What is TEMPEST? The NATO Emanation Security Standard Explained
TEMPEST is the NATO/NSA standard covering electromagnetic emanations from electronic equipment that can be intercepted and exploited. Understanding TEMPEST is essential for any organisation operating classified or sensitive systems in a facility with a capable threat actor nearby.
TEMPEST is a NATO/NSA classification covering unintentional electromagnetic emanations from electronic equipment — signals that a capable adversary can intercept outside the facility and use to reconstruct the data being processed. TEMPEST-considered facilities are built or retrofitted to attenuate these emanations below detectable thresholds. Any facility handling classified or commercially sensitive information in proximity to a capable threat actor requires a TEMPEST assessment.
Most security programmes focus on what leaves the network or the room. TEMPEST addresses a different problem: what leaks from the equipment itself. Electronic devices — computers, screens, keyboards, printers, telecommunications infrastructure — emit electromagnetic signals as a byproduct of operation. Those signals carry information. A capable adversary, positioned within range, can intercept them and reconstruct the data on screen, the keystrokes being entered, or the audio being processed.
The History of TEMPEST
TEMPEST is a classified US government code word — now used generically in the security community — for the study and control of compromising emanations. The original NSA/CSS research dates to the 1950s, when signals intelligence analysts demonstrated that the electromagnetic emissions of cipher machines could be intercepted and decoded. NATO adopted parallel standards, creating the concept of a TEMPEST-controlled facility.
Today, TEMPEST remains a live operational concern. Modern computing equipment — particularly high-resolution displays, CPUs under load, and RF-connected peripherals — emits detectable signals at distances relevant to adversaries in adjacent buildings, vehicles, or co-located spaces. State-level threat actors with TEMPEST interception capability target diplomatic facilities, governmental computing environments, legal proceedings, and executive command centres.
What TEMPEST Assessment Covers
A TEMPEST assessment identifies the sources of compromising emanation in a facility, models the propagation distance and directionality of those emissions, assesses the proximity and plausibility of an adversary interception position, and recommends controls matched to the actual risk — from procedural measures through to shielded room construction.
Mission Support TSCM engagements include a TEMPEST/compromising-emanation assessment as a standard component wherever computing equipment, screens, or telecommunications infrastructure are present in the swept area.
TEMPEST Certification Levels
NATO and national TEMPEST standards define certification zones and attenuation levels. Zone 0 (highest protection) requires the facility to prevent any detectable emanation at the boundary. Zone 2 provides protection against state-level interception from outside the building. Zone 3 addresses close-proximity threats. The applicable zone is determined by the classification level of the information processed and the assessed threat level.
Who Needs TEMPEST Mitigation
- Embassy and diplomatic mission secure communication rooms
- Governmental and ministerial facilities processing classified information
- Defence ministry secure operations centres
- Legal-privileged proceedings in high-profile matters
- Corporate executive environments where M&A or strategic information is processed against a state-level corporate espionage threat
- Intelligence-adjacent facilities where the adversary has documented TEMPEST capability
TEMPEST Controls
Controls range from procedural (maintaining distance between screens and external walls, using wired rather than wireless peripherals, disabling Bluetooth and Wi-Fi on classified processing equipment) through to physical shielding (Faraday cage construction, TEMPEST-rated screened rooms, and point-source shielding for high-emission equipment). Mission Support specifies the appropriate level of control matched to the assessed threat, not the highest possible standard regardless of need.
Frequently Asked
Request a Secure Comms Assessment
Operational engagements start with a vetted conversation. Mission Support responds inside one working day for governmental and Tier-1 enquiries.
Continue to service briefWhat is TSCM? The complete guide to Technical Surveillance Counter-Measures
TSCM is the only way to know whether a space is clean. What it involves, who needs it, and what a professional sweep actually delivers.
Read next