dimensional space surrounding systems that process classified national security or unclassified sensitive information within which TEMPEST exploitation is not considered practical or where legal authority to identify and remove a potential TEMPEST exploitation exists.

(U) National Security Information--Information that has been determined pursuant to Executive Order 12958, or any predecessor or successor order, to require protection against unauthorized disclosure, and that is so designated. This includes all classified information and information which is unclassified but which involves intelligence activities, cryptologic activities, command and control of military forces, weapons systems, or is critical to the direct fulfillment of military or intelligence missions.

(U) Noise--Random disturbances superimposed upon a signal that tend to obscure its information content.

(US) NONSTOP (U)--An ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- -----.

(U) RED--Designation applied to telecommunications and information systems, plus associated areas, circuits, components, equipment, and wire lines where classified national security information or classified plain text signals are being processed.

(U) RED and BLACK Concept--Separation of electrical and electronic information systems, equipment, components, circuits, and wire lines that handle classified national security information (RED) or classified plain text (RED) signals from those that handle unclassified or encrypted (BLACK) information.

(U) RED Line--A primary or secondary RED conductor or signal wire line that carries RED signals.

(U) RED Signal--Any signal (classified national security information, plain text, key, subkey, initial fill, or control signal) that would divulge national security information if recovered.

(UC) Special Category (SPECAT) (U)--SPECAT information includes ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- -----.

(U) TEMPEST--Short name referring to investigation, study, and control of compromising emanations from telecommunications equipment and information systems.

(U) TEMPEST-Certified Equipment--Equipment or systems which have been certified within the requirements of the effective edition of NSTISSAM TEMPEST/1-92, Level I.



Attachment 2

(S) THE EMISSION SECURITY PROBLEM (U)

A2.1. (U) Introduction. An understanding of the EMSEC problem is essential to meeting EMSEC goals. Obviously, a complete explanation would fill a rather large volume so the intent of this attachment is to present enough basic information for the reader to do the job. EMSEC has three goals: the control of compromising emanations, the prevention of NONSTOP hazards, and the elimination of HIJACK hazards.

A2.1.1. (U) The differences between these are:
A2.1.1.1. (U) The control of compromising emanations is the most common source of electronic security problems. The major concerns are controlling the radiated and conducted emanations from systems that process classified national security information.

A2.1.1.2. (US) NONSTOP ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ---------- ----- ----- ----- ----- ----- ----- ----- ----- ----- ---------- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- -----.

A2.1.1.3. (US) HIJACK ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ---------- ----- ----- ----- ----- ----- ----- ----- ----- ----- ---------- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- -----.

A2.1.2. (U) The terms "RED" and "BLACK" are COMSEC terms used to differentiate between signals, equipment, and lines that carry or process unencrypted, clear-text, classified national security information from those signals, equipment, and lines that carry or process unclassified information.

A2.2. (U) Compromising Emanations. When processing information electronically, as in a computer, there are some electronic signals that cause things to happen and there are other signals that represent the information being processed. This is the intended function. At the same time, things happen that are not intended to happen. One of these is the generation of compromising emanations. Let's look at the definition of compromising emanations before going further.

A2.2.1. (U) What Are Compromising Emanations? Compromising emanations are, by definition, "unintentional signals that, if intercepted and analyzed, would disclose the information transmitted, received, handled, or otherwise processed by information systems." What does this mean?
A2.2.1.1. (U) First, compromising emanations are unintentional. That means they happen when something else (an intended action) happens but are not needed or desired (unintended). An example is using sandpaper to smooth a piece of wood. The sandpaper will heat up when it is rubbed on the wood. The heat is not part of the plan, it is not needed, and, if it gets too hot, it is not wanted; it is a byproduct of smoothing the wood. It's the same with compromising emanations.

A2.2.1.2. (U) Second, compromising emanations are signals. They have a frequency and they carry information. More precisely, they are noise.

A2.2.1.3. (U) Third, to be useful to an adversary, compromising emanations have to be intercepted. Signals move from one location to another in one of two ways; conducted in a wire (like a telephone wire) or radiated through space (like a radio wave). An adversary has to connect to the wire, or put up an antenna, to intercept them.

A2.2.1.4. (U) Fourth, compromising emanations have to be analyzed. In most cases, they will not look like the intended signal. They have to be studied to make sense out of them. For example, we could connect an oscilloscope to a telephone line and observe the waveshape of the signal representing someone speaking but it wouldn't be easily understood. We would have to study the patterns to see how the different shapes represent different sounds. Once we have analyzed these shapes to determine the sounds they represent, we could "read" the information.

A2.2.1.5. (U) Fifth, compromising emanations must disclose the information being processed. If our analysis cannot make sense of the intercepted signals, they are not compromising. They have to contain the intended information and, in our case, that information must be classified national security information.

A2.2.2. (U) How Are Compromising Emanations Generated?

A2.2.2.1. (U) We will use a computer as an example in the following explanation but there is no intent to describe how a computer works. To present the basic idea of computers, they sort of operate in the following manner. As information is processed in a computer, clock signals determine when things happen, gate signals determine what circuits are activated, and shift signals determine what information is moved. At the appropriate time, information is moved from one register to another through some logic circuit that adds or subtracts.

A2.2.2.2. (U) Most computers are digital which means circuits turn on and off. This means circuits go from one state (usually represented by a voltage potential, like 5 volts) to another state (a different voltage potential, like 0 volts). If these changes were sine waves, there would be no problem because sine waves are natural; occurring in nature in many forms. What does not occur in nature are straight lines. Digital signals are straight lines. Nature also resists change. Everything is fine as long as states do not change or, if states do change, it is done slowly.

A2.2.2.3. (U) If we were to represent the state of a circuit with a drawn line, it would be straight, showing no change. See Figure A2.1. Then, along comes a signal that causes the circuit to change state. The line makes a 90-degree turn and proceeds to the other state where it makes another 90-degree turn, continuing in the same direction as before but at the new level. If we were to watch this line with respect to time, we would see the line "jump" from one level to the other very quickly. (A note of interest here: the faster the change, the faster the computer can operate, and the faster we can process information.)

Figure A2.1. State Change in an Electronic Circuit.
[Not in original]

A2.2.2.4. (U) Now, the energy required to shift from one state to another in a short time is many times more (perhaps thousands) than the energy required to stay at that state. This sudden flux of energy has to be dissipated somehow. Some of it is used in maintaining the new state (maybe 1 percent), some of it is changed into heat (maybe 4 percent), and some of it is given off in the form of an electrical signal (maybe 90 percent). The electrical signal given off is often referred to as noise but not all noise signals are compromising emanations. If we can detect this electrical signal, correlate it to the information being processed, and, if the information is classified national security information, then it is a compromising emanation. (A note of interest here: the faster the change, the more energy required to make the change, and the stronger the emanation.)

A2.2.3. (U) What Are The Sources of Compromising Emanations?

A2.2.3.1. (U) Functional Sources. At an elemental level, functional sources are those devices designed for the specific purpose of generating electromagnetic energy. Examples are: discrete circuit things like switching transistors, oscillators, signal generators, synchronizers, line drivers, and line relays.

A2.2.3.2. (U) Incidental Sources. On a higher level, incidental sources are those devices not designed for the specific purpose of generating electromagnetic energy but may generate energy incidental to its normal operation. The sources include electro-mechanical and electronic equipment and systems used to process classified national security information, including communications equipment, recording and duplicating equipment, and automatic data processing equipment.

A2.2.3.3. (U) Installation Sources. Any circuit processing classified national security information may produce compromising emanations. The interrelationship of components, equipment interface characteristics, lengths and locations of interconnecting signal and control lines, and methods of grounding each unit within the system could cause compromising emanations. Therefore, installations using equipment that individually do not present an EMSEC problem could serve as sources of compromising emanations.

A2.2.3.4. (U) Design Sources. The generation of some types of compromising emanations has increased as a result of the trend toward compactness. This trend has forced conductors, components, and circuits into such proximity that coupling between secure and non-secure segments is unavoidable. The use of the same circuitry for more than one function, and the same circuit board for two or more operations, has also created problems. Also, since digital signals are basically square waves, they are rich in harmonic frequencies. The magnitude of the harmonic frequencies is affected by the transition time from high-to-low (or mark-to-space, or one-to-zero) and vice versa. Consequently, the use of faster data rates produces compromising emanations that are both stronger and more broad band in nature.

A2.2.4. (U) What Do Compromising Emanations Look Like? Due to the many ways that equipment processes information, there are many ways to generate compromising emanations and these different ways produce different forms of compromising emanations. The more common forms of compromising emanations are attenuate baseband signals, spurious carriers modulated by baseband signals and impulsive emanations.

A2.2.4.1. (U) Baseband Signals. The baseband signal in attenuated, but otherwise unaltered form, is the compromising emanation most easy to recognize. It is possible to introduce this emanation into electrical conductors connected to circuits (within an equipment) which have an impedance or a power source in common with circuits processing RED baseband signals. Capacitive or inductive coupling can introduce the emanation into an escape medium, especially the radiation of higher frequencies or data rates.

A2.2.4.2. (U) Modulated Spurious Carriers. Modulating a carrier by data generates this type of compromising emanation. The equipment may generate the carrier as a parasitic oscillation; that is, the chopper frequency of a power supply, a clock signal, a clock harmonic, and so forth. The carrier is usually amplitude or angle-modulated by the basic data signal, or a signal related to the basic data signal, which is then radiated into space or coupled into the external conductors of the equipment.

A2.2.4.3. (U) Impulsive Emanations. Very fast mark-to-space and space-to-mark (one-to-zero and zero-to-one or high -to-low and low-to-high) transitions of digital signals generate impulsive emanations and are quite common in equipment processing digital signals. These signals are similar to the bursts of radio-frequency energy emitted by some automobile ignition systems. Impulsive emanations can radiate into space or couple onto external conductors of the equipment.

A2.2.4.4. (U) Other Types of Emanations. Most compromising emanations resemble one of the types mentioned above. There are, however, other possible types of compromising emanations caused by various linear and nonlinear operations occurring in information-processing equipment. We cannot categorize such compromising emanations easily. In practice, these emanations often exhibit features that frequently can be related to one of the three types discussed above.

A2.2.5. (U) How Are Compromising Emanations a Problem? As mentioned above, compromising emanations escape in one of two ways, conducted or radiated.

A2.2.5.1. (U) Conducted Compromising Emanations. Sometimes, compromising emanations run around in the equipment looking for a place to go. Actually, in electronic terms, they are trying to get back to the source. Since compromising emanations are unintentionally produced, the source is hard to find. So, they have a tendency to go where we don't want them to go. All external lines connected to an equipment are designated either RED lines (carry classified national security information) or BLACK lines (don't carry classified national security information). Other typical RED and BLACK lines are power lines, clock lines, control lines, and secondary signal lines. BLACK lines may exit the inspectable space established for the system. RED lines must stay within the controlled access area established for processing classified national security information. RED signal lines also pose the hazard of compromising classified national security information. Just as classified national security information may couple from RED lines to BLACK lines inside an equipment, coupling may also occur outside an equipment.

A2.2.5.2. (U) Radiated Compromising Emanations. Whenever a signal is generated or processed in an equipment, an electromagnetic field is generated. If this electromagnetic field radiates beyond the equipment (as an electromagnetic wave like a radio signal), a two-fold problem is created. First, it is possible to detect the electromagnetic wave outside the inspectable space established for the equipment. Second, the electromagnetic wave may couple onto BLACK lines or other fortuitous conductors located near the RED equipment and exit the inspectable space.

A2.2.5.3. (U) Acoustics. Any mechanical vibration or movement in an equipment that can be correlated to the RED data is an acoustic compromising emanation. The emanations produced by these mechanical movements can propagate as either airborne or structural vibrations. These vibrations generally occur at frequencies below 100 kHz. The general term "acoustics" refers to this phenomenon.

A2.2.5.4. (UC) Power ----- -----. This ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ---------- ----- ----- ----- ----- ----- ----- ----- ----- ----- ---------- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ---------- ----- ----- ----- ----- ----- ----- ----- ----- ----- ---------- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- -----.

A2.2.6. (U) Conditions Favorable For Intercept. As an adversary, there are a number of considerations that my superiors will consider before they direct me to make an attempt to intercept your compromising emanations. Your technical security experts use all these considerations to develop your technical security policy and guidance.

A2.2.6.1. (U) Desire for the Information. My superiors have to be interested in your information. Because it is classified, they will probably want it.

A2.2.6.2. (U) Value of the Information. The value of the information you are processing is determined by comparing it to all other information desired.

A2.2.6.3. (U) Availability of Assets. As in all endeavors, the number of people with the training and experience to do what I do and the number of sets of equipment needed to conduct a technical attack with the object of intercepting compromising emanations is limited.

A2.2.6.4. (U) Willing to Take the Risk. Where you are processing classified information is taken into account. There are two parts to this consideration. What is your geographical location and what are the physical security measures surrounding your facility? My superiors are most willing to commit me and my equipment in countries they control and at facilities where you have weak physical security. They are least willing to commit resources in your country or at places you control. In other words, the easier it is for you to discover me, the less willing my superiors are to send me there.

A2.2.7. (U) How Are Compromising Emanations Intercepted? As an adversary, I have a number of ways to intercept your compromising emanations.

A2.2.7.1. (U) Basic Knowledge. There are some things I need to know before I mount an attack.
A2.2.7.1.1. (U) Know The Equipment. The more I know about your equipment, the better and easier I can do my job. My government may have legally (or illegally) purchased the same equipment you are using. We would have tested it to find all its vulnerabilities: the frequencies of the compromising emanations; their bandwidth; how strong they are; which type of emanation they are, like impulsive, fingerprint, or bit density; and an analysis to establish a basis for easier field interpretation of my intercepted signals. However, even without this knowledge, I could still effectively intercept your compromising emanations, analyze them, and learn the classified information; it would take more work and more time.

A2.2.7.1.2. (U) Location. My prime concern is to remain undetected. I need a "safe" place to set up where my comings and goings are not observable or they are innocuous enough not to attract attention. Another concern is based on the strength of the compromising emanations. I need to be within their range.

A2.2.7.1.3. (U) Processing Procedures. Knowing how you process classified information is very helpful. If I know you process from 0900 to 0930, Monday, Wednesday, and Friday, I can do two things. First, it eliminates a lot of analysis of unclassified compromising emanations. You see, I have to analyze every signal I pick up to see what information is being processed. The other thing I can do is to operate more than one intercept facility or switch over to someone else who processes classified information in the afternoon.

A2.2.7.2. (U) Intercepting Radiated Compromising Emanations. This is the safest way to intercept your compromising emanations but not the most reliable. Because radiated compromising emanations are just like radio waves, I would use various antennas, receivers, an oscilloscope or monitor, and a recording device like a tape recorder. By intercepting radio waves, I have no physical connection to the source of compromising emanations. Just as any broadcast station (for example, radio or television) has no idea of who is receiving their signal, you will not know I am receiving your radiated compromising emanations. Consequently, I have a lot of freedom in selecting my location. My first choice of location is one where I could keep my equipment all together in one room. If I cannot, then I can locate the antenna some distance from my receiver and run an antenna wire to the receiver much like the antenna wire from a television antenna on top of a house down to the television set in the family room. It can't be too long or I won't have enough signal for my receiver. Also, I must be careful that my antenna doesn't attract attention; yours and other security conscious Air Force personnel.

A2.2.7.3. (U) Intercepting Conducted Compromising Emanations. This is one of the best intercept methods because it involves connecting directly to a wire that makes my intercept operation very reliable; it is also one of higher risk. One of my best sources are telephone lines. Another is power lines. The telephone (which is not the prime "collector" of compromising emanations in your office; the telephone lines are) on your desk is connected to a telephone line that runs to a block connector somewhere in your building. That block connector connects your telephone line to a line that runs to the telephone central office for switching. In the telephone central office, there are lines that leave the base (for example, Defense Switched Network [DSN] and commercial). Once the telephone line leaves your office, I have access to it depending on the physical controls enforced on your base.

A2.2.7.3.1. (U) If your building is not controlled, I can come in on nights or weekends to make my connections; either to the telephone lines or the power lines. By the way, I can make these connections so they are nearly invisible. Usually, I am very reluctant to do this for two reasons. Either I have to set up my equipment there in the building or I have to remote the signals I've picked up to my equipment set up at a safer location. I can remote the signals with a wire or a small transmitter. Either way, the risk of discovery is very high.

A2.2.7.3.2. (U) The next safest way is make my connections to telephone lines at a manhole somewhere between your building and the central office. I could connect to the power lines on a pole outside your building. Connecting to the power lines outside your building will become more dangerous the farther away from your building I get. The farther away from your building, the closer I get to the generator of the power and the higher the voltage. Either way, I will almost certainly have to remote the signals I pick up to a safer location and my risk of discovery high.

A2.2.7.3.3. (U) The safest place for me to make my connections are off-base where you have no control. The local telephone company doesn't maintain as much physical control over their telephone lines. I just need to be sure that my connection does not attract the attention of the local telephone company by causing a problem for them to fix. The biggest problem I will have will be the strength of the compromising emanations. By the time the signals get to me off-base, they could be too small for me find them; but maybe not. Usually, compromising emanations decrease in strength as they travel down a wire. Sometimes, in large bundles of telephone wires, they do not.

A2.2.7.4. (U) Intercepting Compromising Emanations From Fortuitous Conductors. Almost always, this intercept is limited to your building since fortuitous conductors are steel work, air conditioning and heating ducts, water pipes, and so forth. I would make my attack in the same manner as intercepting conducted compromising emanations except I would not go beyond the building.

A2.2.8. (U) Conclusion. There is one thing you must keep in mind about compromising emanations. They are unintentional which means they are not "cultivated," amplified, or protected; they are accidental. As such, there are no guarantees they will always be there; conversely, there are no guarantees they will not.

A2.3. (U) NONSTOP. The problem defined by NONSTOP is a special case concerning compromising emanations. The method of attack, as we will see, is much different from that for standard compromising emanations.

A2.3.1. (US) What ----- -----? By definition, ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ---------- ----- ----- ----- ----- ----- ----- ----- ----- ----- ---------- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- -----.
A2.3.1.1. (U) Let's look at the definition of NONSTOP as a start in understanding NONSTOP.
A2.3.1.1.1. (U) First, NONSTOP involves compromising emanations. Compromising emanations are defined and discussed in paragraph A2.2.1.

A2.3.1.1.2. (US) Second, ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ---------- ----- ----- ----- ----- ----- ----- ----- ----- ----- ---------- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- -----.

A2.3.1.1.3. (U) Third, NONSTOP is unintentional. This concept is discussed in paragraph A2.2.1.1 and is not different here.

A2.3.1.2. (US) Therefore, ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ---------- ----- ----- ----- ----- ----- ----- ----- ----- ----- ---------- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- -----.

A2.3.2. (U) Transmitting Equipment. The purpose of transmitting equipment is two-fold. One purpose is to modulate a carrier frequency with an information signal so you can pass information from one location to another. The other purpose is to translate the information signal to a higher frequency compatible with a transmitting medium.

A2.3.2.1. (US) Any ----- -----.

A2.3.2.2. (U) Traditional station designs have always placed radio communications (combat net radio, microwave systems, and so forth) away from the classified national security information processing area. It is easy to violate this practice with the pressure of current operational needs and modern equipment technology and capability. With their reduced size and increased capacity and speed, we are using more and more computers and other equipment to process classified national security information in the operational area. At the same time, technology has reduced the size and power consumption of radio communications systems which tends to allow radios in the office environment. However, the need for separation remains.

A2.3.3. (U) Receiving Equipment. The purpose of a receiver is two-fold. One purpose is to select a desired signal. The other purpose is to detect any information on the selected signal and convert to useable form.

A2.3.3.1. (US) Any ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ---------- ----- ----- ----- ----- ----- ----- ----- ----- ----- ---------- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- -----.

A2.3.4. (US) How ----- -----? An ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ---------- ----- ----- ----- ----- ----- ----- ----- ----- ----- ---------- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- -----.

A2.3.4.1. (U) Equipment. As in the intercept operation for compromising emanations from equipment, an adversary will use antennas, receivers, a display device, and a recording device. The intercept operation requires one additional piece of equipment; a special detection system that is very sensitive and very expensive; and there are not very many of them. Also, the technician using this special equipment will require a great deal of training and experience.

A2.3.4.2. (U) The Target. There are different kinds of communications which have different purposes and different operational characteristics that will affect my intercept operation. I will discuss the more important and traditional problem area here.

A2.3.4.2.1. (US) High ----- -----. High ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ---------- ----- ----- ----- ----- ----- ----- ----- ----- ----- ---------- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ---------- ----- ----- ----- ----- ----- ----- ----- ----- ----- ---------- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ---------- ----- ----- ----- ----- ----- ----- ----- ----- ----- ---------- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ---------- ----- ----- ----- ----- ----- ----- ----- ----- ----- ---------- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- -----.

A2.3.4.2.2. (US) Ultra High Frequency ----- -----. UHF ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ---------- ----- ----- ----- ----- ----- ----- ----- ----- ----- ---------- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ---------- ----- ----- ----- ----- ----- ----- ----- ----- ----- ---------- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- -----.

A2.3.4.2.3. (US) Satellite. Most ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ---------- ----- ----- ----- ----- ----- ----- ----- ----- ----- ---------- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ---------- ----- ----- ----- ----- ----- ----- ----- ----- ----- ---------- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- -----.

A2.3.4.2.4. (US) Intrabase ----- -----. Although ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ---------- ----- ----- ----- ----- ----- ----- ----- ----- ----- ---------- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ---------- ----- ----- ----- ----- ----- ----- ----- ----- ----- ---------- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- -----.

A2.4. (US) HIJACK. By definition, ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ---------- ----- ----- ----- ----- ----- ----- ----- ----- ----- ---------- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- -----.

A2.4.1. (U) HIJACK:
A2.4.1.1. (U) Involves compromising emanations. Compromising emanations are defined and discussed in paragraph A2.2.1.

A2.4.1.2. (U) Is unintentional. This concept is discussed in paragraph A2.2.1.1 and is not different here.

A2.4.1.3. (U) Is concerned with digital signals. In simplest terms, digital signals are seen in one of two states; referred to as high or low, mark or space, or one or zero. This makes digital signals discrete and very easy to determine the state of the signal. Digital signals are very controlled. When a high, or a mark, or a one occurs, it is always at the same level and it is always the same width. This is done so the signal occupies the least amount of bandwidth which increases the speed of transmission of the information. Therefore, any change in the amplitude or width (time) is easy to detect.

A2.4.2. (US) Modulation ----- -----.

A2.4.2.1. (U) Amplitude Modulation. If the height, or level, of the digital signal is made to vary in some manner, this is called amplitude modulation (sometimes abbreviated AM). One way of doing this is to inject another signal into the line carrying the intended signal. The second signal will add or subtract from the intended signal, making it readable. If the change is large enough to see easily, it usually interferes with the intended communication and is cleaned up in the design and installation stage. However, if the second signal is not large, it may not cause a problem and go undetected.

A2.4.2.2. (U) Time Modulation. This is seen in more than one form. One way is for the output pulse to vary in width. This seen as a fluttering in the trailing edge or leading edge of the pulse. Another way time modulation could appear is for the distance between adjacent pulse to vary making the succeeding pulse, when compared to the preceding pulse, appear to jitter.

A2.4.3. (U) Making the HIJACK Attack.

A2.4.3.1. (U) Location. An adversary does not need to be close to your operation to mount a HIJACK attack; they only need access to the communications lines. These days, many of the "lines" are "spots" in the bandwidth of some form of radio communication (e.g., line-of-sight or satellite) and are quite easy to intercept.

A2.4.3.2. (U) Equipment. As in the intercept operation for compromising emanations, an adversary will use antennas, receivers, a display device, a recording device, and one additional piece of equipment; a special detection system that is very sensitive and very expensive; and there are not very many of them. Also, the technician using this special equipment will require a great deal of training and experience.


Attachment 3

DEFINING THE SCOPE OF THE ASSESSMENTS (U)

A3.1. (U) Introduction. The wing IP office works closely with the user to define the scope of the EMSEC assessments. The wing IP office makes the assessments considering all the information processed (classified and unclassified) and all the equipment used (RED and BLACK). If countermeasures are required, the user applies all the required countermeasures identified by the countermeasures reviews to all the equipment identified within the scope.

A3.2. (U) Defining the Scope. Define the scope on one of four levels; include as much equipment as possible. Caution, other equipment or systems within the area affect the equipment under consideration. Always define SPECAT areas separately as the review and approval process for SPECAT is different.

A3.2.1. (U) The Facility Level. Use the facility level to evaluate large complexes, areas, or groupings of systems and equipment that process classified information. You may describe:
A3.2.1.1. (U) A base, installation, large complex occupying several buildings, whole building such as a headquarters, large portions of a building such as a directorate, or area requiring a higher level of security such as a sensitive compartmented information facility, or

A3.2.1.2. (U) One or more large-scale central processors that support numerous users located remotely from the central processor in other rooms or other buildings, or

A3.2.1.3. (U) Several systems and individual pieces of equipment in a large complex such as a headquarters building, directorate, division, or unit which uses more than one system as a facility.

A3.2.1.4. (U) Any network.

A3.2.2. (U) The System Level. Use the system level when there are clusters of equipment or systems that process classified information. A system may consist of several pieces of equipment to support several users simultaneously. An office information system is a good example. Another way is to group equipment together. There are several ways to group equipment for the purpose of using this level to define the scope. You may describe:

A3.2.2.1. (U) Items that are electrically interconnected, such as an office information system, a local area network (LAN), or a large computer system with central processing unit, disk and tape drives, printers, and remote terminals, or

A3.2.2.2. (U) All the equipment in a room or group of rooms such as typewriters, memorywriters, stand-alone personal computers, and office information systems as a system.

A3.2.3. (U) The Equipment Level.

A3.2.3.1. (U) If classified information is processed on a single piece of equipment, then defining the scope is an easy process. Identifying the equipment and the location is all that is necessary.

A3.2.3.2. (U) Use this level of defining the scope where there are two or more individual pieces of equipment located in a building but are not located close enough to affect one another. In this case, assess each item of equipment independently and define the scope for each one.

A3.2.3.3. (U) To ensure this independence, for each piece of equipment being assessed separately, the other equipment must be far enough away so that the countermeasures identified by the countermeasures reviews for each item of equipment does not impact on the others. If the individual pieces of equipment are too close to achieve the independence required, then use the system level or facility level and include all the equipment under consideration in the scope.

A3.2.4. (U) The Acquisition Level. Determine EMSEC requirements early in the acquisition process. The later EMSEC requirements are identified, the more costly they are to incorporate. Also, the imposition of EMSEC requirements later in the program could affect configuration, performance, cost, and schedule.

A3.2.4.1. (U) It is recognized that early determination of EMSEC requirements is difficult. Specific information needed for accurate EMSEC assessments is not always available.
A3.2.4.1.1. (U) There may be many locations using the equipment. It is not cost effective to specify the EMSEC requirements for all the units of the acquisition based on a worst-case scenario.

A3.2.4.1.2. (U) In the early stages of acquisition, it is next to impossible to get physical protection data since the exact location of where the equipment will be positioned at the operating locations is not known.

A3.2.4.1.3. (U) The most cost effective approach is to specify EMSEC requirements that would be effective for most of the locations. Those few locations that require more protection will employ more countermeasures or even shielded enclosures. Include the cost of these additional countermeasures in the program and fund them. Base this decision on a cost or feasibility study similar to the one used to justify TEMPEST-certified equipment or shielding described in AFSSM 7011.

A3.2.4.2. (U) EMSEC requirements when acquiring systems are met in two stages:

A3.2.4.2.1. (U) Identify the general requirements for development and production. In this case, the requirements are aimed at the equipment itself. These requirements are part of the contract.

A3.2.4.2.2. (U) Upon delivery or deployment, at each specific location where the system is used, make EMSEC assessments to determine location-sensitive EMSEC countermeasures.


Attachment 4

SENSITIVE AREAS WITHIN THE UNITED STATES (U)

A4.1. (UC) Countries ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ---------- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- missions.

A4.2. (UC) Technical ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ---------- ----- ----- ----- ----- ----- ----- ----- ----- ----- ---------- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- missions.

A4.3. (UC) The following ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ---------- ----- ----- ----- ----- ----- ----- ----- ----- ----- ---------- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- List.

A4.4. (U) Do not use this listing except as directed by this instruction.


Attachment 5

DOCUMENTING THE EMSEC ASSESSMENTS (U)

A5.1. (U) The following figure provides an example of how to complete AFCOMSEC Form 7001 (Front).

Figure A5.1. (UC) Sample Completed EMSEC Assessments Documentation (U).

CONFIDENTIAL

PART I. (U) EMISSION SECURITY ASSESSMENTS Classified by: DIRNSA (National Manager NTAISS) Declassify: Ten years from Date of Classification 30 Mar 08

1. (U) Equipment, System, or Facility: Unisys Desktop-III, Unisys Desktop-III external removable hard disk, Unisys Desktop-III laser printer

2. (U) Location: HQ AFCA/GCIS Office, Bldg 1700, Room 2040, Scott AFB IL

3. (U) Emission Security Assessments Summary.

a. (U) Classification Level: b. (U) Volume: 40 hours/week % c. (U) Geographic Location:

(U) UNCLASSIFIED (U) UNCLASSIFIED 95 (U) CONUS

(U) CONFIDENTIAL (U) CONFIDENTIAL 3 (C) OCONUS, Low Threat

(U) SECRET X (U) SECRET 2 (C) OCONUS, Medium Threat

(U) TOP SECRET (U) TOP SECRET (C) OCONUS, High Threat

4. (U) Emission Security Assessments Results.

a. (U) Control of Compromising Emanations: b. (U) NONSTOP: c. (U) HIJACK:

(C) No Control of Compromising Emanations Required. (C) No NONSTOP Countermeasures Required. (U) No HIJACK Countermeasures Required. X

(C) Control of Compromising Emanations Required. (C) NONSTOP Countermeasures Required. (U) HIJACK Countermeasures Required.

PART II (U) EMISSION SECURITY COUNTERMEASURES REVIEWS

5. (C) Requirements: (U) NONSTOP Precautions. (Continued in block 10) EXAMPLE

6. (U) Authentication and Acknowledgement.

Typed or Printed Name, Organization, Phone Number, and Signature. a. (U) IP Office: Ron Drumm, AFCTTA, 576-2498 b. (U) User: Dwight Bohl, HQ AFCA/GCIS, 576-2828 c. (U) Date: 30 Mar 98

7. (U) Tracking and Address Information.

Tracking Number: E-mail Address: Message Address: Mailing Address:

8. (U) CTTA Validation Received. E-Mail. Message. Letter. Date/Time/Group or Date:

9. (U) Emission Security Certification.

Typed or Printed Name, Organization, Phone Number , and Signature. a. (U) IP Office: Ron Drumm, AFCTTA, 576-2498 b. (U) Signature: c. (U) Date: 30 Mar 98

AFCOMSEC FORM 7001, FEB 98 (EF-V1)

CONFIDENTIAL

Figure A5.1. (UC) Continued. (Reverse) (U).

CONFIDENTIAL

10. (C) Continuation (Continued from block 5) (U) Do not use hand-held radios within 10 meters of RED equipment until contacting the IP office. This does not apply to short term visitors, only to assigned workers. (5.5.3) (U) Do not use beepers or pagers within 10 meters of RED equipment until contacting the IP office. This does not apply to short term visitors, only to assigned workers. (5.5.4) (U) Do not use cellular telephones within 10 meters of RED equipment until contacting the IP office. This does not apply to short term visitors, only to assigned workers. (5.5.6) (U) Do not use cordless telephones within 10 meters of RED equipment until contacting the IP office. (5.5.7) (UC) Control of Compromising Emanations. ----- ----- Required (UC) NONSTOP Countermeasures. ----- ----- Required (U) HIJACK Countermeasures. Not Applicable. EXAMPLE

AFCOMSEC FORM 7001, FEB 98 (EF-V1)

CONFIDENTIAL


[End]

Conversion to HTML by Cryptome.