|
A Cryptome DVD is offered by Cryptome. Donate $25 for a DVD of the Cryptome 10+-years archives of 39,000 files from June 1996 to December 2006 (~4.1 GB). Click Paypal or mail check/MO made out to John Young, 251 West 89th Street, New York, NY 10024. Archives include all files of cryptome.org, cryptome2.org, jya.com, cartome.org, eyeball-series.org and iraq-kill-maim.org. Cryptome offers with the Cryptome DVD an INSCOM DVD of about 18,000 pages of counter-intelligence dossiers declassified by the US Army Information and Security Command, dating from 1945 to 1985. No additional contribution required -- $25 for both. The DVDs will be sent anywhere worldwide without extra cost. |
21 April 2007
James Atkinson testimony Amendment 1: http://cryptome.org/cg-unmet.htm
James Atkinson testimony Amendment 2: http://cryptome.org/cg-ugly.htm
Michael DeKort on Coast Guard TEMPEST Leakage: http://cryptome.org/cg-leakage2.htm
Date: Fri, 20 Apr 2007 16:57:11 -0400
To: John Young <jya[at]cryptome.net>
From: "James M. Atkinson" <jmatk[at]tscm.com>
Subject: Copy of Partial Written Testimony
Granite Island Group
127 Eastern Avenue, #291
Gloucester, MA 01931
James M.
Atkinson
http://www.tscm.com/
jmatk[at]tscm.com
(978) 546-3803
Testimony of
James M. Atkinson
President and Sr. Engineer
Granite Island Group
Before the
House Committee on Transportation and Infrastructure
U.S. Coast Guard Budget and Oversight Hearing
April 18, 2007
My name is James M. Atkinson, and I am the
President and Senior Engineer of Granite Island
Group located in Gloucester, MA, which is a small
veteran owned company that since 1987 has
specialized in the field of electronics
engineering. We have special capability involving
the protection of classified, confidential,
privileged, or private information against
technical attack, eavesdropping, or exploitation.
I am responsible for performing visual and
instrumented TSCM (Technical Surveillance Counter
Measure) surveys. This includes the analysis of
all signals present on the airways; evaluation of
telephone lines, computer networks, detection of
computer viruses and Trojan horses, security of
voice and data switching systems, and any
mechanism by which a spy could commit technical
eavesdropping or surveillance against or
exploitation of a target through technical
means. Also included in these responsibilities
are the studies of electromagnetic interference
(EMI), and the study of electromagnetic
compliance (EMC), to include the performance of
visual and instrumented TEMPEST inspections, and
measures to mitigate other technical weaknesses
in communications and computer systems.
I have attended extensive private and government
sponsored TSCM, TEMPEST, cryptographic, technical
intelligence, electronics, and security training
both in the United States and abroad. I have been
involved in many hundreds of TSCM, TEMPEST
inspections, over the past 25 years of government
and private sector assignments. I have been
extensively published on these subject matters,
and have authored materials that have affected national policy.
My clients include major corporations,
heads-of-state, diplomats, government agencies,
defense contractors, hospitals, courthouses,
police stations, banks, universities, publicly
traded companies, private companies,
stockbrokers, ranchers, farmers, fisherman,
accountants, law firms, restaurants, political
leaders, ministers, small businesses, and private individuals.
I believe that I am in the unique position to act
as an independent and disinterested party,
"honest broker", (and Voice of Reason in these
proceedings). I was not involved in the ICGS
Deepwater program in any regard or capacity and
have no ax-to-grind. I am also able clearly
explain highly technical and highly classified
subject matters such as TEMPEST and TSCM to this
committee in an unclassified way that a
non-technical layman can understand. The
documents in this matter are highly technical,
and it takes a TEMPEST and TSCM expert to fully
understand what is in those documents, what they
represent, what they mean, and more importantly
to bring forth the gravity of the situation.
I have also carefully analyzed hundreds of pages
of documents and reports which where provided to
the government by ICGS (the Deepwater contractor)
when the first eight 123 foot cutters were
delivered to the Coast Guard. These documents
were not classified in any way, and were
available to any member of the public by merely
asking the Coast Guard for them. Within these
documents, I discovered that ICGS delivered
seriously defective ships to the government,
which did not comply with TEMPEST standards,
which the government could not use for classified
missions, and which could not be used to store,
process, or transmit classified information.
All of the information contained within this
written testimony, and all information, which is
presented in my oral testimony, is completely unclassified.
TEMPEST Introduction
When a new consumer electronic device such as a
computer, DVD player, blender, electric razor or
other modern electronic marvel is offered for
sale to the public the manufacture has to gain a
special certification or authorization from the
FCC. This process ensures that when the consumer
uses the device that they will not interfere with
other devices in the area. For example, we do not
want a DVD player or blender to accidentally jam
all the TV, and cellular telephones in a
five-block area due to a poor product design.
The FCC (Federal Communications Commission) and
its foreign equivalent have created a series of
formal standards which new equipment is evaluated
against before it is offered for sale to the public.
These new products are taken into a specialized
laboratory, and an engineer completes a
complicated battery of tests. These test results
are then sent to the FCC who then approves or
denies permission for the product to be sold to the public.
When modern electrical devices operate, they
generate electromagnetic fields. Digital
computers, radio equipment, typewriters, and so
on generate massive amounts of electromagnetic
signals, which if properly intercepted and
processed will allow certain amounts of
information to be reconstructed based on these
"compromising emanations". Anything with a
microchip, diode, or transistor, gives off these fields.
Compromising emanations are these unintentional
intelligence-bearing signals, which, if
intercepted and analyzed, potentially disclose
the national security information, transmitted,
received, handled, or otherwise processed by any
information-processing equipment.
These compromising emanation signals can also
escape out of a controlled area through power
line conduction. Other conduction paths can be
air conditioning ductwork, plumbing, wiring, or
by simply radiating a signal into the air (much
like a radio station). These signals can also mix
with or be impressed onto other unclassified
signals, where the eavesdropper merely intercepts
these unclassified signals, and extracts the
classified information riding on top of the unclassified signal.
An excellent example of these compromising
emanations may be found in several modems and fax
machines. When these modems operate, they
generate a very strong electromagnetic field,
which may be intercepted, demodulated, and
monitored with nothing more then a radio that any
member of the public can purchase at Radio Shack,
Best Buy, Wal-Mart, or other retailer of consumer
electronics (which, in some cases, may, or may
not be legal). This is also a very serious
problem with many speakerphone systems used in
executive conference rooms and government
offices. A considerable problem also exists with
many fax machines, computer monitors, external
disc drives, CD-R drives, scanners, printers, and
other high bandwidth or high speed peripherals
and network devices. If an eavesdropper is using
high quality, intercept equipment the signal may
be easily acquired several hundred feet or more
away from the target, although the eavesdropper
would normally be located quite close to the system under surveillance.
In the consumer markets, a slight amount of
signal leakage really does not present a problem
and at most would result in a breach of private
information or disclosure of some corporate
secrets. However, if a computer or other
communications equipment that was processing
classified information has a leak, the results
could be devastating. Soldiers can be killed,
wars can be lost, and nations can fall.
During the early days of telephones, there was a
significant problem where a person talking on one
telephone line could clearly hear a person
talking on another telephone line. This was most
often the results of shoddy workmanship on the
part of the phone installer, but also a result of
using poor quality wiring in the early phone
systems, and having inferior, albeit newly
developed equipment. This problem is called
"cross-talk", where one conversation leaks into a
nearby phone line and can be heard by a third
party to the original conversion between the
original two parties. While this problem can been
drastically limited in modern phone systems it
has by no means been eradicated completely, and
continues to be a problem most often caused by poor quality workmanship.
World War One brought about a method where
soldiers on one side of a battlefield were able
to eavesdrop on their enemies telephone calls.
This allowed them exploit this information to
determine troop movements, and to gain a
significant tactical advantage on the battlefield.
During World War II, both sides of the conflict
exploited signals, which leaked out of each other
aircraft, surface vessels, and submarines. The
Germans were able to detect, and shoot down U.S.
bombers when their radio and navigation systems
were merely turned on, but not actually
transmitting. Submarines where similarly hunted
by listening for this accidental leakage, and to
this day the study and exploitation of this type
of accidental signal leakage has become a staple
of the intelligence and military community.
In the 1950's NATO eavesdroppers in Germany
discovered that classified information could be
derived by monitoring unclassified teletype
circuits. The cause of this was found to be that
the classified and unclassified wiring was
running too close to each other and causing
classified information to bleed onto the
unclassified wiring. What this investigation by
intelligence analysts discovered was that by
monitoring local high power radio stations that
fragments of classified information could be
extracted from the unclassified broadcast
stations from a considerable distance from the
location where the classified information was
being processed. Continued investigation led to a
sub-specialty in the field of electronics
engineering that permitted one side to monitor
the classified efforts of the other side by
merely exploiting unclassified communications
that were passing through the classified area. In
other words unclassified signals opened the door
to the acquiring of classified information.
To deal with this "signal leakage" issue the U.S.
government developed a series of formal, and
extremely rigid engineering standards which lay
out how equipment should be designed, installed,
and maintained to avoid such leakage. These
TEMPEST standards are really nothing more then
several standard civilian engineering measurement
standards and procedures enhanced by the NSA to
make then more rigid and comprehensive then their civilian counterpart.
TEMPEST is an acronym for "Telecommunications
Electronics Material Protected from Emanating
Spurious Transmissions" and includes technical
security countermeasures; standards, and
instrumentation, which prevent (or minimize) the
exploitation of security vulnerabilities by
technical means. Other popular names for TEMPEST
are "Transient Emanations Protected from
Emanating Spurious Transmissions", "Transient
Electromagnetic Pulse Emanation Standard",
"Telecommunications Emission Security Standards",
and several similar variations.
In 1957, the U.S. Government mandated rigid
TEMPEST required for highly classified systems
that were responsible for handling the most
classified secrets of the Cold War and helped to
contain our secrets for the next 20 years until
details of those systems were sold to the
Russians by multiple spies in trusted positions in the U.S. government.
TEMPEST is nothing more then a fancy name for
protecting against technical surveillance or
eavesdropping of UNMODIFIED equipment, (the
unmodified part is important.) TEMPEST and its
associated disciplines involve designing circuits
to minimize the amount of "compromising
emanations" and to apply appropriate shielding,
grounding, and bonding. These disciplines also
include methods of radiation screening, alarms,
isolation circuits/devices, filters, isolation
distances, and similar areas of equipment engineering.
A certified TEMPEST technical authority (CTTA) is
an experienced, technically qualified U.S.
Government employee (not a contractor) who has
met established certification requirements in
accordance with NSA approved criteria and has
been appointed to fulfill CTTA responsibilities.
There is an isolation area just outside of a
classified system where it is less practical to
exploit TEMPEST vulnerabilities. However, other
systems present inside or near this isolation,
area can considerably extend this distance to
well outside the isolation area. This is often
referred to the "zone of control", or "zone of exclusion".
The Equipment Radiation TEMPEST Zone (ERTZ) is a
radius established because of determined or known
equipment radiation TEMPEST characteristics. The
zone includes all space within which a successful
hostile intercept of compromising emanations is
considered possible. This zone can range from a
few yards, to several miles depending on the
nature of the classified information on the
equipment on which it is being processed.
As a spy moves away from a location where
classified information is being processed the
exploitation of accidental leakages becomes
increasingly difficult. There is a specific
classified voltage level called the "Compromising
Emanation Performance Requirement (CEPR). This is
the maximum emanation level permitted at the
standard measurement distance during an
instrumented TEMPEST evaluation. When the CEPR is
met, there will be minimal chance that a
compromising emanation will be detected beyond
the specified design radius unless the equipment
has not been properly maintained, or if a
secondary signal provides a carrier for the classified signal.
The point where the compromising emanation
performance requirement (CEPR) applies. For an
electric or magnetic field emanation, the
standard measurement point is one meter from the
equipment under test. For a conducted emanation,
the standard measurement point is the design
radius. This is called the "Standard Measurement
Point," and it represents a distance similar to
that found in civilian EMI and EMC studies.
The goal of the CEPR and ERTZ is to ensure that
the signals emitting from an item of classified
equipment is below -164 dBm at a distance of 1
meter, and ideally below -174 dBm (although
signals below -150 dBm are tricky to measure
during a one week TEMPEST inspection). The
TEMPEST standards are thus based on reducing
signals below these levels, often involving
keeping a cable more then a meter away from
another cable, or keeping high threat device 3 meters away from others.
The delicate point is that the CEPR and ERTZ can
also foster a great sense of false security and a
TEMPEST Zone can completely pass a visual and
instrumented TEMPEST evaluation and yet still be
highly exploited by spies for classified signals and information.
A "TEMPEST zone" is a formally designated area
within a facility where equipment with
appropriate TEMPEST characteristics may be
operated. Once the classified equipment is
installed into this area is meticulously checked
by a CTTA with a formal instrumented and visual
TEMPEST inspection. This zone is commonly called
a "Black Vault", or "Black Room" where classified
equipment is located even though the zone will
contain RED signals, RED equipment, and RED lines
("RED" means the equipment in the "Black Vault"
is classified. This is a common point of
confusion, and as such, a "black room" should be
considered the same as a TEMPEST zone. The
isolation zone is the area immediately
surrounding the "TEMPEST Zone" of Black Vault.
Focus of Study, and Objectives
TEMPEST disciplines typically involve eliminating
or reducing the waveform of signal transients
caused by a communication signal and the
resulting harmonics or mixing of the classified
information with unclassified signals. These
signals and their harmonics could allow the
original classified signal or information to be
reconstructed and analyzed by a spy.
TSCM or Technical Surveillance Countermeasures on
the other hand deals with protecting against
hostile penetrations or manipulations by an
eavesdropper to facilitate the interception and
exploitation of classified, confidential,
privileged, or private information. It is
important to note that TSCM deals with things
that have been manipulated in some way, and
TEMPEST deals with unmodified things.
The mind-set, hypothesis, or base-line of a
TEMPEST inspector is that nothing is there until
you can prove otherwise. Their job is to stop or
limit compromising emanations and the technical
leaks of classified information that are the
results of poor equipment design, installation,
or maintenance. A TSCM inspector on the other
hand always assumes that an eavesdropper is
active or that a bugging device or hostile
manipulation is present until they can
scientifically prove otherwise. TEMPEST assumes a
proactive position on protecting classified
information, whereas TSCM involve the reactive
protection of the same information. Both
disciplines are equally important and should be engaged in a proactive manner.
C4ISR is the fusions of "Command, Control,
Communications, Computers, Intelligence,
Surveillance and Reconnaissance" into a single
operative system to permit a more cohesive flow
of critical information in a battlefield or
tactical arena. The critical components of this
are the core "Command and Control" elements. In a
modern battlefield, the commanders need as much
information available to them, on as rapid as
possible timeline. With this in mind C4ISR draws
together most of the resources on a battleship,
command post, or forward control station directly
into the hands of the people who need it most.
C4ISR system included the missions of gathering,
processing, and transmitting information, the
Command, Control, Communications, Computer,
Intelligence, Surveillance, and Reconnaissance
(C4ISR) facility contains as a minimum ten
distinguishable elements. These are the structure
or housing; electrical power generation and
distribution [both alternating current (ac) and
direct current (dc)]; non-electrical utilities;
heating, ventilation, and air-conditioning
(HVAC); an earth electrode; lightning protection;
communications systems; computer and data
processing systems; control and security systems;
and personnel support systems.
TEMPEST in a TEAPOT and HIJACK Exploits
Between the TEMPEST and TSCM fields of study
there is also an area of our field that deals
with unmodified or quasi-modified equipment and
signals, which interact with each other. This is
the case where in effect a classified signal or
classified information is accidentally impressed
onto an unclassified signal. Thus, the
unclassified signal carrying the classified data
with it is accidentally transmitted a
considerable distance allowing for eavesdropping
by those who should not possess the information.
This is usually the result of TEMPEST standards
not being rigorously followed during equipment
design, installation, and maintenance.
The investigation, study, and control of
intentional compromising emanations from
telecommunications and automated information
systems equipment that was created, provoked, or
induced by a spy is known by the code name of
"TEAPOT". An example of this would be the
positioning of a rack of two way radios need a
secure telephone, or by installing RED cable near
to a BLACK cable. This can also involve
modifications to software, to slight breaches to
the configuration of equipment.
An example of this would be a case where a cable,
which contains only unclassified radar,
navigation, or communications signals, is placed
near a cable, which carries highly classified
information. On a maritime vessel an example of
an unclassified signal would be the VHF marine
radios, the unencrypted HF (shortwave) radio
communication systems, and sections of the radar
and IFF systems. Should any of these cables or
equipment be placed near the classified systems
an eavesdropper could intercept the classified
information that was riding-on-the-back-of the unclassified signals.
Another example of this would be a warship that
downloads classified spy satellite imagery
through the onboard satellite communication
system. The problem is that the installer of the
classified system has not properly installed the
system that creates considerable TEMPEST problems
causing these signals to leak off the ship a
short distance. This is further complicated by
several cables which do not carry classified
information but which pass in close proximity to
the classified cables. Due to the unclassified
cable, perhaps being a high power antenna link
the classified information can now leak out of
the ship and be monitored by spies from dozens,
if not hundreds of miles distant.
Instrumented TEMPEST Inspections
If the instrumented inspection turns up a problem
that was major or serious then they absolutely
would have had to have performed the entire
instrumented inspection again; however, if they
were only very minor problem turned up in the
instrumented inspection the inspector could have
merely pointed out several minor faults and left
it up to a third party to resolve the issue.
If the equipment configuration was materially
changed to correct visual TEMPEST discrepancies,
or equipment or cables were moved in the area
that was inspected then the instrumented TEMPEST
inspection would have had to be repeated again
and again until all discrepancies had been fully cleared.
Given the magnitude of the problems found during
the visual TEMPEST inspections there would have
been material changes in the secure areas, cables
would have to have been re-routed, and physical
and electrical changes would have been made. In
turn, yet another, expensive follow-up instrumented test would be needed.
This is why is it so critical for all visual
discrepancies to be fully resolved before the
instrumented TEMPEST inspection is initiated as
the correction of visual deviancies may render
the prior instrumented inspection of little or no value.
It is a painful issue because with this number of
visual faults it is unlikely that the ship could
have passed the instrumented TEMPEST inspection.
The magnitude and number of the problems with the
TEMPEST on this ship are such that the
instrumented inspection SHOULD have been
re-performed from scratch. The Coast Guard had to
relocate quite a bit of equipment, and re-run
quite a bit of cables and systems to resolve the
massive faults listed in the DD250 (attachment
C), these changes would have create a number of
significant and material changes from what an
instrumented TEMPEST inspection before and after the changes would have seen.
If the initial instrumented TEMPEST inspection
identified only the instrument panel and LAN
intersection weaknesses then there is an even
bigger problem because it should have also picked
up on the faulty ground straps on the racks, the
emissions from the ARC-210 wiring, the signal
leakage from the unshielded cables, and so on. If
you find significant problems on a visual
inspection, you should also pickup on similar
problems in the instrumented measurements as well.
It is best compared to your checkbook where one
column is your credits, and one column is your
debits. If you have a loose grounding cable, it
should show up in the visual inspections, and
then once you begin the instrumented inspection
you should see the same effects of the ground
cable not being hooked up properly. On the other
hand, if the visual inspector was finding
problems at the same time the instrumented
inspector was performing the instrumented
inspections the two events could have been
interfering with each other and resulting in inconsistent results.
In the records of the first four ships there is
mention of an instrumented TEMPEST inspection
being performed, and in all four cases both the
instrumented and visual inspections failed.
In the two OIG reports, I was unable to find any
reference to the PADRE being subjected to a
second instrumented TEMPEST inspection as the
Coast Guard has contended in other documents. If
the PADRE was in fact re-inspected, who did the
inspection, and did they have any links to ICGS,
LM, GD, USCG, SPAWAR, DHS (the bigger question is
that did the agency or contractor who performed
the second instrumented inspection on the PADRE
have any bias, or benefit to the PADRE passing)?
The Coast Guard appears have issued waivers too
many of the TEMPEST requirements, gained IATO,
keyed the C4ISR systems, and then granted ATO.
This causes a problem though, because if they
were granting large numbers of waivers for
TEMPEST the waivers would be a matter of record
on the second PADRE inspection. A USCG TEMPEST
inspector is going to honor the waivers, but any
other independent TEMPEST inspector is going to
instead write up the systems as not being in
compliance with a range of NSA TEMPEST standards and documents.
The NSA requires that the equipment meet TEMPEST
standards of performance before it is allowed to
pass classified information. If the system passes
an instrumented or visual inspection, and the
ship or equipment is modified in a material way
then the instrumented test should be performed
from scratch. In order to correct, the things
found in the visual inspection there would have
been material changes made to the ship.
The method that the OIG report tries to describe
during the TEMPEST inspection is called a
"propagation study" or "walk away study" and is
performed when an instrumented inspector is
unskilled and cannot obtain a solid reading with
his instruments. He will tune a receiver to a
signal of interest and slowly back away from an
area he is examining until the reading drops
below a preset level. This is performed in all
directions around the area being protected, but
is often the best test a technician can perform
if they are limited in equipment, experience, or time on target.
It is in extremely bad form to do this, but often
it is the only way to evaluate how "dangerous" a
TEMPEST problem is. The concern that we run in to
with merely performing a "propagation study" is
that is fosters bad engineering practices, and
can conceal much more serious issues that could be exploited by a spy.
An unclassified example of a similar situation
would be a USB cable between a computer and
printer that is leaking a signal that the TEMPEST
inspector measures to be quite strong 20 feet
away from the cable. The NSA specifications will
mandate that this signal is not a problem so long
at the voltage level drop below a certain level
(we will arbitrarily say -130 dBm to set an
unclassified level), beyond a certain distance
(we will arbitrarily say 70 feet to set an
unclassified level). So if the signal measures
say -35 dBm at 20 feet away, but only -130 dBm at
70 feet away we say that the signal has been
attenuated by 95 dB over a distance of 50 feet.
If the inspector detects the signal radiating
from the USB cable, instead of performing actual
measurements to document the technical parameters
of the fault, the inspector will "back away" with
his test instruments to see if his equipment can
still pick up the signal when he is X feet way
from the cable or equipment be tested.
It is actually better to get as close as
physically possible to something that you are
trying to certify, and to be mere inches away at
the most. This depends on the signal or piece of
equipment that you are trying to measure, but as
a rule you place the test instrument antennas as
close as physically possible, and run a test
cable back a few yards so that the TEMPEST or
TSCM inspector does not pickup the signals from
the equipment he is using to make the
measurements (or even his own wrist watch).
Without disclosing any classified information I
can relate to you that classified (or RED)
equipment should not present a voltage level
greater then -174 dBm at a distance beyond 3
meters. Further, there should never be any signal
that exceeds -50 dBm within 3 meters of any
classified system, but the general rule is to
keep this -50 dBm number actually closer to -135
or even -160 dBm (which is only possible with
modern test equipment, including modern TEMPEST instruments).
It must be further pointed out that skilled
engineer (or spy) equipped with the proper
equipment, and given the appropriate amount of
time can actually find and exploit signals that are far weaker than this.
Within TSCM, TEMPEST, TEAPOT, HIJACK, NONSTOP,
JERICHO, and related disciplines of electronics
engineering we endeavor to correlate signals into
our test equipment. More specifically, we will
synchronize our test equipment to the timing
signals created inside the equipment we are
testing. We will then use this correlated signal
to "gate" our test equipment into initiating a
measurement when a certain signal threshold is
detected, observed, or expected or we will gate
the equipment to a specific time or other event.
An example of this "gating effect" or correlation
would take place in a radio, which uses Frequency
Hopping or Direct Sequence modulation techniques
or waveforms. If we know the technical parameters
of these waveforms in advance, we can program our
TEMPEST test equipment to only perform the
measurement of the equipment under test when the
Frequency Hopping signal is following a certain hopping sequence or pattern.
Another example of this gating effect would be
the timing signals used on a RADAR system or on
an IFF system where the signals appear at fixed
or highly predictable time periods. By only
taking the measurement with the TSCM or TEMPEST
instruments during these "moments of opportunity"
the effectiveness can be increased by several thousand times.
Related to this, if the spy can also determine
the timing or other parameter of an operations
system (such as RADAR, IFF, SATCOM, INMARSAT,
VHF, UHF, etc) the spy can also exploit this
gating effect to enhance his effectiveness by several thousand fold as well.
If a hot, BLACK (unclassified) signal is exposed
to a weaker RED (classified) signal the two
signals will mix and the BLACK (unclassified)
signal will now carry parts of the RED
(classified) signal. In the case of the Bluewater
cutter 500-watt IFF transponder, very high power
RADAR systems, and the strong two-way radio
systems on the ship, even the slightest leakage
in the RED (classified) equipment will cause
mixing with the black equipment signals and thus
a hemorrhage of classified information.
A typical piece of (unclassified) equipment that
would be used for this measurement would be the
DSI-1550-A
(http://www.dynamicsciences.com/client/show_product/33)
and the DSI-9000A, DS-200, DSI-110, R-1580,
R-1250, R-1180, and related equipment made by the
same company. Other companies such as
Electro-Metrics offer products such as the
EM-2100 series, and with Watkins-Johnson, we have
the venerable WJ-8999 Portable EMC/TEMPEST Test
Receivers or WJ-9195 systems, and with other
companies, we have a host of similar products of an unclassified nature.
This equipment is highly specialized test
instruments that are designed to measure
extremely weak signals levels and which can
measure a low level signals that is barely
measurable by other means. This is one of the
many pieces of equipment the instrumented TEMPEST
folks would have used, and they would have used a
wide range of related equipment resulting in
several thousand pounds of equipment being
brought to bear against the ship for these measurements.
The DSI110 for example is capable of making
measurements down to -164 dBm, and by using
signal simulators and converters; the range can
be greatly increased to well within, and below
the Johnson noise floor of -174 dBm. The test
equipment can also be triggered via a direct
connection from the equipment under test to
"gate" the measurement, which further enhances
the sensitivity. This would be combined with high
performance cables, ultra-sensitive low noise
amplifiers, oscilloscopes, computers, cables,
dozens of antennas or probes, and many hundreds,
it not thousands of pounds of support equipment.
Examples of Captured "Compromising Information" of Leakage
[For images see:
http://transportation.house.gov/Media/File/Full%20Committee/20070418PM/James%20Atkinson%20Testimony.pdf ]
Example Test Lay Out
The vast majority of this equipment can be openly
purchased on the market, and surprisingly the
U.S. Government often sells this same equipment
off on a regular basis as scrap or surplus.
There is no reason for the Coast Guard not to
have had this equipment on hand to perform their
own instrumented TEMPEST inspections, and further
no reason for ICGS and/or Lockheed-Martin to have
had this equipment on hand to perform at least
some measure of instrumented inspections prior to
the SPAWAR instrumented inspections.
Red and Black Isolation
A BLACK line, BLACK signal, or BLACK system is
one in which no classified information is
present, and onto which no classified information
can leak or can be manipulated to cause the
leakage of classified information. If a signal of
message is intercepted off of a black system or
line, it will not divulge any classified national
security information if recovered and analyzed by a spy.
RED lines, RED signals, RED components, RED
modules, and RED systems are those, which handle
highly classified national security information.
Should any weakness or flaws of any type in a RED
system take place the results could be
devastating to the national defense as classified
information could be leaked to spies.
RED/BLACK isolation is part of the concept that
electrical and electronic circuits, components,
equipment, and systems. Thus, RED signals which
national security information or unencrypted
language, and unclassified information in
electric signal form (RED) be separated from
those, which handle encrypted or non-national
security information (BLACK). Under this concept,
RED or BLACK terminology is used to clarify
specific criteria relating to, and to
differentiate between such circuits, components,
equipments, systems, etc., and the areas in which they are contained.
Perpetual Vigilance
TEMPEST and TSCM both require extreme attention
to detail, and aggressive, perpetual vigilance.
The slightest flaw in classified equipment
design, installation, or maintenance can be, and
frequently have been exploited by foreign
intelligence agency. Spies aggressively seek out
the technical weaknesses in our ciphering
systems, our classified information systems, our
computers, and our intelligence systems.
When one of our government agencies is asleep at
the wheel, only bad things can happen. When
inspection reports are falsified bad things can
happen. When government agencies start passing
responsibility to other parts of the government
and not owning up to their own inter-agency
responsibilities only bad things can happen. When
the leadership of a government agency ignores
their responsibilities to glad-hand the agencies
contractors only bad things will result. When
there is malfeasance in the leadership of a
military or civilian agency and the government
contractors take advantage of that malfeasance to
gouge the government and provide them with flawed
goods and serves then only bad things can happen.
The men and women of the Coast Guard have a
difficult and critical job to perform on behalf
of the public. They save lives, they defend our
maritime ports, and they perform drug
interdictions, ensure safe maritime transport,
and are responsible for the security of our port
and waterways. The Coast Guard needs solid and
stable ships so that they can engage in a wide
range of mission to defend this country and
ensure the safety of the public. When the safety
and lives of service members of the Coast Guard
is at risk, so is the safety and lives of every member of the public.
Several of the missions of the Coast Guard
requires that it has immediate access to
classified information via a classified network
called SIPRNET, but access to this classified
network and the information must be tempered with
great control and oversight. To maintain this
control and oversight a series of standards have
been developed which first address the actual
hardware through which this network communicates,
and then a second set of standards that dictates
a standard of performance for the software, which
operates on the hardware. TEMPEST standards that
apply to the hardware part of the equation
rigorously dictate the performance characteristic
of all equipment used to engage in classified
communications, which includes all Coast Guard
assets with access to classified systems.
The Coast Guard must be perpetual vigilant not
only in regards to search and rescue missions,
but also must be equally aggressive with
protecting classified information, classified
networks, and classified communications systems.
Much the same way that a minor error during a
Coast Guard search and rescue mission can lead to
the death of someone they have been sent out to
rescue, a seemingly insignificant installation
error, or lack of aggressive oversight of TEMPEST
on a Coast Guard asset can be far more
devastating and can cause suffering and death on
a national level. It can also be something as
simple as a cable not being properly routed, or a
lock washer not being of the correct type, and
mounting bolts not being torque down properly, or
threads on a bolt not being cleaned.
Our foreign adversaries want to steal our
secrets, and they have considerable resources to
facilitate such thefts. Foreign countries are
actively spying on us, and aggressively trying to
steal our secrets. The only defense against this
constant threat is perpetual vigilance, and
aggressive, and pro-active protection of
classified systems. This nation will not survive,
nor will it endure unless we can protect these systems.
DD250 and Acceptance Documents
A DD250 form is a standardized "Material
Inspection and Receiving Report" that a
contractor fills out prior to developing an asset
to the government. On this document, the
contractor lists the prices that the government
will pay for the asset, and will list incidental
charges that they may have incurred such as
charges for special testing, special supplies on so on.
Once an authorized representative (or a group of
representatives) has inspected the asset, the
document is signed on behalf of the government,
the asset is formally accepted, and the
contractor can be paid for the asset, which they
are selling the government, or for the work,
which they performed on the governments' behalf.
It is customary for the DD250, or a document
attached to the DD250 to include a list of all of
the flaws that may have been discovered during
the government inspections, or systems that may
not have been fully functional or installed on
the date that the asset was delivered to the
government. This allows the government to
withhold a reasonable amount of the money that is
due the contractor until after the problem is
resolved or the missing equipment installed.
Attached to the DD250 will usually be some type
of formal document or "Certificate of
Conformance" prepared by the contractor in which
they promise that they complied with all of the
contract requirements, adhered to the
specifications, and providing the asset in the
condition in which the government ordered it.
It is inevitable that a complex asset such as a
ship, submarine, or aircraft will have some minor
issue on the date of acceptance both the
government and the contractor will work together
and endeavor to correct these deviancies so that
the contractor gets fully paid the withheld
funds, and the government has a fully operational
asset. Examples of deviancies would be radios
which do not work, light bulbs that are burned
out, propeller shafts that wobble, cables not
being properly secured, and other issues that are
caused by either shoddy workmanship, defective
materials, or a combination of a lack of oversight or weak project management.
The DD250 will also have as an attachment the
results of specialized testing required by the
government, or specialized certifications, which
are required as, part of the acceptance process.
An example of this is that an asset, which passes
or accesses classified communications networks
must pass a series of classified, tests to
include NONSTOP evaluations, HIJACK studies,
TEMPEST evaluations, and TSCM inspections.
The most basic, and most critical of these tests
which would take place prior to the DD250 being
completed, and the asset being accepted by the
U.S. Government, would be the operational testing
and inspection of all communication equipment,
and the completion of both a physical, visual,
and instrumented TEMPEST inspection. Once the
asset has been accepted and all of the
deficiencies corrected the asset would be fully
transferred into government control and
additional signal testing. This would include,
but not be limited to additional TEMPEST testing,
HIJACK studies, NONSTOP countermeasures, and TSCM
inspections, which are difficult, or impossible
to perform unless the ship or other asset
construction was completely finished and all the
prior problems or discrepancies fully resolved.
At this point the government would authorize the
asset (in this case a ship) to have an IATO or
"Interim Authority to Operate" which means that a
limited amount of classified information or
equipment could be brought onto the asset to
facility further testing, and to initiate
shakedown or seaworthiness testing. An example of
this would be ciphers and codes that would be
needed to permit the radios to pass classified
communications, and to permit classified testing to take place.
Classified testing, or the testing of classified
systems would then be undertaken under the IATO,
and once completed and all problems noted during
the classified testing were resolved the
contractor would receive their funds that had
previously been withheld, and the government
agencies to whom the asset belongs would issue
the Final Authority to Operate or ATO.
The time between the DD250 being signed and the
asset being accepted by the government, and the
final ATO being issued is a major liability for
the government. The longer the duration of this
time the greater the problems are with the asset.
If, for example, the government accepts a ship,
but the ATO is not granted until two years later,
the ship has essentially been sitting unused
while the deviancies where corrected. The length
of this delay is also a key indicator of the
competence of the contractor, and the oversight
and effectiveness of the government contracting office.
My professional opinion for the ideal situation
is for the contractor not be paid the final 30%
of any contract until the asset in delivered in
full (with zero discrepancies or shortages), the
asset is then formally accepted by the
government, testing by the government is fully
completed, and all deviancies resolved by the
contractor to the governments satisfaction in a reasonable amount of time.
Contactors struggle to deliver assets as quickly
as they can, but in so doing, details are other
missed, or standards and contracts are not
complied with. In a rush to complete a
multi-million, or even multi-billion dollar
project the contractor may well cut corners or
falsify test results to get the government to
accept the asset before work is actually complete
and in turn to receive the bulk of the money they
are due for the project. The contractor then
lists the incomplete work on the DD250, and the
government inspectors then document those
additional things, which the contractor failed to
mention. This permits the contractor additional
time to complete the work after the acceptance,
which should have actually been completed PRIOR
to acceptance that sadly, this is a type of soft
procurement fraud on the part of the contractor.
Ships That May Leak Secrets Things
To be very specific, prior to the Coast Guard
taking delivery of the USCG Cutter Matagorda the
USCG TEMPEST Program Manager and the Navy SPAWAR
TEMPEST Authority initiated a visual and
instrumented TEMPEST inspection of the Matagorda.
The cost of this inspection is listed in the
DD250 for this ship on page 2, as line item 55-5 in the amount of $121,000.
On examination of the DD250, in attachment C to
the ICGS Certificate of Conformance, exceptions
listed for incomplete or defective services or equipment were noted in detail.
Examples of the significant number of exceptions
or failures found on the USCG Cutter Matagorda
were engine control cables not working properly,
massive failures of the TEMPEST requirements,
security cameras not being properly mounted,
communications systems being inoperative, power
supplies and wiring being defective and highly
hazardous PVC jacketed wiring being used aboard the ship.
In lieu of resolving some of these problems, the
exceptions (failures) were simply overlooked, and
waivers were granted, not only on the Matagorda,
but on the other ships as well. Instead of
removing the hazardous PVC cables, a waiver was
issued to keep them on board, and thus to recklessly endanger the crew.
Instead of correcting, the TEMPEST failures and
performing a second instrumented inspection the
Coast Guard neglected to perform the second
instrumented inspection that was mentioned in
attachment C, and instead just made token changes
and issued waivers for the rest of the problems.
This pattern of behavior is also seen in the
other ships where follow-up instrumented
inspections were not completed after the first
inspections failed, or the initial instrumented
inspections were never performed at all.
In that case, of one ship (PADRE) a follow-up
instrument TEMPEST inspection was only initiated
after a Department of Homeland Security -
Inspector General Investigation was initiated to
investigate fraud within the contracting and
delivery of these ships. It is unclear as to who
performed the second instrumented TEMPEST
inspection on the PADRE, but it does not appear
that it was a government entity.
TEMPEST Problems within the 123' Deepwater Cutter/Patrol Boat Program
Matagorda (1303)
TEMPEST Inspect: 24-Feb-04 (failed) [Initial Instrumented SPAWAR Sweep]
Delivered: 01-Mar-04
Authority to Operate: 14-Oct-04
TEMPEST Inspect: 19-Dec-04 (failed again, 29 unresolved problems)
Date Entered Service: 07-Sep-05
TEMPEST Inspect: 03-Aug-05 (failed again,
14 significant unresolved problems)
DHS-OIG Report: 11-Aug-06 (Uncovers failures on many systems)
123" Shutdown: 30-Nov-06 (Coast Guard finds cracks in all 8 ships… they leak)
DHS-OIG Report: 09-Feb-07 (Uncovers Massive Project Failure)
Attachment C of the 1st DD250 (Matagorda)
specifies a SPAWAR TEMPEST Instrumented Survey
must be re-performed (this would have been the
SECOND instrumented survey) after the first instrumented inspection failed.
Further, there was absolutely no plan in place
for the TEMPEST element of this project prior to
the acceptance of this ship on 01-Mar-04, and no
plan of action until after the government TEMPEST
inspections failed miserably during the inspection in February of 2004.
However, in the cases of the three ships
delivered after the acceptance of this first ship
the contractor began charging the government
$5,000 to provide a "TEMPEST POA&M", which means
that the government and the contractor had no
plan in place for the first ship, but that such a
plan was put in place after the fact for the second, third, and fourth ships.
The notable issue with the first ship (Matagorda)
is that it was the only ship on which an actual
instrumented TEMPEST inspection was performed
prior to acceptance. The cost in line item 55-5
of the Matagorda DD-250 shows a charge of
$121,000 and reflects that a SPAWAR TEMPEST
inspection team was onsite for 7 days to survey the vessel.
Typically (but not always) this is a 6 man team
with a man hour requirement of 300 to 350 man
hours on site for a vessel of this size and
complexity, plus prepatory time, report writing,
and expenses. The industry standard for a
government or contractor TEMPEST team is $2500
per man-day, plus all expenses, and per diem.
However, the TEMPEST inspection can also be
performed by only 2-3 people if they are highly
skilled and properly equipped, but most U.S.
Government TSCM, TEMPEST teams and CTTA's tend to
be ill equipped, and ill staffed.
A TEMPEST team can also involve several dozen
people, with only 2-3 members actually doing the
work. It is even more disturbing because the
"actual talent" of a TEMPEST team is often just
one person (the CTTA) who is taking the
measurements, then 1-2 extra people to adjust
antennas, switch cables, and twirling knobs, and
then a group who sort of stands behind the scenes
in support functions of the small number of
people who are actually doing the inspection.
It is quite possible for a small team of only two
skilled engineers using the proper equipment to
perform an instrumented TEMPEST inspection of a
vessel of this size and complexity in as little
as 7 days, although most of the work will be
performed by computer controlled test equipment
that merely needs a human to baby sit the
equipment and periodically move a cable or to adjust an antenna.
If in fact, SPAWAR provided a smaller two man
instrumented inspection team (or even a single
engineer) the expense of $121,000 is extremely
excessive and should have been about a quarter of this amount, or less.
There needs to be a detailed break down of the
charges for the initial $121,000 that was spent
on the 7-day TEMPEST inspection. For example, how
much was spent of travel, how much on freight,
how much for actual on-site measurements, how
much was spent off site, how much time was a
spent writing report, and so on. All of this
information is totally unclassified, but it will
help to prove/disprove that the instrumented
tests were falsified or not. For example, if the
SPAWAR CTTA came out from San Diego there would
be a charge for his and his teams airplane
ticket, and there would be freight charges for
shipping his (several tons) of equipment out to the shipyard.
The delicate issue here is that the Coast Guard
did the visual TEMPEST inspection, but the
instrumented TEMPEST team was from SPAWAR (Navy),
and it was the Coast Guard TEMPEST program
manager who found the various serious visual
TEMPEST compliance problems and who performed the
VTI (Visual Tempest Inspection). We see that the
USCG inspector was performing a 3-day visual
inspection during the same time that the
instrumented inspection by SPAWAR was being
performed, which is highly irregular.
If the Coast Guard TEMPEST program manager were
not capable of performing the instrumented
TEMPEST inspection without the assistance of
SPAWAR, then he would have been unqualified to
perform the visual inspection as well, and
certainly not qualified to issue waivers in regards to TEMPEST matters.
Normally a visual inspection will be performed
well in advance of the instrumented inspection is
started, not performed at the same time. In fact,
the USCG TEMPEST program manager should have made
a number of inspections of the ship several times
during the build-out months before the acceptance
date, and would have visited the ship during the
final instrumented TEMPEST inspection
(pre-acceptance). Further, the USCG TEMPEST
program manager would have been on hand from the
time the very first designs for the ship came off
the drawing board, and would have inspected the
ship dozens of times while it was being built out.
On review of the initial blueprints for this
ship, and ships that followed it the Coast Guard
program manager would also have discovered
several glaring design flaws in that way that
racks and panel had been located, and would have
discovered that the certain systems were not
being properly isolated from other systems.
Should the USCG TEMPEST Manager have actually
inspected the wiring, shielding, bonding,
grounding, and other systems during the build out
many of the TEMPEST problems would have been
identified and corrected well before the SPAWAR
TEMPEST instrumented testing. The program
manager's periodic visits and implementation of
the immediate corrective measures may have slowed
the production cycle down a bit, but there would
not have been such a huge number of flaws
detected during the instrumented inspection, and
what appears to be a fairly ugly failure of both
the visual and the instrumented inspection.
As a result of the TEMPEST program manager, not
performing these periodic inspections the
contractor was paid for incomplete and defective
work, and the ship failed its first instrumented
TEMPEST inspection. As there was no plan of
action and milestones laid out in advance for
this project, there could not have been an
implementation of a plan that did not exist.
This serious bungling of the scheduling of the
TEMPEST inspections appears to be a trend that
was following into the other ships as well, and
not a situation isolated to just this first ship.
Towards the end of the Matagorda's DD250
documents, it states "TEMPEST re-inspections will
not be required if Matagorda's C4ISR
configuration is the same as the 123 class vessel
tested in Step 2". Sadly, the TEMPEST inspector
appears to be saying that if all of the flaws
found are resolved that they do no need to come
back in for another (expensive) instrumented
re-inspection. Nevertheless, this is a serious
problem because if you fail a visual or
instrumented TEMPEST inspection due to equipment
not being installed correctly, you have to
correct the error, and then completely repeat the
entire TEMPEST inspection. Now if the equipment
does not change, then there is no reason to
repeat the TEMPEST inspection as the results will
be the same as the original inspection. The
document also contradicts itself in also stating
that the instrumented TEMPEST survey needed to be repeated by SPAWAR.
This is an example of the "double speak" that was
observed throughout the Coast Guard documents on
this matter. For example, the TEMPEST inspector
is saying that you must repair several problems,
but that the TEMPEST inspection does not need to
be repeated so long as the equipment is
unchanged. If the equipment is in fact modified
(by so much as a single wire) then the whole
inspection has to be performed again. So, the
TEMPEST inspection team is telling the Coast
Guard to go away and stop bothering them, but
they are couching their wording in such a way so
as not to tip off USCG leadership as to the
severity of the problem, or in other words, they
are using "double speak" to conceal a very
dangerous and very significant problem.
The DD250 for this ship further conflicts with
itself where a second instrumented TEMPEST
inspection was ordered to be performed by SPAWAR,
but there is no record that this second
inspection ever took place, and records created
since the government accepted this ship indicate
that to second instrumented inspect has yet taken place.
It is my professional that the MATAGORDA was not
capable of passing both a visual and instrumented
inspection, and that the failures of the tests
meant that it could not get IATO. So they fixed
a few things, and it failed the TEMPEST
inspections yet a second time, so they issued
waivers, and ram-rodded the IATO (illegally),
loaded up classified information (illegally),
performed classified testifying (illegally), the
then got full ATO (illegally), and continued to
operate (illegally) until pulled out of service due to hull cracks.
The MATAGORDA had TEMPEST waivers for any visual
discrepancies that were not corrected. There was
not a re-test. MATAGORDA Visual TEMPEST
Inspection (VTI) was conducted 19-21 February
2004 and produced a list of discrepancies. The
Instrumented TEMPEST Survey (ITS) for USCG Cutter
MATAGORDA was conducted 18 to 24 February 2004
and the result of the survey is classified SECRET.
MATAGORDA was first given Interim Authority to
Operate (IATO) on 14 October 2004 and Authority
to Operate (ATO) on 19 January 2005. (Note: IATO
followed the COMOPTEVFOR Operational Analysis
Assessment (OAA) by approximately 3 weeks.) IATO
or ATO cannot be granted if there are any
compromising emanations. Specific results cannot
be discussed as they are documented in the
classified instrumented survey report.
In October 2004, when IATO was granted, MATAGORDA
had outstanding discrepancies from her
VTI. Visual inspection discrepancies may be
waived if, in fact, there are no compromising
emanations noted by the ITS. The Secure
Electrical Information Processing System was
again inspected by Mr. Ronald T. Porter of the
Coast Guard Telecommunications and Information Command on 19 December 2004.
The Coast Guard 123 WPB class TEMPEST waivers
were established by TISCOM on 12 July 2005.
(TISCOM Memorandum 2241). An example of a waiver
was for an unclassified radio located within 3
meters of classified servers. This was
identified as a discrepancy during visual
inspection. The waiver is appropriate since a
WPB is a small ship and does not have a large
communications room or combat information center
(as you would find on a Navy ship or larger Coast
Guard cutter) - the size of the communications
room on a WPB-123 is only approximately 3 meters
by 2.5 meters. This physical size makes it
impractical to provide the 3-meter
separation. The TEMPEST instrumented survey
results were sufficient so the visual inspection
discrepancy should be (and was) waived.
The only reason that the ships "passed" and got
ATO is that all of the serious problems got
waivered, but not actually corrected.
It is all about smoke, mirrors, and misdirection.
Metompkin (1325)
Delivered: 13-May-04
TEMPEST Inspect: 04-Aug-04 (one unresolved problem)
Date Entered Service: 03-Mar-05 (began service before being issued ATO)
Authority to Operate: 06-Apr-05
123" Shutdown: 30-Nov-06 (Coast Guard finds cracks in all 8 ships… they leak)
DHS-OIG Report: 09-Feb-07 (Uncovers Massive Project Failure)
Attachment D of the 2nd DD250 (Metompkin)
mentions that a SPAWAR instrumented inspection
was performed, but there is no mention that
SPAWAR specifically had to perform the future
instrumented inspections, nor is it mentioned
that additional instrumented inspections would be required.
It also appears that there is a falsified
documents listed as Attachment D on this DD250,
where there appears to be a claim that
instrumented TEMPEST inspections took place when
there is evidence in other documents that these
inspections did not take place. Records appear to
have been either falsified the doctored.
The acceptance date was just over two months
after the Matagorda and there does not appear to
be a charge on the DD250 for an instrumented
inspection, but there is a charge of $5,000 to
prepare a TEMPEST "Plan of Action and Mile
Stones" of POA&M, plus a charge of $3,000 for the
"classified testing" which would actually have
been the preparation of a POA&M for the TEMPEST
and classified testing, not the actual testing itself.
Further, into the TEMPEST issues resolution and
classified testing segment of the Metompkin there
are comments that would lead someone reading the
report to suspect that an instrumented inspection
was performed, but since there is no charge for
such an inspection on the DD250 the instrumented
inspection may have been falsified after the
massive failure of the first ship. Since the
Visual and Instrumented TEMPEST inspection both
failed, the "classified testing" could not take
place as ciphering or keying materials (KEYMAT)
could not be loaded into a suspect system that
was or could be leaking classified information.
The "TEMPEST visual inspection" of the Metompkin
was performed independent of an instrumented
inspection (as it should be), but the charges for
an instrumented inspection does not appear on the
DD250 for this ship, and as such it is likely
that no such instrumented survey ever actually took place.
On Metompkin there is an $8000 holdback to
resolve the major three TEMPEST problems.
However, if the cost of making these repairs
exceeds the held back money (which it does) it is
common for the contractor to merely absorb the
$8,000 as a loss instead of throwing good money
after bad. This means that the USCG would have to
pay the many thousands of dollars to resolve the
problems, and merely not pay the contract to held
back $8,000 as liquidated damages.
Unless a documents can be found the specifically
states that all of the visual and cabling items
were resolved, that it passed a second visual AND
instrumented inspection you should assume that
the ships leak secrets, and you should assume
that the original TEMPEST inspections were either
falsified or the records doctored.
The Metompkin does not appear to have had an
instrumented TEMPEST inspection performed, but
does appear to have had a visual inspection
performed. This would have been in-line with
SPAWAR CTTA possibly rebuking the USCG TEMPEST
Program Manager over wasting their time for not
having completed a visual TEMPEST inspection
completed prior to scheduling an instrumented inspection.
Most, but not all TEMPEST and TSCM specialists
tends to be extraordinarily attentive to even the
slightest technical details, and are absolutely
obsessed with following rigid rules and
guidelines for these kinds of inspections, and
keeping a tight hold to the technical
specifications and guidance under which they
operate. The technicians and engineers in these
professions recognize the gravity of that they
are trying to protect, and the grave consequences
of equipment that leaks secrets.
On the Metompkin, the DD250 bill in incomplete.
The question that needs to be resolved is the
possibility that the charge for the instrumented
was not individually noted -- but the holdback of
$8000 was noted (pending correction of the
deficiencies noted in the instrumented inspection).
In the Navy OAA II document dated 27-Apr-2005, on
page 2 of the chart (item 1.4), second square
down on the right-hand side, there is a
description of on-going problems with the LTP
(local tactical picture) and COP (common
operational picture, to the extent that the
system was not yet approved for classified
communications and could not be used for actual operations.
The Navy OAA II report further details in line
item 1.11 (page 4) that the cutter was unable to
pass TEMPEST testing and that as a result it was
unable to obtain access to classified or sensitive information.
I have very carefully studied the documents
received to date, and in my opinion, the faults
found on the visual inspection are truly
appalling. The contractor must know that they
cannot offer this kind of shoddy workmanship on a
U.S. Government asset. For example, the placing
of the IFF cable into the same area as the
classified data lines could have resulted in a
massive breach of classified materials as the
signals from this IFF cable would have mixed with
the classified signals and carried them quite
some distance from the ship. Had this not been
caught by the visual TEMPEST Inspection it could
have results in an enormous leak of highly
classified information that would have affected
not only this ship, but also all ships, and all aircraft in the U.S. Inventory.
The contractor who performed all of this work,
and the Coast Guard people responsible for the
pre-acceptance inspections (pre instrumented
TEMPEST inspections) are grossly at fault here,
and their careless disregard for the protection
of classified information presents a serious
liability to our national security.
Padre (1328)
Delivered: 24-Jun-04
TEMPEST Inspect: 28-Jan-05 (failed, 11 unresolved problems or "waives")
Authority to Operate: 22-Jun-05
Date Entered Service: 22-Mar-05 (began service before being issued ATO)
123" Shutdown: 30-Nov-06 (Coast Guard finds cracks in all 8 ships… they leak)
DHS-OIG Report: 09-Feb-07 (Uncovers Massive Project Failure)
The "TEMPEST visual inspection" of the Padre was
performed independent of an instrumented
inspection (as it should be), but the charges for
an instrumented inspection does not appear on the DD250 for this ship.
There also appear to be only a single visual
inspection of the PADRE that took place just
prior to the acceptance, and not a series of
inspections at specific milestones along the build out.
Attachment D of the 3rd DD250 (Padre) mentions
that a SPAWAR instrumented inspection was
performed, but there is no mention that SPAWAR
specifically had to perform the future
instrumented inspections, nor is it mentioned
that additional instrumented inspections would be required.
It also appears that there is a falsified
documents listed as Attachment D on this DD250,
where there appears to be claims that the
instrumented TEMPEST inspections took place when
there is every evidence found in other documents,
that these inspections did not take place but
were instead either falsified or the record doctored.
This ship also entered service before is had been
granted an official Authority to Operate, which
indicates that the ship may have had classified
materials on board and was passing classified
traffic and connecting to classified networks,
but that it was not legal for it to have such access.
Further this ship was later the subject of an
Inspector Generals investigation, and was
submitted for its first instrumented TEMPEST
inspection, but there seems to be some confusions
to the issue of a fully instrumented inspection
taking place by an independent inspector, or if
the instrumented inspection was hindered by
waivers that permitted an otherwise defective
ship to pass the inspection, but still to be leaking classified information.
Attu (1317)
Delivered: 02-Aug-04
Authority to Operate: 14-Oct-04
Date Entered Service: 12-May-05
TEMPEST Inspect: 03-Aug-05 (failed, 15 unresolved problems)
123" Shutdown: 30-Nov-06 (Coast Guard finds cracks in all 8 ships… they leak)
DHS-OIG Report: 09-Feb-07 (Uncovers Massive Project Failure)
The "TEMPEST visual inspection" of the Attu was
performed independent of an instrumented
inspection (as it should be), but the charges for
the instrumented inspection does not appear on the DD250 for this ship.
Attachment C of the 4th DD250 (Attu) mentions
that a SPAWAR instrumented inspection was
performed, but there is no mention that SPAWAR
specifically had to perform the future
instrumented inspections, nor is it mentioned
that additional instrumented inspections would be required.
It also appears that there is a falsified
documents listed as Attachment D on this DD250,
where their appears to be claims that an
instrumented TEMPEST inspection took place when
there is evidence in other documents that these
inspections did not take place but were instead
either falsified or the record doctored.
Nunivak (1306)
Delivered: 14-Feb-05
TEMPEST Inspect: 07-Sep-05 (5 unresolved problems)
Authority to Operate: 10-Feb-06
Date Entered Service: 24-Mar-06
123" Shutdown: 30-Nov-06 (Coast Guard finds cracks in all 8 ships… they leak)
DHS-OIG Report: 09-Feb-07 (Uncovers Massive Project Failure)
The Nunivak DD250 does not contain any charges
for a TEMPEST POA&M, or for any classified training.
The DD250's for this ship does not contain any
mention of, schedules for, charges in regards to,
or any indication that TEMPEST or TEMPEST related
work, surveys, or planning was every undertaken, completed, or even discussed.
There is a very high probability that this ship
was never approved for legitimate classified
equipment, codes, ciphers, or to access the
classified systems of other agencies. The ship
would have essentially of no value in support of the Coast Guard mission.
There also appears to be a number of TEMPEST
waivers that the Coast Guard issued as a method
of making the problems go away on paper, but not
in real life, and that the ship may have in fact
been illegally gaining assess to classified
systems via insecure equipment if such were being made from the ship.
Vashon (1308)
Delivered: 09-Mar-05
TEMPEST Inspect: 17-Mar-05 (failed, 5 unresolved problems)
Authority to Operate: 10-Feb-06
Date Entered Service: 08-Aug-06
123" Shutdown: 30-Nov-06 (Coast Guard finds cracks in all 8 ships… they leak)
DHS-OIG Report: 09-Feb-07 (Uncovers Massive Project Failure)
The DD250's for this ship does not contain any
mention of, schedules for, charges in regards to,
or any indication that TEMPEST or TEMPEST related
work, surveys, or planning was every undertaken, completed, or even discussed.
There is a very high probability that this ship
was never approved for legitimate classified
equipment, codes, ciphers, or to access the
classified systems of other agencies. The ship
would have essentially of no value in support of the Coast Guard mission.
There also appears to be a number of TEMPEST
waivers that the Coast Guard issued as a method
of making the problems go away on paper, but not
in real life, and that the ship may have in fact
been illegally gaining assess to classified
systems via insecure equipment if such were being made from the ship.
Monhegan (1305)
Delivered: 03-Oct-05
Authority to Operate: 10-Feb-06
TEMPEST Inspect: 03-Nov-06 (failed again, 19 major problems)
123" Shutdown: 30-Nov-06 (Coast Guard finds cracks in all 8 ships… they leak)
DHS-OIG Report: 09-Feb-07 (Uncovers Massive Project Failure)
Date Entered Service: Not Operating, Never Actually Used
The DD250's for this ship does not contain any
mention of, schedules for, charges in regards to,
or any indication that TEMPEST or TEMPEST related
work, surveys, or planning was every undertaken, completed, or even discussed.
There is a very high probability that this ship
was never approved for legitimate classified
equipment, codes, ciphers, or to access the
classified systems of other agencies. The ship
would have essentially of no value in support of the Coast Guard mission.
There also appears to be a number of TEMPEST
waivers that the Coast Guard issued as a method
of making the problems go away on paper, but not
in real life, and that the ship may have in fact
been illegally gaining assess to classified
systems via insecure equipment if such were being made from the ship.
Manitou (1302)
Delivered: 13-Jan-06
TEMPEST Inspect: 23-Jan-06 (failed again, 14 unresolved problems)
Authority to Operate: 10-Feb-06
Date Entered Service: 05-Apr-06
123" Shutdown: 30-Nov-06 (Coast Guard finds cracks in all 8 ships… they leak)
DHS-OIG Report: 09-Feb-07 (Uncovers Massive Project Failure)
The DD250's for this ship does not contain any
mention of, schedules for, charges in regards to,
or any indication that TEMPEST or TEMPEST related
work, surveys, or planning was every undertaken, completed, or even discussed.
There is a very high probability that this ship
was never approved for legitimate classified
equipment, codes, ciphers, or to access the
classified systems of other agencies. The ship
would have essentially of no value in support of the Coast Guard mission.
There also appears to be a number of TEMPEST
waivers that the Coast Guard issued as a method
of making the problems go away on paper, but not
in real life, and that the ship may have in fact
been illegally gaining assess to classified
systems via insecure equipment if such were being made from the ship.
123' Cutters Present a "High Risk"
In a letter to Congress (attached Rupprecht
letter dated 13-Apr-07), the Coast Guard admits
the 123' class of cutters represented a "high
risk" for physical connectivity in regards to
TEMPEST, COMSEC and related technical security
disciplines. Essentially, the first four cutters
failed inspections, and were deemed a TEMPEST and
COMSEC hazard. While the Coast Guard resolved
several of these issues that created the initial
test failures, other problems where simply ignored, or were issued waivers.
The issuing of these waivers circumvented the
TEMPEST inspection failures, and rather then
resolving the TEMPEST issues, the Coast Guard
merely pretended that they did not exist to
"certify" the cutters. This allowed the Coast
Guard the tell SPAWAR that the cutters now were
certified, and as such they could now handle
classified information, even though this was a "high risk" proposition.
By permitting the Coast Guard to certify their
own assets, a very dangerous situation has
developed that endangers national security. If
these problems are present in the 123' cutter,
Deepwater program they are likely present in
other Deepwater and related programs as well.
I would encourage the government to freeze all
work, on all ships or projects the Deepwater,
firms are involved in until competent inspectors
can get on-board and rigorously review the work
that has been performed to date to ensure that
ships will pass both rigorous a visual TEMPEST
and instrumented inspection without waivers,
falsified test results, or doctored documents.
Further, I would strongly recommend that the
ships that were previously built by this firm be
carefully reviewed in regards to both visually
and with instrumented TEMPEST inspections to see
if previous problems have been corrected, or if
indeed any of them have actually fully passed as opposed to being waivered.
This is a very, very grave situation, and a waste
of $64 million dollars that the Coast Guard could
have used for better things… please do not let it continue.
An Organized Pattern of Malfeasance
This pattern of malfeasance and oversight problem
can be explained is the following way.
1) There was never a plan to have these ships
pass a TEMPEST inspection in place when the ships
where being built, nor considered when the
initial contracts and blueprints were drafted.
2) When the ships were built the classified
communications systems were installed in a
haphazard manner, with little or no regard to
industry and/or U.S. government standards.
3) The configuration of the equipment,
positioning, shielding, bonding, and grounding
did not comply with that required to protect classified information systems.
4) These ships leak secrets, and based on the
documents, which I have examined and some of
which are attached to this document I, feel that
they continue to leak secrets to this day.
5) Just prior to acceptance several of these
ships were subjected to a visual and instrumented
TEMPEST inspection, and in all cases, the ships
failed both the visual and the instrumented inspections.
6) The contractor has not completed the remedial
actions required for the ships to pass either a
full visual or an instrumented TEMPEST inspection.
7) As such the ships are not allowed to have
classified ciphering materials, scramblers,
classified software, or classified operating
systems on board as adding these systems to the
ship would result in the unauthorized disclosure of classified information.
8) The ships have to fully clear both a SERIES of
visual inspections during build out, then a
simulator inspection (which is often not
performed), then an instrumented inspection, and
they apply for a interim authority to operate,
and with this IATO they can load the ciphers and
software that will allow them to pass classified
information into the C4ISR systems on-board the ships.
9) But, this assumes that the C4ISR systems
themselves have been deemed secure independent
from the TEMPEST testing. TEMPEST deals with the
hardware side of the problems, but the C4ISR
systems must also pass a series of standards that
deals with finding backdoors in the computers and
evaluating weak points in the software and
firmware. There is significant documentation that
the systems on board these ships also failed the
software security examinations as well as the TEMPEST inspections.
10) Once everything passes the actual authority
to operate (ATO) is granted, the C4ISR systems
becomes live with classified signals and data,
and the next phase of testing can be undertaken.
11) At this point you would normally perform
NONSTOP evaluations and search for any HIJACK
vulnerabilities (you have to have classified data
and all communications systems usable and data
seamlessly flowing to do this,) and would then begin the classified testing.
12) Once the government fully takes over the
ship, but before it is dispatched on a real-world
mission the ship would normally be subjected to a
TSCM or Technical Surveillance Measures
inspection to ensure that no eavesdropping
devices are present. During this TSCM inspection,
the TEMPEST inspection would be repeated to
include the visual and instrumented inspection
that would be far more rigorous then the original TEMPEST inspections.
13) It would be highly desirable for the TSCM
team, and the TEMPEST inspectors involved in
these final series of inspections to not have any
prior involvement in prior Deepwater ships, no
links to ICGS, and no links to Lockheed,
Mind Set
The mind-set of a TEMPEST inspector is that
nothing is there until you can prove otherwise.
Their job is to stop or limit compromising
emanations and the technical leaks of classified information.
A TSCM inspector on the other hand always assumes
that an eavesdropper is active or that a bugging
device is present until they can scientifically
prove otherwise. As you can see a TEMPEST,
inspection has a different assumption then that
of a TSCM inspection that is why both need to be
performed before a vessel is operated in earnest.
The Bottom Line
These ships have since been decommissioned due to
the hulls cracking and water leaks, due to a
poorly designed modification and shoddy
workmanship. There is good reason to believe
they will never be in service again. Once the
hulls cracked, all efforts to resolve the TEMPEST
problems appear to have been completely suspended.
The Coast Guard now has eight worthless ships,
for which they wasted $64 million dollars… how
much money have they wasted on other assets that
do not work, and will the new National Security
Cutter be as equally a monumental failure… will
it actually float, or will it too develop huge
cracks in the hull and massive leaks of classified information?
Recommendations
Salvage all usable electronics, tactical, and
mechanical equipment from all eight cutters.
Sell the stripped ships for scrap metal
Demand a partial refund of monies from ICGS, and
consider DLA debarment proceedings the responsible contractors for fraud.
Immediately suspend all projects associated with
ICGS and with Lockheed Martin in regards to the
Deepwater program until all Coast Guard assets
have been completely brought up to par, and
completely re-inspected from scratch.
Request that this Committee and the U.S.
Department of Justice investigate the faulty
workmanship that caused the hull cracks, and all
other shoddy workmanship present on this project,
and that criminal proceedings be undertaken should such be warranted.
Request the U.S. Department of Justice
immediately initiate a counterintelligence
investigation into the TEMPEST flaws on these
ships to determine if these flaws were the result
of the efforts of a foreign government, or merely
just shoddy design and workmanship.
Request the U.S. Government, and more
specifically the TEMPEST engineers and students
from the National Security Agency be allowed to
examine this ship as a "lesson learned" program
before the ships are dismantled or stripped. By
studying the problems (that still doubtlessly
exists) in these ships, the national TEMPEST and
TSCM can be enhanced as a whole by learning from
these mistakes. This would turn these eight ships
into a temporary training range for the TSCM and TEMPEST profession.
Conduct an investigation into the entire Coast
Guard TEMPEST program to determine the extent to
which the USCG was, or is issuing waivers in lieu
of legitimate TEMPEST inspections, installations, maintenance, and repairs.
It appears that none of the ships has ever
actually passed a TEMPEST inspection, and that a
huge number of major flaws were found on all
ships, and that after the first four of ships
grossly failing that the stopped all TEMPEST testing for the second four ships.
In order to perform a TEMPEST, NONSTOP, and
HIJACK testing you must have all operational gear
installed and active. If the piece of equipment
requires a key to operate (such as the ARC-210)
you use a testing key or a simulator during the
testing, and then once you have IATO authority to
operate you can load up the real keys and software, and retest.
Your Committee also needs to request the work
schedules of all USCG, and SPAWAR TEMPEST
employees and contractors to see how often they
went out to the shipyard before the instrumented
tests, and then investigate their activities
during the periods of interest. Essentially, you
want to see all of their movements and activities
during the entire deepwater program.
In my professional opinion none of the ships (all
8 of them) are capable of passing either a visual
or an instrumented TEMPEST examination, but
rather failed miserably, which required that the
government hold back money until the failure
points were corrected. There this minimal
documentation that any of these problems were
actually fully corrected after delivery (other
then a few minor problems, when the major problems were ignored).
The bottom line, is that based on the documents I
have reviewed these ships are all a major liability to our national defense.
It is possible that the USCG has corrected the
entire problem, and has had the ships subjected
to a new visual and instrumented inspection, but
there is no documentation to even hope that they have done this.
The Coast Guard has been very obstructive to this
inquiry, has not been reasonably responsive in
providing information, and instead provides mere
fragments. They seem to issuing glowing press
releases about the Deepwater program instead
releasing the documents detailing the TEMPEST and
other problems. In a nutshell, the Coast Guard
has been giving this committee nothing but lip service.
While the Navy did not actually certify the
TEMPEST inspections, but were merely contractors
that performed the instrumented tests, while the
Coast Guard performed the visual inspections.
Instead, the Coast Guard "self certified"
themselves, but lacked the technical competencies
and equipment to perform the instrumented TEMPEST
tests on their own. This is a tell-tale sign that
the USCG should not have been involved in their
own TEMPEST program at all. The Navy SPAWAR does
issue "pass/fail" recommendations
on USN installations, but they specifically do not do that for the Coast Guard.
After carefully studying the documents relative
to the Coast Guard Deepwater program I have
become reasonably convinced that there has likely
been criminal conduct and gross negligence on the
part of one or more Coast Guard, and Navy
employees or members, and that there has likely
also been criminal conduct and gross negligence
on the part of the contractor, and subcontractors in a secondary capacity.
In my professional opinion the bungling of the
Deepwater 123' program (as least on the TEMPEST,
COMSEC, Ciphering, and Technical Security side)
has resulted in the "losing defense information"
and the unauthorized disclosure of classified
information, codes, ciphers, and related systems
as defined by Title 18, Sec. 793, and Section 798 due to gross negligence.
It is my professional opinion that by the Coast
Guard operating these ships absent proper TEMPEST
inspections that they, the Navy, and the
contractor have disclosed highly classified information to our enemies.
The issuing of these TEMPEST waivers is the
smoking gun, and I feel that they are only the tip of the proverbial iceberg.
If the Navy had even the slightest idea that
waivers were being claimed and that the problems
were not being corrected (bur rather falsified or
the records doctored) they were duty bound to
notify the cognizant authorities that the ships
did not meet NSA TEMPEST standards, and hence to move to revoke any waivers.
I believe that the proper terminology is
"accessory before the fact", as SPAWAR knew of
upcoming illegal activities involving the
disclosure of classified information, and while
they may not have been the certifying authority
for the USCG, he had full knowledge that at least one or more ships failed.
If the USCG is not qualified to perform these
instrumented tests themselves, then they are not
qualified to issue the waivers either. It is a
bit of a double-edged sword of many excuses.
"TEMPEST waivers for any visual discrepancies"
can also called "doctoring a TEMPEST inspection,"
since they could not get the ship to actually
pass the inspection they covered the
discrepancies with waivers and falsified
documents. In some circles this is also called
"pencil whipping" the inspection.
The results of the instrumented TEMPEST
inspection are not classified, the actual report
is classified, or more specifically 10% of the
final report is classified. I would point out
that during the DD250 that the USCG discloses
that both the visual and instrumented inspections failed.
IATO and ATO can be granted if all of the TEMPEST
visual and instrumented violations where
falsified with "waivers". They could have also
issued waivers for screen doors on submarines,
but that does not mean that the submarines will be any safer or more secure.
The "Coast Guard 123 WPB class TEMPEST waivers"
comments means that the Coast Guard just decided
to abandon the TEMPEST standards and inspections
right after PADRE failed (again), but gave PADRE
Authority to Operate anyway (with falsified
TEMPEST waivers). So discovered that the only way
to get the ships to pass was to not inspect them in the first place.
SPAWAR's Involvement and Comments
According to the Navy, visual inspections are
normally conducted first so that discrepancies
can be corrected before the instrumented test,
which is comparatively both expensive and time
consuming. However, there is no technical reason
to preclude doing both at the same
time. Scheduling is a USCG decision. They do
not recall when the visual inspection was done
since SPAWAR did not perform the visual
inspection. The USCG may have performed the
visual inspection during the first day since
SPAWAR had the night shift. SPAWAR recalls
having information about visual discrepancies
during the test, but do not recall the
details. However, it was SPAWARs understanding
at the time that Lockheed Martin did not intend
to correct visual discrepancies, so there was no
reason to perform the visual inspection in advance of the instrumented test.
Lockheed Martin/ICGS has stated that they were
not responsible for TEMPEST; SPAWAR claimed that
they could only run the instrumented tests, but
could not certify anything. The Coast Guard
lacked the expertise, equipment, or resources to
perform their own inspections so it turned into a
case of everybody claimed that someone else was responsible for the problem.
SPAWAR tested two 123' hulls, the USCGC Matagorda
in February 2004 and the USCGC Padre in July
2006. SPAWAR did not track or record
installation changes between the hulls, nor was
that a requirement--SPAWAR just tested what was
equipment was there when they conducted the test.
The test results are again classified. SPAWAR
did not make a recommendation, either for or
against, TEMPEST certification in the report for the Padre.
The Coast Guard and ICGS is Playing Games
While MIL-HDBK-232A does involve many TEMPEST
topic matters it is not the "Core Document", nor
should it be considered "THE" TEMPEST standard by
any means. If MIL-HDBK-232A is the only document,
which they list as the only contractual
requirement, then there was never any formal
requirement for TEMPEST compliance in the
program, only a specification of distances between equipment and cables.
The Coast Guard had admitted that the only
standard or protocol that they required for
TEMPEST certification was only one publications, that being "MIL-HDBK-232A"
A list of relevant government standards, which
should have been listed within the contracts and
the designs, are amended to this document.
When the ships began failing all of their TEMPEST
inspections the issue of "other standard and
specifications" started being brought up. While
we initially see that the USCG and SPAWAR quoted
violations in regards to NSTISSAN 2-95 and IA PUB
5239-31, but in October 2005, the USCG inspector
began trying to apply Air Force standards to the
matter at hand to obtain a waiver.
This dragging in an Air Force standard is a case
of "document shopping" where the Coast Guard
and/or ICGS didn't like what the NSA standards
for TEMPEST said, so they shopped around for
another government standard that they could quote
that would let them get away with a waiver of a dangerous situation.
This is akin to a child not liking the answer one
parent give them, only to run to the other parent
to ask the same question in order to get an override.
The interesting issue here is that by seeking a
waiver under AFMAN 33-214V2, the Coast Guard
states that cheap Mylar/foil shielding may be
used in cases where the digital signals are less
the 5,000 bits per second (or 5Kbps). The CAT 5E
cables that are at issue are actually capable of
speeds up to, and in excess of 100 million bits
per second (or 100Mbps), or twenty thousand times
faster. If the cable were merely used for ISDN
communications for a STE connection then the data
speeds involved would be 192kbps, which is 38
times faster then the USAF specification. In
either regards, brining up an Air Force
specification, as an excuse as to why he Coast
Guard should issue a waiver on the matter is
ludicrous, but it also shows just how desperate
the Coast Guard was to cover up the problem.
In Summary
I have serious discomfort and grave concerns with
the prospect of any further asset deliveries,
given what I have seen by studying documents
regarding the Deepwater program… the men and
women of the Coast Guard have a tough job to do,
and they deserve better then ships that leak, and are unusable.
It has been on honor to be of service to my
country in this matter, and an honor to render assistance to this committee.
Thank you,
James M. Atkinson
----------------------------------------------------------------------------------------------------
World Class, Professional, Ethical, and Competent Bug Sweeps, and
Wiretap Detection using Sophisticated Laboratory Grade Test Equipment.
----------------------------------------------------------------------------------------------------
James M. Atkinson Phone: (978) 546-3803
Granite Island Group Fax: (978) 546-9467
127 Eastern Avenue #291 Web: http://www.tscm.com/
Gloucester, MA 01931-8008 E-mail: mailto:jmatk[at]tscm.com
----------------------------------------------------------------------------------------------------
We perform bug sweeps like it's a full contact sport, we take no prisoners,
and we give no quarter. Our goal is to simply, and completely stop the spy.
----------------------------------------------------------------------------------------------------