Upload File

preserving information security at data centres · applications, mpe’s emi, emp and tempest...

  • Home
  • Documents
  • Preserving information security at data centres · applications, MPE’s EMI, EMP and TEMPEST filters apply the most liberal design margins to ensure maximum in-service reliability
1
T he TEMPEST threat to information security was first recognised by the US National Security Agency (NSA) and GCHQ in the 1960s. Governments, armed forces, municipal authorities and companies now share this concern that electrical and electronic equipment such as computers and peripherals give off unintended electromagnetic emanations which can then be reconstructed beyond the building boundary as intelligible data. Countermeasures are aimed at preventing eavesdropping on data radiated as signals via conducting lines such as power, telephone or control line cables. The evidence is that TEMPEST countermeasures are becoming as important for information security in the civilian world as in the military arena. Examples of sites at risk would be Western embassies in hostile parts of the world, and data centres handling sensitive personal and financial information, where power line cables are vulnerable to electronic eavesdropping. Confidential data – or devices containing or processing such data – are usually referred to as “red”. This implies merely that you don’t want the data to escape. Conversely, non-confidential data and equipment are termed “black”. Sensitive or classified data that has been suitably encrypted is also regarded as black. A device processing red data, yet incorporating adequate protection to contain emissions, can be black too. Meanwhile a cable carrying black data that passes close to red equipment, and thus has the potential to pick up red data, can be considered red. Where a cable has to pass through a red/black boundary, a filter can be inserted as an intended countermeasure to filter out all frequencies except the desired signal. It is normally a low-pass filter that blocks everything above a given frequency, on the basis that any parasitic red signal is likely to be of high frequency. This solution has obvious limitations, since any parasitic signals within the passband will still get through, and a low- pass filter cannot be used if the desired signal is itself of high frequency. A proper TEMPEST-grade filter must also prevent bypass coupling, where a radiated red signal bypasses the filter and couples onto the black side. Paul Currie, the sales and marketing director of MPE, explains: “High-speed information-bearing signals are the ones most likely to couple onto the low impedance, copper power cables trailing through a data centre, and then be most vulnerable to interception beyond the building boundary. Accordingly, to be effective, the electrical filters designed for TEMPEST anti-eavesdropping applications have to perform across the full frequency spectrum to Super High Frequency (SHF) (3GHz to 30GHz), and above. “MPE filters with incorporated feedthrough suppression capacitors do just that. Commercial grade equipment filters, employing two-terminal capacitors and designed for suppression of EMI up to typically 30MHz, will fall into resonance well before the SHF band, and are therefore unsuitable for TEMPEST uses.” MPE offers a comprehensive range of TEMPEST power line filters of alternative performance specifications. These extend from 6A to 16A filters, which might be used to treat individual power inlets, up to 2400A filters for the hardening of a main building power supply. When specifying filters, data centre managers must also take into account the electrical loading that TEMPEST filters will impose on their power supplies. TEMPEST hardening comes at a cost – filters cause leakage currents and power dissipation, and take up space. On the plus side, the installation of TEMPEST filters supports the protection of equipment within the protected area from incoming mains-borne EMI and transients, which could otherwise pass unimpeded and cause damage and disruption to susceptible pieces of equipment. The TEMPEST filters will also contribute to the attenuation of secondary lightning effects not suppressed by primary building lightning protection devices. When electrical filters can combine the multiple benefits of TEMPEST hardening, EMI suppression and transient attenuation, this is known as “integrated hardening”. Now a critical consideration of any data centre manager is that installed TEMPEST filters will be reliable over time. The undiminished long-term performance of installed filters becomes highly significant when most cannot be accessed easily to survey or replace – having been installed deep within building infrastructure. So, having been originally designed to support mission-critical military applications, MPE’s EMI, EMP and TEMPEST filters apply the most liberal design margins to ensure maximum in-service reliability. MPE has also long supplied TEMPEST products which adhere to the onerous specifications of CESG (the Communications Electronics Security Group at GCHQ) and of the US NSA and more recently NATO SDIP-27 Standards. Filters contain reactive and resistive elements which are all at risk of in-service failure. Although the electrical supply may be expected to be fused to cope with the possibility of a filter failing from a short circuit, it is the prospective loss of service that is of most concern to the data centre manager. The filter component at greatest risk of in-service failure is the capacitor. However, filters such as MPE’s incorporating capacitors manufactured from self-healing, high-reliability, metallised plastic film would generally be expected to be fully reliable for the intended lifetime of an installation. MPE manufactures power line filters which support the highest level of TEMPEST hardening, providing low insertion loss performance (dB against frequency in Hz) across the whole spectrum from Very Low Frequency (VLF) to above SHF. Hence the performance of MPE filters comfortably exceeds the industry benchmarks for mains supply applications, which can b as high as 100dB in a frequency range across 10kHz to 10GHz. Housed in electroplated steel cases, TEMPEST filters from MPE are of compact size for easy, flexible, bulkhead or chassis mounting into the rack systems of data centres, and include product options where low earth leakage is critical. www.mpe.co.uk John Parsons of MPE Ltd talks about the dangers of leaking confidential data from data centres and how MPE’s TEMPEST filters can help prevent it John Parsons 28 December 2016/January 2017 Components in Electronics www.cieonline.co.uk Communications Technology 250V AC, 50/60Hz, 16A MPE TEMPEST power line filter for information security at data centres Preserving information security at data centres Typical 5A to 100A MPE TEMPEST power line filters for data centres CIE_Dec-Jan_p28_CIE 06/01/2017 09:32 Page 28

Upload: others

Post on 21-Mar-2020

2 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Preserving information security at data centres · applications, MPE’s EMI, EMP and TEMPEST filters apply the most liberal design margins to ensure maximum in-service reliability

The TEMPEST threat to informationsecurity was first recognised by theUS National Security Agency (NSA)

and GCHQ in the 1960s. Governments,armed forces, municipal authorities andcompanies now share this concern thatelectrical and electronic equipment such ascomputers and peripherals give offunintended electromagnetic emanationswhich can then be reconstructed beyondthe building boundary as intelligible data.Countermeasures are aimed at

preventing eavesdropping on data radiatedas signals via conducting lines such aspower, telephone or control line cables.

The evidence is that TEMPESTcountermeasures are becoming asimportant for information security in thecivilian world as in the military arena.Examples of sites at risk would beWestern embassies in hostile parts of theworld, and data centres handling sensitivepersonal and financial information, wherepower line cables are vulnerable toelectronic eavesdropping.

Confidential data – or devicescontaining or processing such data – areusually referred to as “red”. This impliesmerely that you don’t want the data toescape. Conversely, non-confidential dataand equipment are termed “black”.Sensitive or classified data that has beensuitably encrypted is also regarded asblack. A device processing red data, yetincorporating adequate protection tocontain emissions, can be black too.Meanwhile a cable carrying black data thatpasses close to red equipment, and thushas the potential to pick up red data, canbe considered red.

Where a cable has to pass through ared/black boundary, a filter can be insertedas an intended countermeasure to filterout all frequencies except the desired

signal. It is normally alow-pass filter that blockseverything above a givenfrequency, on the basisthat any parasitic redsignal is likely to be ofhigh frequency. Thissolution has obviouslimitations, since anyparasitic signals withinthe passband will stillget through, and a low-pass filter cannot beused if the desiredsignal is itself of highfrequency. A properTEMPEST-grade filtermust also preventbypass coupling, wherea radiated red signalbypasses the filter andcouples onto theblack side.

Paul Currie, the salesand marketing directorof MPE, explains:“High-speedinformation-bearingsignals are the ones

most likely to couple onto the lowimpedance, copper power cables trailingthrough a data centre, and then be mostvulnerable to interception beyond thebuilding boundary. Accordingly, to beeffective, the electrical filters designed forTEMPEST anti-eavesdropping applicationshave to perform across the full frequencyspectrum to Super High Frequency (SHF)(3GHz to 30GHz), and above.

“MPE filters with incorporatedfeedthrough suppression capacitors do justthat. Commercial grade equipment filters,employing two-terminal capacitors anddesigned for suppression of EMI up totypically 30MHz, will fall into resonancewell before the SHF band, and aretherefore unsuitable for TEMPEST uses.”

MPE offers a comprehensive range ofTEMPEST power line filters of alternativeperformance specifications. These extendfrom 6A to 16A filters, which might beused to treat individual power inlets, up to2400A filters for the hardening of a mainbuilding power supply. When specifyingfilters, data centre managers must alsotake into account the electrical loadingthat TEMPEST filters will impose on theirpower supplies.

TEMPEST hardening comes at a cost –filters cause leakage currents and powerdissipation, and take up space. On the plusside, the installation of TEMPEST filterssupports the protection of equipmentwithin the protected area from incomingmains-borne EMI and transients, whichcould otherwise pass unimpeded andcause damage and disruption tosusceptible pieces of equipment. TheTEMPEST filters will also contribute to theattenuation of secondary lightning effectsnot suppressed by primary buildinglightning protection devices.

When electrical filters can combine themultiple benefits of TEMPEST hardening,EMI suppression and transient attenuation,this is known as “integrated hardening”.

Now a critical consideration of any datacentre manager is that installed TEMPESTfilters will be reliable over time. The

undiminished long-term performance ofinstalled filters becomes highly significantwhen most cannot be accessed easily tosurvey or replace – having been installeddeep within building infrastructure.

So, having been originally designed tosupport mission-critical militaryapplications, MPE’s EMI, EMP and TEMPESTfilters apply the most liberal design marginsto ensure maximum in-service reliability.MPE has also long supplied TEMPESTproducts which adhere to the onerousspecifications of CESG (theCommunications Electronics SecurityGroup at GCHQ) and of the US NSA andmore recently NATO SDIP-27 Standards.

Filters contain reactive and resistiveelements which are all at risk of in-servicefailure. Although the electrical supply maybe expected to be fused to cope with thepossibility of a filter failing from a shortcircuit, it is the prospective loss of servicethat is of most concern to the data centremanager. The filter component at greatestrisk of in-service failure is the capacitor.However, filters such as MPE’sincorporating capacitors manufacturedfrom self-healing, high-reliability, metallisedplastic film would generally be expected tobe fully reliable for the intended lifetime ofan installation.

MPE manufactures power line filterswhich support the highest level ofTEMPEST hardening, providing lowinsertion loss performance (dB againstfrequency in Hz) across the wholespectrum from Very Low Frequency (VLF)to above SHF. Hence the performance ofMPE filters comfortably exceeds theindustry benchmarks for mains supplyapplications, which can b as high as 100dBin a frequency range across 10kHz to10GHz. Housed in electroplated steelcases, TEMPEST filters from MPE are ofcompact size for easy, flexible, bulkhead orchassis mounting into the rack systems ofdata centres, and include product optionswhere low earth leakage is critical.

www.mpe.co.uk

John Parsons of MPE Ltd talks about the dangers ofleaking confidential data from data centres and howMPE’s TEMPEST filters can help prevent it

John Parsons

28 December 2016/January 2017 Components in Electronics www.cieonline.co.uk

Communications Technology

250V AC, 50/60Hz, 16A MPE TEMPEST power line filter forinformation security at data centres

Preserving informationsecurity at data centres

Typical 5A to 100A MPE TEMPEST power line filters for data centres

CIE_Dec-Jan_p28_CIE 06/01/2017 09:32 Page 28

Tempest Standard

Tempest intro

Tempest 2014

“The Tempest”

CHAPTER 6 EMP AND TEMPEST TESTING REQUIREMENTS 6-1 ... - Misc/EMP/Site-003-Tempest/c-6body.pdf · (2) Dye penetran t test (3) Limited RFI attenuation testing (4) Independence of test

A tempest the tempest- Prospero

Issuu solano tempest sept 3, 2014 by solano tempest

# CED EMP AP EMP NOM EMP NOM CARGO - Imbanaco

‘The Tempest’

The Tempest

ELECTROMAGNETIC PULSE (EMP) AND TEMPEST … · ELECTROMAGNETIC PULSE (EMP) AND TEMPEST PROTECTION FOR FACILITIES ... Bolted joints for metallic shields ... wall flex-joint with and

Revised Annual Employment and Wages January - December ...Jan Emp Feb Emp Mar Emp Apr Emp May Emp Jun Emp Jul Emp Aug Emp Sep Emp Oct Emp Nov Emp Dec Emp Average Monthly Emp Total

TEMPEST Low Emission Controlled Designsurflibrary.org/ses/Tempest/Vol4Facilities.pdf · TEMPEST Site Survey The TEMPEST site survey is intended to evaluate how much protection is

Solano Tempest

O NOVO ESTATUTO NACIONAL DAS MPE’s LEI COMPLEMENTAR 123/06

Tempest Parts

Tempest profile

Tempest Operation Manual - Dave Smith Instruments · Tempest Operation Manual What’s a Tempest? 1 What’s a Tempest? Tempest is a professional drum machine that generates its sounds

Tempest characters

Security What are we talking about? - · PDF fileSecurity What are we ... Tempest system (computer in a fridge) - prevents compromising emission Anti EMP ... Possible attacks (internal)

ELECTROMAGNETIC PULSE (EMP) AND TEMPEST PROTECTION FOR

Comparision between 'A Tempest' and 'The Tempest

Hawker Tempest - Worldmilitair lists/hhhh/tempest.pdf · 2013-06-30 · tempest v ej607 royal air force tempest v ej608 royal air force tempest v ej609 royal air force tempest v ej610

Shakespeares Tempest

Brochura tempest

O NOVO ESTATUTO NACIONAL DAS MPE’s