Skip to main content

This section of the ISM provides guidance on emanation security.

Applicability

This section is only applicable to:

  • organisations located outside of Australia
  • facilities in Australia that have transmitters
  • facilities that are shared with non-Australian government entities
  • mobile platforms and deployable assets that process information.

Emanation security threat assessments in Australia

Obtaining current threat advice from the Australian Cyber Security Centre (ACSC) on potential adversaries, and applying the appropriate counter-measures, is vital to protecting systems from emanation security threats.

Security Control: 0247; Revision: 3; Updated: Sep-18; Applicability: S, TS
System owners deploying systems with Radio Frequency (RF) transmitters inside or co-located with their facility contact the ACSC for an emanation security threat assessment and implement any additional installation criteria derived from the emanation security threat assessment.

Security Control: 0248; Revision: 5; Updated: Sep-18; Applicability: O, P, S
System owners deploying systems with RF transmitters that will be co-located with systems of a higher classification contact the ACSC for an emanation security threat assessment and implement any additional installation criteria derived from the emanation security threat assessment.

Security Control: 1137; Revision: 2; Updated: Sep-18; Applicability: TS
System owners deploying systems in shared facilities with non-Australian government entities contact the ACSC for an emanation security threat assessment and implement any additional installation criteria derived from the emanation security threat assessment.

Emanation security threat assessments outside Australia

Fixed sites outside Australia, and deployed military platforms, are more vulnerable to emanation security threats. Failing to implement recommended counter-measures and standard operating procedures to reduce threats could result in the platform emanating compromising signals, which if intercepted and analysed, could lead to platform compromise with serious consequences.

Security Control: 0932; Revision: 5; Updated: Sep-18; Applicability: O, P
System owners deploying systems overseas contact the ACSC for emanation security threat advice and implement any additional installation criteria derived from the emanation security threat advice.

Security Control: 0249; Revision: 3; Updated: Sep-18; Applicability: S, TS
System owners deploying systems overseas contact the ACSC for an emanation security threat assessment and implement any additional installation criteria derived from the emanation security threat assessment.

Early identification of emanation security issues

It is important to identify the need for emanation security controls for a system early in the project life cycle as this can reduce costs for the project. Costs are much greater if changes have to be made once the system has been designed and deployed.

Security Control: 0246; Revision: 3; Updated: Sep-18; Applicability: O, P, S, TS
An emanation security threat assessment is sought as early as possible in a project’s life cycle as emanation security controls can have significant cost implications.

Industry and government standards

While ICT equipment in a TOP SECRET area in Australia may not need certification to TEMPEST standards, the ICT equipment still needs to meet applicable industry and government standards.

Security Control: 0250; Revision: 3; Updated: Sep-18; Applicability: O, P, S, TS
ICT equipment in TOP SECRET areas meets industry and government standards relating to electromagnetic interference/electromagnetic compatibility.

Further information

Further information on cables and separation standards, as well as the potential dangers of operating RF transmitters near systems is documented in Australian Communications Security Instruction (ACSI) 61 D.

Further information on conducting an emanation security threat assessment is documented in ACSI 71 D.