DOD Tempest Protection

Better Evaluations Needed To Determine Required Countermeasures Gao ID: NSIAD-86-132 June 27, 1986

Pursuant to a congressional request, GAO reviewed the Department of Defense's (DOD) and military services' adherence to national TEMPEST policy. TEMPEST refers to technical investigations and studies of compromising emanations from electronic data processing equipment. National security policy requires federal agencies to protect classified information from such emanations.

GAO found that: (1) TEMPEST countermeasures are very costly to implement; (2) while total DOD TEMPEST-related costs are unknown, they are estimated at hundreds of millions of dollars annually; (3) DOD has not issued an implementing regulation in connection with the national TEMPEST policy directive; (4) DOD has issued conflicting TEMPEST policy memoranda and, as a result, the services are interpreting and implementing TEMPEST policy in different ways; (5) the services sometimes acquire TEMPEST countermeasures without determining whether they are needed; (6) the services and defense contractors are sometimes processing classified information without performing TEMPEST evaluations; (7) the services do not always conduct follow-up evaluations at contractor facilities to ensure that TEMPEST countermeasures are being implemented as needed; and (8) the Defense Investigative Service, which performs many TEMPEST evaluations for other DOD components, believes that its personnel are not adequately trained to perform TEMPEST evaluations or compliance inspections.

Recommendations

Our recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.

Director: Team: Phone:


The Justia Government Accountability Office site republishes public reports retrieved from the U.S. GAO These reports should not be considered official, and do not necessarily reflect the views of Justia.