IN THE WORLD OF SECURE COMMUNICATIONS, NOT ALL THREATS COME FROM HACKERS OR SPIES BREAKING INTO A SAFE. SOMETIMES, THE MACHINES THEMSELVES ARE THE PROBLEM. DURING WORLD WAR II, ENGINEERS AT BELL LABS MADE A STARTLING DISCOVERY: CRYPTOGRAPHIC EQUIPMENT WAS UNINTENTIONALLY “BROADCASTING” INFORMATION THROUGH TINY ELECTROMAGNETIC SIGNALS. WITH THE RIGHT TOOLS, THOSE SIGNALS COULD BE INTERCEPTED AND TURNED BACK INTO READABLE TEXT. THIS REVELATION GAVE BIRTH TO WHAT WE NOW CALL TEMPEST, THE STUDY AND CONTROL OF COMPROMISING EMANATIONS FROM ELECTRONIC DEVICES.
BY THE 1950S, THE CONCERN WAS NO LONGER THEORETICAL. INTELLIGENCE SERVICES ON BOTH SIDES OF THE COLD WAR BEGAN TO NOTICE ANTENNAS AND LISTENING DEVICES POSITIONED SUSPICIOUSLY CLOSE TO SECURE FACILITIES. IN MOSCOW, MORE THAN 40 MICROPHONES WERE FAMOUSLY FOUND INSIDE THE U.S. EMBASSY. BEYOND EAVESDROPPING ON CONVERSATIONS, THOSE HIDDEN DEVICES COULD ALSO PICK UP SOUNDS AND SIGNALS FROM CRYPTOGRAPHIC MACHINES, POTENTIALLY EXPOSING HIGHLY SENSITIVE OPERATIONS.
THE U.S. RESPONSE WAS TO DEVELOP COUNTERMEASURES. ENGINEERS EXPERIMENTED WITH SHIELDING EQUIPMENT, FILTERING OUT SIGNALS, AND EVEN “MASKING” EMISSIONS BY RUNNING MULTIPLE MACHINES AT ONCE TO CREATE ELECTRONIC NOISE. POLICIES REQUIRED SECURE ZONES AROUND CRYPTOGRAPHIC CENTERS TO KEEP POTENTIAL EAVESDROPPERS AT BAY. BUT WITH EACH FIX, NEW VULNERABILITIES WERE DISCOVERED—RANGING FROM ACOUSTIC CUES PICKED UP BY MICROPHONES TO SIGNALS CARRIED DOWN POWER LINES. PROTECTING COMMUNICATIONS BECAME A CONSTANT RACE BETWEEN ATTACKERS AND DEFENDERS.
TODAY, TEMPEST REMAINS A CRITICAL DISCIPLINE IN INFORMATION SECURITY. THE LESSONS LEARNED DECADES AGO STILL APPLY: TECHNOLOGY CAN BETRAY US IN UNEXPECTED WAYS. FROM COMPUTERS TO TELEPHONES, EVERY DEVICE HAS THE POTENTIAL TO EMIT SIGNALS THAT REVEAL MORE THAN INTENDED. THE ONGOING CHALLENGE IS TO STAY AHEAD OF THOSE RISKS, ENSURING THAT OUR MOST SENSITIVE INFORMATION REMAINS TRULY SECURE.
THE ROOTS OF TODAY’S ICD 705 STANDARDS CAN BE TRACED BACK TO THE EARLY YEARS OF THE COLD WAR. IN 1952, PRESIDENT DWIGHT D. EISENHOWER SIGNED EXECUTIVE ORDER 10421, WHICH FORMALLY INTRODUCED THE CONCEPT OF “PHYSICAL SECURITY” AS A NATIONAL DEFENSE REQUIREMENT. THIS ORDER DEFINED PHYSICAL SECURITY AS PROTECTION AGAINST SABOTAGE, ESPIONAGE, AND OTHER HOSTILE ACTS. FROM THAT POINT ON, U.S. POLICY BEGAN TO EVOLVE AROUND THE IDEA THAT INFORMATION AND FACILITIES REQUIRED STRUCTURED SAFEGUARDS.
FAST FORWARD TO 1995, THE OKLAHOMA CITY BOMBING BROUGHT A RENEWED FOCUS ON GOVERNMENT FACILITY PROTECTION. EXECUTIVE ORDER 12977 ESTABLISHED THE INTERAGENCY SECURITY COMMITTEE (ISC), WHOSE MISSION WAS TO DEVELOP UNIFORM POLICIES AND STANDARDS FOR FEDERAL FACILITY SECURITY. THIS SHIFT EMPHASIZED THAT SECURITY WAS NO LONGER JUST AN “AGENCY RESPONSIBILITY,” BUT A NATIONAL PRIORITY THAT REQUIRED COLLABORATION AND CONSISTENCY.
THE BIGGEST CHANGE CAME IN THE MID-2000S. THE CREATION OF THE OFFICE OF THE DIRECTOR OF NATIONAL INTELLIGENCE (ODNI) IN 2004 CONSOLIDATED SECURITY STANDARDS UNDER ONE LEAD AUTHORITY. FORMER DIRECTOR OF CENTRAL INTELLIGENCE DIRECTIVES (DCIDS) WERE REVIEWED AND RE-DESIGNATED AS INTELLIGENCE COMMUNITY DIRECTIVES (ICDS). ICD 705 EMERGED AS THE CORNERSTONE DOCUMENT FOR THE PLANNING, DESIGN, AND ACCREDITATION OF SCIF AND SAPF FACILITIES. THIS DIRECTIVE, SUPPORTED BY THE ICS 705 SERIES AND THE TECHNICAL SPECIFICATIONS, ESTABLISHED UNIFORM STANDARDS THAT REMAIN THE FOUNDATION OF SECURE FACILITY CONSTRUCTION TODAY.
TODAY, ICD 705 REPRESENTS THE HISTORY OF LESSONS LEARNED FROM ESPIONAGE, TERRORISM, AND NATIONAL SECURITY INCIDENTS. UNDERSTANDING ITS ORIGIN PROVIDES CONTEXT FOR WHY REQUIREMENTS EXIST AND REINFORCES THAT SECURITY IS ABOUT MORE THAN COMPLIANCE. IT IS ABOUT PROTECTING NATIONAL DEFENSE CAPABILITIES AND THE PEOPLE WHO SUPPORT THEM.