Chesapeake Protects Classified and Proprietary Phone Conversations

Posted on Apr 10, 2017 in Jeff Nolte's Blog

Many in the security field focus on hardening data networks against hackers and viruses, but voice conversations often require the highest level of protection too. For government agencies and contractors, the need is obvious: having the ability to discuss classified information in full confidence that it will not be overheard or intercepted. Chesapeake offers several solutions to protect classified and proprietary phone conversations.

Sensitive Compartmented Information Facility

This is where a SCIF comes in: a Sensitive Compartmented Information Facility. Typically, this is a purpose-built room in a building, or a portable enclosure, where sensitive phone conversations can take place in complete privacy. SCIFs are accredited for use by the Federal government with standards defined by the defense and intelligence communities.

To achieve this level of security, SCIF defines building requirements that greatly exceed those achieved by typical commercial construction. Walls, ceilings and floors, for example, must be constructed so that they will reveal evidence of unauthorized entry or tampering. Special materials must be used on these surfaces to prevent leakage of electromagnetic or radio frequencies that might be monitored and collected by lurkers for unintended uses. The surfaces can be even be “hardened” with noise generators that radiate a blend of frequencies to produce a sound like running water.

All telephone, electrical power, security systems, data and emergency systems must be dedicated to and contained within the SCIF. Any utility that enters the SCIF must terminate there and not traverse through the space. Where the conduit for any of these systems penetrates the SCIF perimeter, they must be hardened to minimize the chance of compromise.

Duct work, for example, must be equipped with steel bars, welded at the intersections, with inspection ports inside the SCIF. The openings, duct work and duct breaks must be specially fabricated to prevent signal leakage.

The SCIF door and frame assembly also must prevent signal leakage, as well as meet local building and safety codes. The doors must employ two access control technologies: one for daily use and one for secure lock up when the SCIF is unattended.

Secure, TSG-6 Certified Phones

The phones within the SCIF must meet the JITC Unified Capabilities certification for Assured Services SIP End Instruments. A range of such on-hook, secure phones are available that are…

  • Certified by the Committee on National Security Systems (CNSS) as TSG-6 approved to help defense, intelligence and civilian agencies protect sensitive information.
  • Tested for compliance and approved by the National Telecommunications Security Working Group.
  • Field tested on a variety of communications platforms.
  • Powered over Ethernet (PoE) or equipped with local, standalone power options.

Teo Technologies, for example, offers models that are TSG-6 approved for DoD use. Special positive-disconnect circuitry and ultra-low-emissions technology ensure that no audio signals from the microphone are produced on any wires leaving the phone when it is on-hook. A push-to-talk button on the handset allows for the elimination of background sounds during sensitive conversations. The microphone is active only when the button is pressed. And when Power over Ethernet is not available, the phone can be plugged into a local supply that provides filtered operating power via the phone’s barrel connector.

There are two TSG-6 approved equipment implementations for VoIP phones in the SCIF environment, each with its own classification. For example, with a multi-button TSG-6 compliant VoIP phone with switched Ethernet port and 802.3af Power over Ethernet…

  • Class A certification allows the Ethernet switch to reside outside of the SCIF
  • Class B certification mandates that the Ethernet switch reside inside the SCIF

All VoIP phone must be resubmitted for CNSS approval if the manufacturer substitutes any component that alters a phone’s electrical or acoustic characteristics. Phones are randomly selected for testing one calendar year after CNSS approval to ensure continued compliance with CNSS guidelines.

Cabling and Network Infrastructure

In the case of structured cabling and network infrastructure, projects must follow security specifications required to receive site survey certification and approval. Each aspect of the network requires special attention, including:

  • Shield Twisted Pair / Fiber / Hybrid Infrastructure
  • Wire-ways / Conduit / Transport
  • Cabinets / Main Distribution Frame / Communications Closet
  • Station Drops / Cabling
  • Labeling / Inspection / Administration

Putting it all Together

The growing number of attacks on enterprise data networks, their increasing sophistication and persistence, and the emergence of a new breed of cyber criminals intent on inflicting as much damage as possible all point to the need for tighter security measures. When it comes to protecting sensitive voice communications, federal agencies and contractors have come to rely on a proven solution – SCIF. Partnering with an experienced technology provider can streamline the accreditation process, prevent implementation delay, and facilitate the safe discussion of classified information.