Why radio frequency shielding is an increasingly important part of SCIF and SAPF security
Unintentional emanations have been a security concern since WWII, but in an increasingly technologically dependent and online world, that concern has multiplied. Radio Frequency (RF) shielding is being included in more SCIF and SAPF construction projects to keep adversaries from taking advantage of signals escaping the facility or sending harmful signals in. In November 2022, the Defense Intelligence Agency (DIA) issued—and quickly rescinded—a memo that declared all SCIFs would be required to have RF shielding on all floors, walls, windows and doors. While that requirement isn’t currently in place, it does indicate an industry shift where RF shielding is becoming a more standard part of all SCIF construction.
So why is this becoming a more standard practice, and what are we protecting our facilities from?
Why Do We Care About RF?
RF is the number of electromagnetic waves released in a second from an electronic device. Every electronic device gives off some of these electromagnetic waves, referred to as unintentional emanations. The study, investigation and mitigation of these compromising emanations is known as TEMPEST.
When shielding a facility against these waves, the Accrediting Official (AO) or end-user group will have a range of frequencies they want to stop from being able to enter or escape the facility. Many of the signals that we want to keep in the facility are at a relatively high frequency, like the emanations from a computer. These higher frequencies are easier to contain than lower frequency signals. These lower frequencies could come from outside the facility, like from satellites, and cause electromagnetic interference (EMI) with facility hardware.
Current Emanation Threats and What We Can Do About Them
One of the major concerns with unintentional emanations is that once they escape the facility, they could be picked up by adversaries. With the right equipment, someone could take a signal emanating from a computer and use it to be able to see everything that is on the screen. Through this, they could steal a significant amount of classified information from a facility that doesn’t have TEMPEST mitigations.
Emanations escaping the facility are not the only security concern. A computer inside a secure space could be contaminated with a virus, and operators outside the space can access the information being processed as well as control the computer without having to enter the space.
Wi-Fi signals can also pose a threat. Adversaries outside the facility could measure the strength of the Wi-Fi signal throughout a building, and since RF signals are absorbed by human bodies, they are able to tell the location of people as they move throughout the space. For those working in the facility, people knowing their exact location in the facility or where they travel for meetings is a serious threat should foes decide to attack.
While the RF-based threats are evolving, our mitigations luckily don’t need to in the same way. The best way to combat any attacks like this is by absorbing or blocking the signals, and those contractors constructing SCIFs achieve that by employing TEMPEST mitigations and lining walls, ceilings and floors with RF foil, adding grounding to pipes and RF shielding to perimeter doors. There are some new products that may help in addressing TEMPEST concerns, such as concrete and paint with RF shielding built in.
It’s likely that TEMPEST mitigations will continue to be a commonplace part of SCIF construction going forward to combat current and arising threats. If you need help in adding RF shielding to your secure facility, Adamo can help. Whether you need a team you can trust to build your facility or a technical consultant to help you make sure you’re in compliance, our experts can ensure your facility gets accredited.