21 April 2007
James Atkinson testimony Amendment 1:
http://cryptome.org/cg-unmet.htm
James Atkinson testimony Amendment 2:
http://cryptome.org/cg-ugly.htm
Michael DeKort on Coast Guard TEMPEST Leakage:
http://cryptome.org/cg-leakage2.htm
Date: Fri, 20 Apr 2007 16:57:11 -0400To: John Young <jya[at]cryptome.net>From: "James M. Atkinson" <jmatk[at]tscm.com>Subject: Copy of Partial Written TestimonyGranite Island Group127 Eastern Avenue, #291Gloucester, MA 01931James M. Atkinson
http://www.tscm.com/ jmatk[at]tscm.com (978) 546-3803Testimony ofJames M. AtkinsonPresident and Sr. EngineerGranite Island GroupBefore theHouse Committee on Transportation and InfrastructureU.S. Coast Guard Budget and Oversight HearingApril 18, 2007My name is James M. Atkinson, and I am the President and Senior Engineer of Granite Island Group located in Gloucester, MA, which is a small veteran owned company that since 1987 has specialized in the field of electronics engineering. We have special capability involving the protection of classified, confidential, privileged, or private information against technical attack, eavesdropping, or exploitation.I am responsible for performing visual and instrumented TSCM (Technical Surveillance Counter Measure) surveys. This includes the analysis of all signals present on the airways; evaluation of telephone lines, computer networks, detection of computer viruses and Trojan horses, security of voice and data switching systems, and any mechanism by which a spy could commit technical eavesdropping or surveillance against or exploitation of a target through technical means. Also included in these responsibilities are the studies of electromagnetic interference (EMI), and the study of electromagnetic compliance (EMC), to include the performance of visual and instrumented TEMPEST inspections, and measures to mitigate other technical weaknesses in communications and computer systems.I have attended extensive private and government sponsored TSCM, TEMPEST, cryptographic, technical intelligence, electronics, and security training both in the United States and abroad. I have been involved in many hundreds of TSCM, TEMPEST inspections, over the past 25 years of government and private sector assignments. I have been extensively published on these subject matters, and have authored materials that have affected national policy.My clients include major corporations, heads-of-state, diplomats, government agencies, defense contractors, hospitals, courthouses, police stations, banks, universities, publicly traded companies, private companies, stockbrokers, ranchers, farmers, fisherman, accountants, law firms, restaurants, political leaders, ministers, small businesses, and private individuals.I believe that I am in the unique position to act as an independent and disinterested party, "honest broker", (and Voice of Reason in these proceedings). I was not involved in the ICGS Deepwater program in any regard or capacity and have no ax-to-grind. I am also able clearly explain highly technical and highly classified subject matters such as TEMPEST and TSCM to this committee in an unclassified way that a non-technical layman can understand. The documents in this matter are highly technical, and it takes a TEMPEST and TSCM expert to fully understand what is in those documents, what they represent, what they mean, and more importantly to bring forth the gravity of the situation.I have also carefully analyzed hundreds of pages of documents and reports which where provided to the government by ICGS (the Deepwater contractor) when the first eight 123 foot cutters were delivered to the Coast Guard. These documents were not classified in any way, and were available to any member of the public by merely asking the Coast Guard for them. Within these documents, I discovered that ICGS delivered seriously defective ships to the government, which did not comply with TEMPEST standards, which the government could not use for classified missions, and which could not be used to store, process, or transmit classified information.All of the information contained within this written testimony, and all information, which is presented in my oral testimony, is completely unclassified.TEMPEST IntroductionWhen a new consumer electronic device such as a computer, DVD player, blender, electric razor or other modern electronic marvel is offered for sale to the public the manufacture has to gain a special certification or authorization from the FCC. This process ensures that when the consumer uses the device that they will not interfere with other devices in the area. For example, we do not want a DVD player or blender to accidentally jam all the TV, and cellular telephones in a five-block area due to a poor product design.The FCC (Federal Communications Commission) and its foreign equivalent have created a series of formal standards which new equipment is evaluated against before it is offered for sale to the public.These new products are taken into a specialized laboratory, and an engineer completes a complicated battery of tests. These test results are then sent to the FCC who then approves or denies permission for the product to be sold to the public.When modern electrical devices operate, they generate electromagnetic fields. Digital computers, radio equipment, typewriters, and so on generate massive amounts of electromagnetic signals, which if properly intercepted and processed will allow certain amounts of information to be reconstructed based on these "compromising emanations". Anything with a microchip, diode, or transistor, gives off these fields.Compromising emanations are these unintentional intelligence-bearing signals, which, if intercepted and analyzed, potentially disclose the national security information, transmitted, received, handled, or otherwise processed by any information-processing equipment.These compromising emanation signals can also escape out of a controlled area through power line conduction. Other conduction paths can be air conditioning ductwork, plumbing, wiring, or by simply radiating a signal into the air (much like a radio station). These signals can also mix with or be impressed onto other unclassified signals, where the eavesdropper merely intercepts these unclassified signals, and extracts the classified information riding on top of the unclassified signal.An excellent example of these compromising emanations may be found in several modems and fax machines. When these modems operate, they generate a very strong electromagnetic field, which may be intercepted, demodulated, and monitored with nothing more then a radio that any member of the public can purchase at Radio Shack, Best Buy, Wal-Mart, or other retailer of consumer electronics (which, in some cases, may, or may not be legal). This is also a very serious problem with many speakerphone systems used in executive conference rooms and government offices. A considerable problem also exists with many fax machines, computer monitors, external disc drives, CD-R drives, scanners, printers, and other high bandwidth or high speed peripherals and network devices. If an eavesdropper is using high quality, intercept equipment the signal may be easily acquired several hundred feet or more away from the target, although the eavesdropper would normally be located quite close to the system under surveillance.In the consumer markets, a slight amount of signal leakage really does not present a problem and at most would result in a breach of private information or disclosure of some corporate secrets. However, if a computer or other communications equipment that was processing classified information has a leak, the results could be devastating. Soldiers can be killed, wars can be lost, and nations can fall.During the early days of telephones, there was a significant problem where a person talking on one telephone line could clearly hear a person talking on another telephone line. This was most often the results of shoddy workmanship on the part of the phone installer, but also a result of using poor quality wiring in the early phone systems, and having inferior, albeit newly developed equipment. This problem is called "cross-talk", where one conversation leaks into a nearby phone line and can be heard by a third party to the original conversion between the original two parties. While this problem can been drastically limited in modern phone systems it has by no means been eradicated completely, and continues to be a problem most often caused by poor quality workmanship.World War One brought about a method where soldiers on one side of a battlefield were able to eavesdrop on their enemies telephone calls. This allowed them exploit this information to determine troop movements, and to gain a significant tactical advantage on the battlefield.During World War II, both sides of the conflict exploited signals, which leaked out of each other aircraft, surface vessels, and submarines. The Germans were able to detect, and shoot down U.S. bombers when their radio and navigation systems were merely turned on, but not actually transmitting. Submarines where similarly hunted by listening for this accidental leakage, and to this day the study and exploitation of this type of accidental signal leakage has become a staple of the intelligence and military community.In the 1950's NATO eavesdroppers in Germany discovered that classified information could be derived by monitoring unclassified teletype circuits. The cause of this was found to be that the classified and unclassified wiring was running too close to each other and causing classified information to bleed onto the unclassified wiring. What this investigation by intelligence analysts discovered was that by monitoring local high power radio stations that fragments of classified information could be extracted from the unclassified broadcast stations from a considerable distance from the location where the classified information was being processed. Continued investigation led to a sub-specialty in the field of electronics engineering that permitted one side to monitor the classified efforts of the other side by merely exploiting unclassified communications that were passing through the classified area. In other words unclassified signals opened the door to the acquiring of classified information.To deal with this "signal leakage" issue the U.S. government developed a series of formal, and extremely rigid engineering standards which lay out how equipment should be designed, installed, and maintained to avoid such leakage. These TEMPEST standards are really nothing more then several standard civilian engineering measurement standards and procedures enhanced by the NSA to make then more rigid and comprehensive then their civilian counterpart.TEMPEST is an acronym for "Telecommunications Electronics Material Protected from Emanating Spurious Transmissions" and includes technical security countermeasures; standards, and instrumentation, which prevent (or minimize) the exploitation of security vulnerabilities by technical means. Other popular names for TEMPEST are "Transient Emanations Protected from Emanating Spurious Transmissions", "Transient Electromagnetic Pulse Emanation Standard", "Telecommunications Emission Security Standards", and several similar variations.In 1957, the U.S. Government mandated rigid TEMPEST required for highly classified systems that were responsible for handling the most classified secrets of the Cold War and helped to contain our secrets for the next 20 years until details of those systems were sold to the Russians by multiple spies in trusted positions in the U.S. government.TEMPEST is nothing more then a fancy name for protecting against technical surveillance or eavesdropping of UNMODIFIED equipment, (the unmodified part is important.) TEMPEST and its associated disciplines involve designing circuits to minimize the amount of "compromising emanations" and to apply appropriate shielding, grounding, and bonding. These disciplines also include methods of radiation screening, alarms, isolation circuits/devices, filters, isolation distances, and similar areas of equipment engineering.A certified TEMPEST technical authority (CTTA) is an experienced, technically qualified U.S. Government employee (not a contractor) who has met established certification requirements in accordance with NSA approved criteria and has been appointed to fulfill CTTA responsibilities.There is an isolation area just outside of a classified system where it is less practical to exploit TEMPEST vulnerabilities. However, other systems present inside or near this isolation, area can considerably extend this distance to well outside the isolation area. This is often referred to the "zone of control", or "zone of exclusion".The Equipment Radiation TEMPEST Zone (ERTZ) is a radius established because of determined or known equipment radiation TEMPEST characteristics. The zone includes all space within which a successful hostile intercept of compromising emanations is considered possible. This zone can range from a few yards, to several miles depending on the nature of the classified information on the equipment on which it is being processed.As a spy moves away from a location where classified information is being processed the exploitation of accidental leakages becomes increasingly difficult. There is a specific classified voltage level called the "Compromising Emanation Performance Requirement (CEPR). This is the maximum emanation level permitted at the standard measurement distance during an instrumented TEMPEST evaluation. When the CEPR is met, there will be minimal chance that a compromising emanation will be detected beyond the specified design radius unless the equipment has not been properly maintained, or if a secondary signal provides a carrier for the classified signal.The point where the compromising emanation performance requirement (CEPR) applies. For an electric or magnetic field emanation, the standard measurement point is one meter from the equipment under test. For a conducted emanation, the standard measurement point is the design radius. This is called the "Standard Measurement Point," and it represents a distance similar to that found in civilian EMI and EMC studies.The goal of the CEPR and ERTZ is to ensure that the signals emitting from an item of classified equipment is below -164 dBm at a distance of 1 meter, and ideally below -174 dBm (although signals below -150 dBm are tricky to measure during a one week TEMPEST inspection). The TEMPEST standards are thus based on reducing signals below these levels, often involving keeping a cable more then a meter away from another cable, or keeping high threat device 3 meters away from others.The delicate point is that the CEPR and ERTZ can also foster a great sense of false security and a TEMPEST Zone can completely pass a visual and instrumented TEMPEST evaluation and yet still be highly exploited by spies for classified signals and information.A "TEMPEST zone" is a formally designated area within a facility where equipment with appropriate TEMPEST characteristics may be operated. Once the classified equipment is installed into this area is meticulously checked by a CTTA with a formal instrumented and visual TEMPEST inspection. This zone is commonly called a "Black Vault", or "Black Room" where classified equipment is located even though the zone will contain RED signals, RED equipment, and RED lines ("RED" means the equipment in the "Black Vault" is classified. This is a common point of confusion, and as such, a "black room" should be considered the same as a TEMPEST zone. The isolation zone is the area immediately surrounding the "TEMPEST Zone" of Black Vault.Focus of Study, and ObjectivesTEMPEST disciplines typically involve eliminating or reducing the waveform of signal transients caused by a communication signal and the resulting harmonics or mixing of the classified information with unclassified signals. These signals and their harmonics could allow the original classified signal or information to be reconstructed and analyzed by a spy.TSCM or Technical Surveillance Countermeasures on the other hand deals with protecting against hostile penetrations or manipulations by an eavesdropper to facilitate the interception and exploitation of classified, confidential, privileged, or private information. It is important to note that TSCM deals with things that have been manipulated in some way, and TEMPEST deals with unmodified things.The mind-set, hypothesis, or base-line of a TEMPEST inspector is that nothing is there until you can prove otherwise. Their job is to stop or limit compromising emanations and the technical leaks of classified information that are the results of poor equipment design, installation, or maintenance. A TSCM inspector on the other hand always assumes that an eavesdropper is active or that a bugging device or hostile manipulation is present until they can scientifically prove otherwise. TEMPEST assumes a proactive position on protecting classified information, whereas TSCM involve the reactive protection of the same information. Both disciplines are equally important and should be engaged in a proactive manner.C4ISR is the fusions of "Command, Control, Communications, Computers, Intelligence, Surveillance and Reconnaissance" into a single operative system to permit a more cohesive flow of critical information in a battlefield or tactical arena. The critical components of this are the core "Command and Control" elements. In a modern battlefield, the commanders need as much information available to them, on as rapid as possible timeline. With this in mind C4ISR draws together most of the resources on a battleship, command post, or forward control station directly into the hands of the people who need it most.C4ISR system included the missions of gathering, processing, and transmitting information, the Command, Control, Communications, Computer, Intelligence, Surveillance, and Reconnaissance (C4ISR) facility contains as a minimum ten distinguishable elements. These are the structure or housing; electrical power generation and distribution [both alternating current (ac) and direct current (dc)]; non-electrical utilities; heating, ventilation, and air-conditioning (HVAC); an earth electrode; lightning protection; communications systems; computer and data processing systems; control and security systems; and personnel support systems.TEMPEST in a TEAPOT and HIJACK ExploitsBetween the TEMPEST and TSCM fields of study there is also an area of our field that deals with unmodified or quasi-modified equipment and signals, which interact with each other. This is the case where in effect a classified signal or classified information is accidentally impressed onto an unclassified signal. Thus, the unclassified signal carrying the classified data with it is accidentally transmitted a considerable distance allowing for eavesdropping by those who should not possess the information. This is usually the result of TEMPEST standards not being rigorously followed during equipment design, installation, and maintenance.The investigation, study, and control of intentional compromising emanations from telecommunications and automated information systems equipment that was created, provoked, or induced by a spy is known by the code name of "TEAPOT". An example of this would be the positioning of a rack of two way radios need a secure telephone, or by installing RED cable near to a BLACK cable. This can also involve modifications to software, to slight breaches to the configuration of equipment.An example of this would be a case where a cable, which contains only unclassified radar, navigation, or communications signals, is placed near a cable, which carries highly classified information. On a maritime vessel an example of an unclassified signal would be the VHF marine radios, the unencrypted HF (shortwave) radio communication systems, and sections of the radar and IFF systems. Should any of these cables or equipment be placed near the classified systems an eavesdropper could intercept the classified information that was riding-on-the-back-of the unclassified signals.Another example of this would be a warship that downloads classified spy satellite imagery through the onboard satellite communication system. The problem is that the installer of the classified system has not properly installed the system that creates considerable TEMPEST problems causing these signals to leak off the ship a short distance. This is further complicated by several cables which do not carry classified information but which pass in close proximity to the classified cables. Due to the unclassified cable, perhaps being a high power antenna link the classified information can now leak out of the ship and be monitored by spies from dozens, if not hundreds of miles distant.Instrumented TEMPEST InspectionsIf the instrumented inspection turns up a problem that was major or serious then they absolutely would have had to have performed the entire instrumented inspection again; however, if they were only very minor problem turned up in the instrumented inspection the inspector could have merely pointed out several minor faults and left it up to a third party to resolve the issue.If the equipment configuration was materially changed to correct visual TEMPEST discrepancies, or equipment or cables were moved in the area that was inspected then the instrumented TEMPEST inspection would have had to be repeated again and again until all discrepancies had been fully cleared.Given the magnitude of the problems found during the visual TEMPEST inspections there would have been material changes in the secure areas, cables would have to have been re-routed, and physical and electrical changes would have been made. In turn, yet another, expensive follow-up instrumented test would be needed.This is why is it so critical for all visual discrepancies to be fully resolved before the instrumented TEMPEST inspection is initiated as the correction of visual deviancies may render the prior instrumented inspection of little or no value.It is a painful issue because with this number of visual faults it is unlikely that the ship could have passed the instrumented TEMPEST inspection. The magnitude and number of the problems with the TEMPEST on this ship are such that the instrumented inspection SHOULD have been re-performed from scratch. The Coast Guard had to relocate quite a bit of equipment, and re-run quite a bit of cables and systems to resolve the massive faults listed in the DD250 (attachment C), these changes would have create a number of significant and material changes from what an instrumented TEMPEST inspection before and after the changes would have seen.If the initial instrumented TEMPEST inspection identified only the instrument panel and LAN intersection weaknesses then there is an even bigger problem because it should have also picked up on the faulty ground straps on the racks, the emissions from the ARC-210 wiring, the signal leakage from the unshielded cables, and so on. If you find significant problems on a visual inspection, you should also pickup on similar problems in the instrumented measurements as well.It is best compared to your checkbook where one column is your credits, and one column is your debits. If you have a loose grounding cable, it should show up in the visual inspections, and then once you begin the instrumented inspection you should see the same effects of the ground cable not being hooked up properly. On the other hand, if the visual inspector was finding problems at the same time the instrumented inspector was performing the instrumented inspections the two events could have been interfering with each other and resulting in inconsistent results.In the records of the first four ships there is mention of an instrumented TEMPEST inspection being performed, and in all four cases both the instrumented and visual inspections failed.In the two OIG reports, I was unable to find any reference to the PADRE being subjected to a second instrumented TEMPEST inspection as the Coast Guard has contended in other documents. If the PADRE was in fact re-inspected, who did the inspection, and did they have any links to ICGS, LM, GD, USCG, SPAWAR, DHS (the bigger question is that did the agency or contractor who performed the second instrumented inspection on the PADRE have any bias, or benefit to the PADRE passing)?The Coast Guard appears have issued waivers too many of the TEMPEST requirements, gained IATO, keyed the C4ISR systems, and then granted ATO. This causes a problem though, because if they were granting large numbers of waivers for TEMPEST the waivers would be a matter of record on the second PADRE inspection. A USCG TEMPEST inspector is going to honor the waivers, but any other independent TEMPEST inspector is going to instead write up the systems as not being in compliance with a range of NSA TEMPEST standards and documents.The NSA requires that the equipment meet TEMPEST standards of performance before it is allowed to pass classified information. If the system passes an instrumented or visual inspection, and the ship or equipment is modified in a material way then the instrumented test should be performed from scratch. In order to correct, the things found in the visual inspection there would have been material changes made to the ship.The method that the OIG report tries to describe during the TEMPEST inspection is called a "propagation study" or "walk away study" and is performed when an instrumented inspector is unskilled and cannot obtain a solid reading with his instruments. He will tune a receiver to a signal of interest and slowly back away from an area he is examining until the reading drops below a preset level. This is performed in all directions around the area being protected, but is often the best test a technician can perform if they are limited in equipment, experience, or time on target.It is in extremely bad form to do this, but often it is the only way to evaluate how "dangerous" a TEMPEST problem is. The concern that we run in to with merely performing a "propagation study" is that is fosters bad engineering practices, and can conceal much more serious issues that could be exploited by a spy.An unclassified example of a similar situation would be a USB cable between a computer and printer that is leaking a signal that the TEMPEST inspector measures to be quite strong 20 feet away from the cable. The NSA specifications will mandate that this signal is not a problem so long at the voltage level drop below a certain level (we will arbitrarily say -130 dBm to set an unclassified level), beyond a certain distance (we will arbitrarily say 70 feet to set an unclassified level). So if the signal measures say -35 dBm at 20 feet away, but only -130 dBm at 70 feet away we say that the signal has been attenuated by 95 dB over a distance of 50 feet.If the inspector detects the signal radiating from the USB cable, instead of performing actual measurements to document the technical parameters of the fault, the inspector will "back away" with his test instruments to see if his equipment can still pick up the signal when he is X feet way from the cable or equipment be tested.It is actually better to get as close as physically possible to something that you are trying to certify, and to be mere inches away at the most. This depends on the signal or piece of equipment that you are trying to measure, but as a rule you place the test instrument antennas as close as physically possible, and run a test cable back a few yards so that the TEMPEST or TSCM inspector does not pickup the signals from the equipment he is using to make the measurements (or even his own wrist watch).Without disclosing any classified information I can relate to you that classified (or RED) equipment should not present a voltage level greater then -174 dBm at a distance beyond 3 meters. Further, there should never be any signal that exceeds -50 dBm within 3 meters of any classified system, but the general rule is to keep this -50 dBm number actually closer to -135 or even -160 dBm (which is only possible with modern test equipment, including modern TEMPEST instruments).It must be further pointed out that skilled engineer (or spy) equipped with the proper equipment, and given the appropriate amount of time can actually find and exploit signals that are far weaker than this.Within TSCM, TEMPEST, TEAPOT, HIJACK, NONSTOP, JERICHO, and related disciplines of electronics engineering we endeavor to correlate signals into our test equipment. More specifically, we will synchronize our test equipment to the timing signals created inside the equipment we are testing. We will then use this correlated signal to "gate" our test equipment into initiating a measurement when a certain signal threshold is detected, observed, or expected or we will gate the equipment to a specific time or other event.An example of this "gating effect" or correlation would take place in a radio, which uses Frequency Hopping or Direct Sequence modulation techniques or waveforms. If we know the technical parameters of these waveforms in advance, we can program our TEMPEST test equipment to only perform the measurement of the equipment under test when the Frequency Hopping signal is following a certain hopping sequence or pattern.Another example of this gating effect would be the timing signals used on a RADAR system or on an IFF system where the signals appear at fixed or highly predictable time periods. By only taking the measurement with the TSCM or TEMPEST instruments during these "moments of opportunity" the effectiveness can be increased by several thousand times.Related to this, if the spy can also determine the timing or other parameter of an operations system (such as RADAR, IFF, SATCOM, INMARSAT, VHF, UHF, etc) the spy can also exploit this gating effect to enhance his effectiveness by several thousand fold as well.If a hot, BLACK (unclassified) signal is exposed to a weaker RED (classified) signal the two signals will mix and the BLACK (unclassified) signal will now carry parts of the RED (classified) signal. In the case of the Bluewater cutter 500-watt IFF transponder, very high power RADAR systems, and the strong two-way radio systems on the ship, even the slightest leakage in the RED (classified) equipment will cause mixing with the black equipment signals and thus a hemorrhage of classified information.A typical piece of (unclassified) equipment that would be used for this measurement would be the DSI-1550-A (
http://www.dynamicsciences.com/client/show_product/33) and the DSI-9000A, DS-200, DSI-110, R-1580, R-1250, R-1180, and related equipment made by the same company. Other companies such as Electro-Metrics offer products such as the EM-2100 series, and with Watkins-Johnson, we have the venerable WJ-8999 Portable EMC/TEMPEST Test Receivers or WJ-9195 systems, and with other companies, we have a host of similar products of an unclassified nature.This equipment is highly specialized test instruments that are designed to measure extremely weak signals levels and which can measure a low level signals that is barely measurable by other means. This is one of the many pieces of equipment the instrumented TEMPEST folks would have used, and they would have used a wide range of related equipment resulting in several thousand pounds of equipment being brought to bear against the ship for these measurements.The DSI110 for example is capable of making measurements down to -164 dBm, and by using signal simulators and converters; the range can be greatly increased to well within, and below the Johnson noise floor of -174 dBm. The test equipment can also be triggered via a direct connection from the equipment under test to "gate" the measurement, which further enhances the sensitivity. This would be combined with high performance cables, ultra-sensitive low noise amplifiers, oscilloscopes, computers, cables, dozens of antennas or probes, and many hundreds, it not thousands of pounds of support equipment.Examples of Captured "Compromising Information" of Leakage[For images see:
http://transportation.house.gov/Media/File/Full%20Committee/20070418PM/James%20Atkinson%20Testimony.pdf ]Example Test Lay OutThe vast majority of this equipment can be openly purchased on the market, and surprisingly the U.S. Government often sells this same equipment off on a regular basis as scrap or surplus.There is no reason for the Coast Guard not to have had this equipment on hand to perform their own instrumented TEMPEST inspections, and further no reason for ICGS and/or Lockheed-Martin to have had this equipment on hand to perform at least some measure of instrumented inspections prior to the SPAWAR instrumented inspections.Red and Black IsolationA BLACK line, BLACK signal, or BLACK system is one in which no classified information is present, and onto which no classified information can leak or can be manipulated to cause the leakage of classified information. If a signal of message is intercepted off of a black system or line, it will not divulge any classified national security information if recovered and analyzed by a spy.RED lines, RED signals, RED components, RED modules, and RED systems are those, which handle highly classified national security information. Should any weakness or flaws of any type in a RED system take place the results could be devastating to the national defense as classified information could be leaked to spies.RED/BLACK isolation is part of the concept that electrical and electronic circuits, components, equipment, and systems. Thus, RED signals which national security information or unencrypted language, and unclassified information in electric signal form (RED) be separated from those, which handle encrypted or non-national security information (BLACK). Under this concept, RED or BLACK terminology is used to clarify specific criteria relating to, and to differentiate between such circuits, components, equipments, systems, etc., and the areas in which they are contained.Perpetual VigilanceTEMPEST and TSCM both require extreme attention to detail, and aggressive, perpetual vigilance. The slightest flaw in classified equipment design, installation, or maintenance can be, and frequently have been exploited by foreign intelligence agency. Spies aggressively seek out the technical weaknesses in our ciphering systems, our classified information systems, our computers, and our intelligence systems.When one of our government agencies is asleep at the wheel, only bad things can happen. When inspection reports are falsified bad things can happen. When government agencies start passing responsibility to other parts of the government and not owning up to their own inter-agency responsibilities only bad things can happen. When the leadership of a government agency ignores their responsibilities to glad-hand the agencies contractors only bad things will result. When there is malfeasance in the leadership of a military or civilian agency and the government contractors take advantage of that malfeasance to gouge the government and provide them with flawed goods and serves then only bad things can happen.The men and women of the Coast Guard have a difficult and critical job to perform on behalf of the public. They save lives, they defend our maritime ports, and they perform drug interdictions, ensure safe maritime transport, and are responsible for the security of our port and waterways. The Coast Guard needs solid and stable ships so that they can engage in a wide range of mission to defend this country and ensure the safety of the public. When the safety and lives of service members of the Coast Guard is at risk, so is the safety and lives of every member of the public.Several of the missions of the Coast Guard requires that it has immediate access to classified information via a classified network called SIPRNET, but access to this classified network and the information must be tempered with great control and oversight. To maintain this control and oversight a series of standards have been developed which first address the actual hardware through which this network communicates, and then a second set of standards that dictates a standard of performance for the software, which operates on the hardware. TEMPEST standards that apply to the hardware part of the equation rigorously dictate the performance characteristic of all equipment used to engage in classified communications, which includes all Coast Guard assets with access to classified systems.The Coast Guard must be perpetual vigilant not only in regards to search and rescue missions, but also must be equally aggressive with protecting classified information, classified networks, and classified communications systems.Much the same way that a minor error during a Coast Guard search and rescue mission can lead to the death of someone they have been sent out to rescue, a seemingly insignificant installation error, or lack of aggressive oversight of TEMPEST on a Coast Guard asset can be far more devastating and can cause suffering and death on a national level. It can also be something as simple as a cable not being properly routed, or a lock washer not being of the correct type, and mounting bolts not being torque down properly, or threads on a bolt not being cleaned.Our foreign adversaries want to steal our secrets, and they have considerable resources to facilitate such thefts. Foreign countries are actively spying on us, and aggressively trying to steal our secrets. The only defense against this constant threat is perpetual vigilance, and aggressive, and pro-active protection of classified systems. This nation will not survive, nor will it endure unless we can protect these systems.DD250 and Acceptance DocumentsA DD250 form is a standardized "Material Inspection and Receiving Report" that a contractor fills out prior to developing an asset to the government. On this document, the contractor lists the prices that the government will pay for the asset, and will list incidental charges that they may have incurred such as charges for special testing, special supplies on so on.Once an authorized representative (or a group of representatives) has inspected the asset, the document is signed on behalf of the government, the asset is formally accepted, and the contractor can be paid for the asset, which they are selling the government, or for the work, which they performed on the governments' behalf.It is customary for the DD250, or a document attached to the DD250 to include a list of all of the flaws that may have been discovered during the government inspections, or systems that may not have been fully functional or installed on the date that the asset was delivered to the government. This allows the government to withhold a reasonable amount of the money that is due the contractor until after the problem is resolved or the missing equipment installed.Attached to the DD250 will usually be some type of formal document or "Certificate of Conformance" prepared by the contractor in which they promise that they complied with all of the contract requirements, adhered to the specifications, and providing the asset in the condition in which the government ordered it.It is inevitable that a complex asset such as a ship, submarine, or aircraft will have some minor issue on the date of acceptance both the government and the contractor will work together and endeavor to correct these deviancies so that the contractor gets fully paid the withheld funds, and the government has a fully operational asset. Examples of deviancies would be radios which do not work, light bulbs that are burned out, propeller shafts that wobble, cables not being properly secured, and other issues that are caused by either shoddy workmanship, defective materials, or a combination of a lack of oversight or weak project management.The DD250 will also have as an attachment the results of specialized testing required by the government, or specialized certifications, which are required as, part of the acceptance process. An example of this is that an asset, which passes or accesses classified communications networks must pass a series of classified, tests to include NONSTOP evaluations, HIJACK studies, TEMPEST evaluations, and TSCM inspections.The most basic, and most critical of these tests which would take place prior to the DD250 being completed, and the asset being accepted by the U.S. Government, would be the operational testing and inspection of all communication equipment, and the completion of both a physical, visual, and instrumented TEMPEST inspection. Once the asset has been accepted and all of the deficiencies corrected the asset would be fully transferred into government control and additional signal testing. This would include, but not be limited to additional TEMPEST testing, HIJACK studies, NONSTOP countermeasures, and TSCM inspections, which are difficult, or impossible to perform unless the ship or other asset construction was completely finished and all the prior problems or discrepancies fully resolved.At this point the government would authorize the asset (in this case a ship) to have an IATO or "Interim Authority to Operate" which means that a limited amount of classified information or equipment could be brought onto the asset to facility further testing, and to initiate shakedown or seaworthiness testing. An example of this would be ciphers and codes that would be needed to permit the radios to pass classified communications, and to permit classified testing to take place.Classified testing, or the testing of classified systems would then be undertaken under the IATO, and once completed and all problems noted during the classified testing were resolved the contractor would receive their funds that had previously been withheld, and the government agencies to whom the asset belongs would issue the Final Authority to Operate or ATO.The time between the DD250 being signed and the asset being accepted by the government, and the final ATO being issued is a major liability for the government. The longer the duration of this time the greater the problems are with the asset. If, for example, the government accepts a ship, but the ATO is not granted until two years later, the ship has essentially been sitting unused while the deviancies where corrected. The length of this delay is also a key indicator of the competence of the contractor, and the oversight and effectiveness of the government contracting office.My professional opinion for the ideal situation is for the contractor not be paid the final 30% of any contract until the asset in delivered in full (with zero discrepancies or shortages), the asset is then formally accepted by the government, testing by the government is fully completed, and all deviancies resolved by the contractor to the governments satisfaction in a reasonable amount of time.Contactors struggle to deliver assets as quickly as they can, but in so doing, details are other missed, or standards and contracts are not complied with. In a rush to complete a multi-million, or even multi-billion dollar project the contractor may well cut corners or falsify test results to get the government to accept the asset before work is actually complete and in turn to receive the bulk of the money they are due for the project. The contractor then lists the incomplete work on the DD250, and the government inspectors then document those additional things, which the contractor failed to mention. This permits the contractor additional time to complete the work after the acceptance, which should have actually been completed PRIOR to acceptance that sadly, this is a type of soft procurement fraud on the part of the contractor.Ships That May Leak Secrets ThingsTo be very specific, prior to the Coast Guard taking delivery of the USCG Cutter Matagorda the USCG TEMPEST Program Manager and the Navy SPAWAR TEMPEST Authority initiated a visual and instrumented TEMPEST inspection of the Matagorda. The cost of this inspection is listed in the DD250 for this ship on page 2, as line item 55-5 in the amount of $121,000.On examination of the DD250, in attachment C to the ICGS Certificate of Conformance, exceptions listed for incomplete or defective services or equipment were noted in detail.Examples of the significant number of exceptions or failures found on the USCG Cutter Matagorda were engine control cables not working properly, massive failures of the TEMPEST requirements, security cameras not being properly mounted, communications systems being inoperative, power supplies and wiring being defective and highly hazardous PVC jacketed wiring being used aboard the ship.In lieu of resolving some of these problems, the exceptions (failures) were simply overlooked, and waivers were granted, not only on the Matagorda, but on the other ships as well. Instead of removing the hazardous PVC cables, a waiver was issued to keep them on board, and thus to recklessly endanger the crew.Instead of correcting, the TEMPEST failures and performing a second instrumented inspection the Coast Guard neglected to perform the second instrumented inspection that was mentioned in attachment C, and instead just made token changes and issued waivers for the rest of the problems.This pattern of behavior is also seen in the other ships where follow-up instrumented inspections were not completed after the first inspections failed, or the initial instrumented inspections were never performed at all.In that case, of one ship (PADRE) a follow-up instrument TEMPEST inspection was only initiated after a Department of Homeland Security - Inspector General Investigation was initiated to investigate fraud within the contracting and delivery of these ships. It is unclear as to who performed the second instrumented TEMPEST inspection on the PADRE, but it does not appear that it was a government entity.TEMPEST Problems within the 123' Deepwater Cutter/Patrol Boat ProgramMatagorda (1303)TEMPEST Inspect: 24-Feb-04 (failed) [Initial Instrumented SPAWAR Sweep]Delivered: 01-Mar-04Authority to Operate: 14-Oct-04TEMPEST Inspect: 19-Dec-04 (failed again, 29 unresolved problems)Date Entered Service: 07-Sep-05TEMPEST Inspect: 03-Aug-05 (failed again, 14 significant unresolved problems)DHS-OIG Report: 11-Aug-06 (Uncovers failures on many systems)123" Shutdown: 30-Nov-06 (Coast Guard finds cracks in all 8 ships… they leak)DHS-OIG Report: 09-Feb-07 (Uncovers Massive Project Failure)Attachment C of the 1st DD250 (Matagorda) specifies a SPAWAR TEMPEST Instrumented Survey must be re-performed (this would have been the SECOND instrumented survey) after the first instrumented inspection failed.Further, there was absolutely no plan in place for the TEMPEST element of this project prior to the acceptance of this ship on 01-Mar-04, and no plan of action until after the government TEMPEST inspections failed miserably during the inspection in February of 2004.However, in the cases of the three ships delivered after the acceptance of this first ship the contractor began charging the government $5,000 to provide a "TEMPEST POA&M", which means that the government and the contractor had no plan in place for the first ship, but that such a plan was put in place after the fact for the second, third, and fourth ships.The notable issue with the first ship (Matagorda) is that it was the only ship on which an actual instrumented TEMPEST inspection was performed prior to acceptance. The cost in line item 55-5 of the Matagorda DD-250 shows a charge of $121,000 and reflects that a SPAWAR TEMPEST inspection team was onsite for 7 days to survey the vessel.Typically (but not always) this is a 6 man team with a man hour requirement of 300 to 350 man hours on site for a vessel of this size and complexity, plus prepatory time, report writing, and expenses. The industry standard for a government or contractor TEMPEST team is $2500 per man-day, plus all expenses, and per diem. However, the TEMPEST inspection can also be performed by only 2-3 people if they are highly skilled and properly equipped, but most U.S. Government TSCM, TEMPEST teams and CTTA's tend to be ill equipped, and ill staffed.A TEMPEST team can also involve several dozen people, with only 2-3 members actually doing the work. It is even more disturbing because the "actual talent" of a TEMPEST team is often just one person (the CTTA) who is taking the measurements, then 1-2 extra people to adjust antennas, switch cables, and twirling knobs, and then a group who sort of stands behind the scenes in support functions of the small number of people who are actually doing the inspection.It is quite possible for a small team of only two skilled engineers using the proper equipment to perform an instrumented TEMPEST inspection of a vessel of this size and complexity in as little as 7 days, although most of the work will be performed by computer controlled test equipment that merely needs a human to baby sit the equipment and periodically move a cable or to adjust an antenna.If in fact, SPAWAR provided a smaller two man instrumented inspection team (or even a single engineer) the expense of $121,000 is extremely excessive and should have been about a quarter of this amount, or less.There needs to be a detailed break down of the charges for the initial $121,000 that was spent on the 7-day TEMPEST inspection. For example, how much was spent of travel, how much on freight, how much for actual on-site measurements, how much was spent off site, how much time was a spent writing report, and so on. All of this information is totally unclassified, but it will help to prove/disprove that the instrumented tests were falsified or not. For example, if the SPAWAR CTTA came out from San Diego there would be a charge for his and his teams airplane ticket, and there would be freight charges for shipping his (several tons) of equipment out to the shipyard.The delicate issue here is that the Coast Guard did the visual TEMPEST inspection, but the instrumented TEMPEST team was from SPAWAR (Navy), and it was the Coast Guard TEMPEST program manager who found the various serious visual TEMPEST compliance problems and who performed the VTI (Visual Tempest Inspection). We see that the USCG inspector was performing a 3-day visual inspection during the same time that the instrumented inspection by SPAWAR was being performed, which is highly irregular.If the Coast Guard TEMPEST program manager were not capable of performing the instrumented TEMPEST inspection without the assistance of SPAWAR, then he would have been unqualified to perform the visual inspection as well, and certainly not qualified to issue waivers in regards to TEMPEST matters.Normally a visual inspection will be performed well in advance of the instrumented inspection is started, not performed at the same time. In fact, the USCG TEMPEST program manager should have made a number of inspections of the ship several times during the build-out months before the acceptance date, and would have visited the ship during the final instrumented TEMPEST inspection (pre-acceptance). Further, the USCG TEMPEST program manager would have been on hand from the time the very first designs for the ship came off the drawing board, and would have inspected the ship dozens of times while it was being built out.On review of the initial blueprints for this ship, and ships that followed it the Coast Guard program manager would also have discovered several glaring design flaws in that way that racks and panel had been located, and would have discovered that the certain systems were not being properly isolated from other systems.Should the USCG TEMPEST Manager have actually inspected the wiring, shielding, bonding, grounding, and other systems during the build out many of the TEMPEST problems would have been identified and corrected well before the SPAWAR TEMPEST instrumented testing. The program manager's periodic visits and implementation of the immediate corrective measures may have slowed the production cycle down a bit, but there would not have been such a huge number of flaws detected during the instrumented inspection, and what appears to be a fairly ugly failure of both the visual and the instrumented inspection.As a result of the TEMPEST program manager, not performing these periodic inspections the contractor was paid for incomplete and defective work, and the ship failed its first instrumented TEMPEST inspection. As there was no plan of action and milestones laid out in advance for this project, there could not have been an implementation of a plan that did not exist.This serious bungling of the scheduling of the TEMPEST inspections appears to be a trend that was following into the other ships as well, and not a situation isolated to just this first ship.Towards the end of the Matagorda's DD250 documents, it states "TEMPEST re-inspections will not be required if Matagorda's C4ISR configuration is the same as the 123 class vessel tested in Step 2". Sadly, the TEMPEST inspector appears to be saying that if all of the flaws found are resolved that they do no need to come back in for another (expensive) instrumented re-inspection. Nevertheless, this is a serious problem because if you fail a visual or instrumented TEMPEST inspection due to equipment not being installed correctly, you have to correct the error, and then completely repeat the entire TEMPEST inspection. Now if the equipment does not change, then there is no reason to repeat the TEMPEST inspection as the results will be the same as the original inspection. The document also contradicts itself in also stating that the instrumented TEMPEST survey needed to be repeated by SPAWAR.This is an example of the "double speak" that was observed throughout the Coast Guard documents on this matter. For example, the TEMPEST inspector is saying that you must repair several problems, but that the TEMPEST inspection does not need to be repeated so long as the equipment is unchanged. If the equipment is in fact modified (by so much as a single wire) then the whole inspection has to be performed again. So, the TEMPEST inspection team is telling the Coast Guard to go away and stop bothering them, but they are couching their wording in such a way so as not to tip off USCG leadership as to the severity of the problem, or in other words, they are using "double speak" to conceal a very dangerous and very significant problem.The DD250 for this ship further conflicts with itself where a second instrumented TEMPEST inspection was ordered to be performed by SPAWAR, but there is no record that this second inspection ever took place, and records created since the government accepted this ship indicate that to second instrumented inspect has yet taken place.It is my professional that the MATAGORDA was not capable of passing both a visual and instrumented inspection, and that the failures of the tests meant that it could not get IATO. So they fixed a few things, and it failed the TEMPEST inspections yet a second time, so they issued waivers, and ram-rodded the IATO (illegally), loaded up classified information (illegally), performed classified testifying (illegally), the then got full ATO (illegally), and continued to operate (illegally) until pulled out of service due to hull cracks.The MATAGORDA had TEMPEST waivers for any visual discrepancies that were not corrected. There was not a re-test. MATAGORDA Visual TEMPEST Inspection (VTI) was conducted 19-21 February 2004 and produced a list of discrepancies. The Instrumented TEMPEST Survey (ITS) for USCG Cutter MATAGORDA was conducted 18 to 24 February 2004 and the result of the survey is classified SECRET.MATAGORDA was first given Interim Authority to Operate (IATO) on 14 October 2004 and Authority to Operate (ATO) on 19 January 2005. (Note: IATO followed the COMOPTEVFOR Operational Analysis Assessment (OAA) by approximately 3 weeks.) IATO or ATO cannot be granted if there are any compromising emanations. Specific results cannot be discussed as they are documented in the classified instrumented survey report.In October 2004, when IATO was granted, MATAGORDA had outstanding discrepancies from her VTI. Visual inspection discrepancies may be waived if, in fact, there are no compromising emanations noted by the ITS. The Secure Electrical Information Processing System was again inspected by Mr. Ronald T. Porter of the Coast Guard Telecommunications and Information Command on 19 December 2004.The Coast Guard 123 WPB class TEMPEST waivers were established by TISCOM on 12 July 2005. (TISCOM Memorandum 2241). An example of a waiver was for an unclassified radio located within 3 meters of classified servers. This was identified as a discrepancy during visual inspection. The waiver is appropriate since a WPB is a small ship and does not have a large communications room or combat information center (as you would find on a Navy ship or larger Coast Guard cutter) - the size of the communications room on a WPB-123 is only approximately 3 meters by 2.5 meters. This physical size makes it impractical to provide the 3-meter separation. The TEMPEST instrumented survey results were sufficient so the visual inspection discrepancy should be (and was) waived.The only reason that the ships "passed" and got ATO is that all of the serious problems got waivered, but not actually corrected.It is all about smoke, mirrors, and misdirection.Metompkin (1325)Delivered: 13-May-04TEMPEST Inspect: 04-Aug-04 (one unresolved problem)Date Entered Service: 03-Mar-05 (began service before being issued ATO)Authority to Operate: 06-Apr-05123" Shutdown: 30-Nov-06 (Coast Guard finds cracks in all 8 ships… they leak)DHS-OIG Report: 09-Feb-07 (Uncovers Massive Project Failure)Attachment D of the 2nd DD250 (Metompkin) mentions that a SPAWAR instrumented inspection was performed, but there is no mention that SPAWAR specifically had to perform the future instrumented inspections, nor is it mentioned that additional instrumented inspections would be required.It also appears that there is a falsified documents listed as Attachment D on this DD250, where there appears to be a claim that instrumented TEMPEST inspections took place when there is evidence in other documents that these inspections did not take place. Records appear to have been either falsified the doctored.The acceptance date was just over two months after the Matagorda and there does not appear to be a charge on the DD250 for an instrumented inspection, but there is a charge of $5,000 to prepare a TEMPEST "Plan of Action and Mile Stones" of POA&M, plus a charge of $3,000 for the "classified testing" which would actually have been the preparation of a POA&M for the TEMPEST and classified testing, not the actual testing itself.Further, into the TEMPEST issues resolution and classified testing segment of the Metompkin there are comments that would lead someone reading the report to suspect that an instrumented inspection was performed, but since there is no charge for such an inspection on the DD250 the instrumented inspection may have been falsified after the massive failure of the first ship. Since the Visual and Instrumented TEMPEST inspection both failed, the "classified testing" could not take place as ciphering or keying materials (KEYMAT) could not be loaded into a suspect system that was or could be leaking classified information.The "TEMPEST visual inspection" of the Metompkin was performed independent of an instrumented inspection (as it should be), but the charges for an instrumented inspection does not appear on the DD250 for this ship, and as such it is likely that no such instrumented survey ever actually took place.On Metompkin there is an $8000 holdback to resolve the major three TEMPEST problems. However, if the cost of making these repairs exceeds the held back money (which it does) it is common for the contractor to merely absorb the $8,000 as a loss instead of throwing good money after bad. This means that the USCG would have to pay the many thousands of dollars to resolve the problems, and merely not pay the contract to held back $8,000 as liquidated damages.Unless a documents can be found the specifically states that all of the visual and cabling items were resolved, that it passed a second visual AND instrumented inspection you should assume that the ships leak secrets, and you should assume that the original TEMPEST inspections were either falsified or the records doctored.The Metompkin does not appear to have had an instrumented TEMPEST inspection performed, but does appear to have had a visual inspection performed. This would have been in-line with SPAWAR CTTA possibly rebuking the USCG TEMPEST Program Manager over wasting their time for not having completed a visual TEMPEST inspection completed prior to scheduling an instrumented inspection.Most, but not all TEMPEST and TSCM specialists tends to be extraordinarily attentive to even the slightest technical details, and are absolutely obsessed with following rigid rules and guidelines for these kinds of inspections, and keeping a tight hold to the technical specifications and guidance under which they operate. The technicians and engineers in these professions recognize the gravity of that they are trying to protect, and the grave consequences of equipment that leaks secrets.On the Metompkin, the DD250 bill in incomplete. The question that needs to be resolved is the possibility that the charge for the instrumented was not individually noted -- but the holdback of $8000 was noted (pending correction of the deficiencies noted in the instrumented inspection).In the Navy OAA II document dated 27-Apr-2005, on page 2 of the chart (item 1.4), second square down on the right-hand side, there is a description of on-going problems with the LTP (local tactical picture) and COP (common operational picture, to the extent that the system was not yet approved for classified communications and could not be used for actual operations.The Navy OAA II report further details in line item 1.11 (page 4) that the cutter was unable to pass TEMPEST testing and that as a result it was unable to obtain access to classified or sensitive information.I have very carefully studied the documents received to date, and in my opinion, the faults found on the visual inspection are truly appalling. The contractor must know that they cannot offer this kind of shoddy workmanship on a U.S. Government asset. For example, the placing of the IFF cable into the same area as the classified data lines could have resulted in a massive breach of classified materials as the signals from this IFF cable would have mixed with the classified signals and carried them quite some distance from the ship. Had this not been caught by the visual TEMPEST Inspection it could have results in an enormous leak of highly classified information that would have affected not only this ship, but also all ships, and all aircraft in the U.S. Inventory.The contractor who performed all of this work, and the Coast Guard people responsible for the pre-acceptance inspections (pre instrumented TEMPEST inspections) are grossly at fault here, and their careless disregard for the protection of classified information presents a serious liability to our national security.Padre (1328)Delivered: 24-Jun-04TEMPEST Inspect: 28-Jan-05 (failed, 11 unresolved problems or "waives")Authority to Operate: 22-Jun-05Date Entered Service: 22-Mar-05 (began service before being issued ATO)123" Shutdown: 30-Nov-06 (Coast Guard finds cracks in all 8 ships… they leak)DHS-OIG Report: 09-Feb-07 (Uncovers Massive Project Failure)The "TEMPEST visual inspection" of the Padre was performed independent of an instrumented inspection (as it should be), but the charges for an instrumented inspection does not appear on the DD250 for this ship.There also appear to be only a single visual inspection of the PADRE that took place just prior to the acceptance, and not a series of inspections at specific milestones along the build out.Attachment D of the 3rd DD250 (Padre) mentions that a SPAWAR instrumented inspection was performed, but there is no mention that SPAWAR specifically had to perform the future instrumented inspections, nor is it mentioned that additional instrumented inspections would be required.It also appears that there is a falsified documents listed as Attachment D on this DD250, where there appears to be claims that the instrumented TEMPEST inspections took place when there is every evidence found in other documents, that these inspections did not take place but were instead either falsified or the record doctored.This ship also entered service before is had been granted an official Authority to Operate, which indicates that the ship may have had classified materials on board and was passing classified traffic and connecting to classified networks, but that it was not legal for it to have such access.Further this ship was later the subject of an Inspector Generals investigation, and was submitted for its first instrumented TEMPEST inspection, but there seems to be some confusions to the issue of a fully instrumented inspection taking place by an independent inspector, or if the instrumented inspection was hindered by waivers that permitted an otherwise defective ship to pass the inspection, but still to be leaking classified information.Attu (1317)Delivered: 02-Aug-04Authority to Operate: 14-Oct-04Date Entered Service: 12-May-05TEMPEST Inspect: 03-Aug-05 (failed, 15 unresolved problems)123" Shutdown: 30-Nov-06 (Coast Guard finds cracks in all 8 ships… they leak)DHS-OIG Report: 09-Feb-07 (Uncovers Massive Project Failure)The "TEMPEST visual inspection" of the Attu was performed independent of an instrumented inspection (as it should be), but the charges for the instrumented inspection does not appear on the DD250 for this ship.Attachment C of the 4th DD250 (Attu) mentions that a SPAWAR instrumented inspection was performed, but there is no mention that SPAWAR specifically had to perform the future instrumented inspections, nor is it mentioned that additional instrumented inspections would be required.It also appears that there is a falsified documents listed as Attachment D on this DD250, where their appears to be claims that an instrumented TEMPEST inspection took place when there is evidence in other documents that these inspections did not take place but were instead either falsified or the record doctored.Nunivak (1306)Delivered: 14-Feb-05TEMPEST Inspect: 07-Sep-05 (5 unresolved problems)Authority to Operate: 10-Feb-06Date Entered Service: 24-Mar-06123" Shutdown: 30-Nov-06 (Coast Guard finds cracks in all 8 ships… they leak)DHS-OIG Report: 09-Feb-07 (Uncovers Massive Project Failure)The Nunivak DD250 does not contain any charges for a TEMPEST POA&M, or for any classified training.The DD250's for this ship does not contain any mention of, schedules for, charges in regards to, or any indication that TEMPEST or TEMPEST related work, surveys, or planning was every undertaken, completed, or even discussed.There is a very high probability that this ship was never approved for legitimate classified equipment, codes, ciphers, or to access the classified systems of other agencies. The ship would have essentially of no value in support of the Coast Guard mission.There also appears to be a number of TEMPEST waivers that the Coast Guard issued as a method of making the problems go away on paper, but not in real life, and that the ship may have in fact been illegally gaining assess to classified systems via insecure equipment if such were being made from the ship.Vashon (1308)Delivered: 09-Mar-05TEMPEST Inspect: 17-Mar-05 (failed, 5 unresolved problems)Authority to Operate: 10-Feb-06Date Entered Service: 08-Aug-06123" Shutdown: 30-Nov-06 (Coast Guard finds cracks in all 8 ships… they leak)DHS-OIG Report: 09-Feb-07 (Uncovers Massive Project Failure)The DD250's for this ship does not contain any mention of, schedules for, charges in regards to, or any indication that TEMPEST or TEMPEST related work, surveys, or planning was every undertaken, completed, or even discussed.There is a very high probability that this ship was never approved for legitimate classified equipment, codes, ciphers, or to access the classified systems of other agencies. The ship would have essentially of no value in support of the Coast Guard mission.There also appears to be a number of TEMPEST waivers that the Coast Guard issued as a method of making the problems go away on paper, but not in real life, and that the ship may have in fact been illegally gaining assess to classified systems via insecure equipment if such were being made from the ship.Monhegan (1305)Delivered: 03-Oct-05Authority to Operate: 10-Feb-06TEMPEST Inspect: 03-Nov-06 (failed again, 19 major problems)123" Shutdown: 30-Nov-06 (Coast Guard finds cracks in all 8 ships… they leak)DHS-OIG Report: 09-Feb-07 (Uncovers Massive Project Failure)Date Entered Service: Not Operating, Never Actually UsedThe DD250's for this ship does not contain any mention of, schedules for, charges in regards to, or any indication that TEMPEST or TEMPEST related work, surveys, or planning was every undertaken, completed, or even discussed.There is a very high probability that this ship was never approved for legitimate classified equipment, codes, ciphers, or to access the classified systems of other agencies. The ship would have essentially of no value in support of the Coast Guard mission.There also appears to be a number of TEMPEST waivers that the Coast Guard issued as a method of making the problems go away on paper, but not in real life, and that the ship may have in fact been illegally gaining assess to classified systems via insecure equipment if such were being made from the ship.Manitou (1302)Delivered: 13-Jan-06TEMPEST Inspect: 23-Jan-06 (failed again, 14 unresolved problems)Authority to Operate: 10-Feb-06Date Entered Service: 05-Apr-06123" Shutdown: 30-Nov-06 (Coast Guard finds cracks in all 8 ships… they leak)DHS-OIG Report: 09-Feb-07 (Uncovers Massive Project Failure)The DD250's for this ship does not contain any mention of, schedules for, charges in regards to, or any indication that TEMPEST or TEMPEST related work, surveys, or planning was every undertaken, completed, or even discussed.There is a very high probability that this ship was never approved for legitimate classified equipment, codes, ciphers, or to access the classified systems of other agencies. The ship would have essentially of no value in support of the Coast Guard mission.There also appears to be a number of TEMPEST waivers that the Coast Guard issued as a method of making the problems go away on paper, but not in real life, and that the ship may have in fact been illegally gaining assess to classified systems via insecure equipment if such were being made from the ship.123' Cutters Present a "High Risk"In a letter to Congress (attached Rupprecht letter dated 13-Apr-07), the Coast Guard admits the 123' class of cutters represented a "high risk" for physical connectivity in regards to TEMPEST, COMSEC and related technical security disciplines. Essentially, the first four cutters failed inspections, and were deemed a TEMPEST and COMSEC hazard. While the Coast Guard resolved several of these issues that created the initial test failures, other problems where simply ignored, or were issued waivers.The issuing of these waivers circumvented the TEMPEST inspection failures, and rather then resolving the TEMPEST issues, the Coast Guard merely pretended that they did not exist to "certify" the cutters. This allowed the Coast Guard the tell SPAWAR that the cutters now were certified, and as such they could now handle classified information, even though this was a "high risk" proposition.By permitting the Coast Guard to certify their own assets, a very dangerous situation has developed that endangers national security. If these problems are present in the 123' cutter, Deepwater program they are likely present in other Deepwater and related programs as well.I would encourage the government to freeze all work, on all ships or projects the Deepwater, firms are involved in until competent inspectors can get on-board and rigorously review the work that has been performed to date to ensure that ships will pass both rigorous a visual TEMPEST and instrumented inspection without waivers, falsified test results, or doctored documents.Further, I would strongly recommend that the ships that were previously built by this firm be carefully reviewed in regards to both visually and with instrumented TEMPEST inspections to see if previous problems have been corrected, or if indeed any of them have actually fully passed as opposed to being waivered.This is a very, very grave situation, and a waste of $64 million dollars that the Coast Guard could have used for better things… please do not let it continue.An Organized Pattern of MalfeasanceThis pattern of malfeasance and oversight problem can be explained is the following way.1) There was never a plan to have these ships pass a TEMPEST inspection in place when the ships where being built, nor considered when the initial contracts and blueprints were drafted.2) When the ships were built the classified communications systems were installed in a haphazard manner, with little or no regard to industry and/or U.S. government standards.3) The configuration of the equipment, positioning, shielding, bonding, and grounding did not comply with that required to protect classified information systems.4) These ships leak secrets, and based on the documents, which I have examined and some of which are attached to this document I, feel that they continue to leak secrets to this day.5) Just prior to acceptance several of these ships were subjected to a visual and instrumented TEMPEST inspection, and in all cases, the ships failed both the visual and the instrumented inspections.6) The contractor has not completed the remedial actions required for the ships to pass either a full visual or an instrumented TEMPEST inspection.7) As such the ships are not allowed to have classified ciphering materials, scramblers, classified software, or classified operating systems on board as adding these systems to the ship would result in the unauthorized disclosure of classified information.8) The ships have to fully clear both a SERIES of visual inspections during build out, then a simulator inspection (which is often not performed), then an instrumented inspection, and they apply for a interim authority to operate, and with this IATO they can load the ciphers and software that will allow them to pass classified information into the C4ISR systems on-board the ships.9) But, this assumes that the C4ISR systems themselves have been deemed secure independent from the TEMPEST testing. TEMPEST deals with the hardware side of the problems, but the C4ISR systems must also pass a series of standards that deals with finding backdoors in the computers and evaluating weak points in the software and firmware. There is significant documentation that the systems on board these ships also failed the software security examinations as well as the TEMPEST inspections.10) Once everything passes the actual authority to operate (ATO) is granted, the C4ISR systems becomes live with classified signals and data, and the next phase of testing can be undertaken.11) At this point you would normally perform NONSTOP evaluations and search for any HIJACK vulnerabilities (you have to have classified data and all communications systems usable and data seamlessly flowing to do this,) and would then begin the classified testing.12) Once the government fully takes over the ship, but before it is dispatched on a real-world mission the ship would normally be subjected to a TSCM or Technical Surveillance Measures inspection to ensure that no eavesdropping devices are present. During this TSCM inspection, the TEMPEST inspection would be repeated to include the visual and instrumented inspection that would be far more rigorous then the original TEMPEST inspections.13) It would be highly desirable for the TSCM team, and the TEMPEST inspectors involved in these final series of inspections to not have any prior involvement in prior Deepwater ships, no links to ICGS, and no links to Lockheed,Mind SetThe mind-set of a TEMPEST inspector is that nothing is there until you can prove otherwise. Their job is to stop or limit compromising emanations and the technical leaks of classified information.A TSCM inspector on the other hand always assumes that an eavesdropper is active or that a bugging device is present until they can scientifically prove otherwise. As you can see a TEMPEST, inspection has a different assumption then that of a TSCM inspection that is why both need to be performed before a vessel is operated in earnest.The Bottom LineThese ships have since been decommissioned due to the hulls cracking and water leaks, due to a poorly designed modification and shoddy workmanship. There is good reason to believe they will never be in service again. Once the hulls cracked, all efforts to resolve the TEMPEST problems appear to have been completely suspended.The Coast Guard now has eight worthless ships, for which they wasted $64 million dollars… how much money have they wasted on other assets that do not work, and will the new National Security Cutter be as equally a monumental failure… will it actually float, or will it too develop huge cracks in the hull and massive leaks of classified information?RecommendationsSalvage all usable electronics, tactical, and mechanical equipment from all eight cutters.Sell the stripped ships for scrap metalDemand a partial refund of monies from ICGS, and consider DLA debarment proceedings the responsible contractors for fraud.Immediately suspend all projects associated with ICGS and with Lockheed Martin in regards to the Deepwater program until all Coast Guard assets have been completely brought up to par, and completely re-inspected from scratch.Request that this Committee and the U.S. Department of Justice investigate the faulty workmanship that caused the hull cracks, and all other shoddy workmanship present on this project, and that criminal proceedings be undertaken should such be warranted.Request the U.S. Department of Justice immediately initiate a counterintelligence investigation into the TEMPEST flaws on these ships to determine if these flaws were the result of the efforts of a foreign government, or merely just shoddy design and workmanship.Request the U.S. Government, and more specifically the TEMPEST engineers and students from the National Security Agency be allowed to examine this ship as a "lesson learned" program before the ships are dismantled or stripped. By studying the problems (that still doubtlessly exists) in these ships, the national TEMPEST and TSCM can be enhanced as a whole by learning from these mistakes. This would turn these eight ships into a temporary training range for the TSCM and TEMPEST profession.Conduct an investigation into the entire Coast Guard TEMPEST program to determine the extent to which the USCG was, or is issuing waivers in lieu of legitimate TEMPEST inspections, installations, maintenance, and repairs.It appears that none of the ships has ever actually passed a TEMPEST inspection, and that a huge number of major flaws were found on all ships, and that after the first four of ships grossly failing that the stopped all TEMPEST testing for the second four ships.In order to perform a TEMPEST, NONSTOP, and HIJACK testing you must have all operational gear installed and active. If the piece of equipment requires a key to operate (such as the ARC-210) you use a testing key or a simulator during the testing, and then once you have IATO authority to operate you can load up the real keys and software, and retest.Your Committee also needs to request the work schedules of all USCG, and SPAWAR TEMPEST employees and contractors to see how often they went out to the shipyard before the instrumented tests, and then investigate their activities during the periods of interest. Essentially, you want to see all of their movements and activities during the entire deepwater program.In my professional opinion none of the ships (all 8 of them) are capable of passing either a visual or an instrumented TEMPEST examination, but rather failed miserably, which required that the government hold back money until the failure points were corrected. There this minimal documentation that any of these problems were actually fully corrected after delivery (other then a few minor problems, when the major problems were ignored).The bottom line, is that based on the documents I have reviewed these ships are all a major liability to our national defense.It is possible that the USCG has corrected the entire problem, and has had the ships subjected to a new visual and instrumented inspection, but there is no documentation to even hope that they have done this.The Coast Guard has been very obstructive to this inquiry, has not been reasonably responsive in providing information, and instead provides mere fragments. They seem to issuing glowing press releases about the Deepwater program instead releasing the documents detailing the TEMPEST and other problems. In a nutshell, the Coast Guard has been giving this committee nothing but lip service.While the Navy did not actually certify the TEMPEST inspections, but were merely contractors that performed the instrumented tests, while the Coast Guard performed the visual inspections.Instead, the Coast Guard "self certified" themselves, but lacked the technical competencies and equipment to perform the instrumented TEMPEST tests on their own. This is a tell-tale sign that the USCG should not have been involved in their own TEMPEST program at all. The Navy SPAWAR does issue "pass/fail" recommendationson USN installations, but they specifically do not do that for the Coast Guard.After carefully studying the documents relative to the Coast Guard Deepwater program I have become reasonably convinced that there has likely been criminal conduct and gross negligence on the part of one or more Coast Guard, and Navy employees or members, and that there has likely also been criminal conduct and gross negligence on the part of the contractor, and subcontractors in a secondary capacity.In my professional opinion the bungling of the Deepwater 123' program (as least on the TEMPEST, COMSEC, Ciphering, and Technical Security side) has resulted in the "losing defense information" and the unauthorized disclosure of classified information, codes, ciphers, and related systems as defined by Title 18, Sec. 793, and Section 798 due to gross negligence.It is my professional opinion that by the Coast Guard operating these ships absent proper TEMPEST inspections that they, the Navy, and the contractor have disclosed highly classified information to our enemies.The issuing of these TEMPEST waivers is the smoking gun, and I feel that they are only the tip of the proverbial iceberg.If the Navy had even the slightest idea that waivers were being claimed and that the problems were not being corrected (bur rather falsified or the records doctored) they were duty bound to notify the cognizant authorities that the ships did not meet NSA TEMPEST standards, and hence to move to revoke any waivers.I believe that the proper terminology is "accessory before the fact", as SPAWAR knew of upcoming illegal activities involving the disclosure of classified information, and while they may not have been the certifying authority for the USCG, he had full knowledge that at least one or more ships failed.If the USCG is not qualified to perform these instrumented tests themselves, then they are not qualified to issue the waivers either. It is a bit of a double-edged sword of many excuses."TEMPEST waivers for any visual discrepancies" can also called "doctoring a TEMPEST inspection," since they could not get the ship to actually pass the inspection they covered the discrepancies with waivers and falsified documents. In some circles this is also called "pencil whipping" the inspection.The results of the instrumented TEMPEST inspection are not classified, the actual report is classified, or more specifically 10% of the final report is classified. I would point out that during the DD250 that the USCG discloses that both the visual and instrumented inspections failed.IATO and ATO can be granted if all of the TEMPEST visual and instrumented violations where falsified with "waivers". They could have also issued waivers for screen doors on submarines, but that does not mean that the submarines will be any safer or more secure.The "Coast Guard 123 WPB class TEMPEST waivers" comments means that the Coast Guard just decided to abandon the TEMPEST standards and inspections right after PADRE failed (again), but gave PADRE Authority to Operate anyway (with falsified TEMPEST waivers). So discovered that the only way to get the ships to pass was to not inspect them in the first place.SPAWAR's Involvement and CommentsAccording to the Navy, visual inspections are normally conducted first so that discrepancies can be corrected before the instrumented test, which is comparatively both expensive and time consuming. However, there is no technical reason to preclude doing both at the same time. Scheduling is a USCG decision. They do not recall when the visual inspection was done since SPAWAR did not perform the visual inspection. The USCG may have performed the visual inspection during the first day since SPAWAR had the night shift. SPAWAR recalls having information about visual discrepancies during the test, but do not recall the details. However, it was SPAWARs understanding at the time that Lockheed Martin did not intend to correct visual discrepancies, so there was no reason to perform the visual inspection in advance of the instrumented test.Lockheed Martin/ICGS has stated that they were not responsible for TEMPEST; SPAWAR claimed that they could only run the instrumented tests, but could not certify anything. The Coast Guard lacked the expertise, equipment, or resources to perform their own inspections so it turned into a case of everybody claimed that someone else was responsible for the problem.SPAWAR tested two 123' hulls, the USCGC Matagorda in February 2004 and the USCGC Padre in July 2006. SPAWAR did not track or record installation changes between the hulls, nor was that a requirement--SPAWAR just tested what was equipment was there when they conducted the test. The test results are again classified. SPAWAR did not make a recommendation, either for or against, TEMPEST certification in the report for the Padre.The Coast Guard and ICGS is Playing GamesWhile MIL-HDBK-232A does involve many TEMPEST topic matters it is not the "Core Document", nor should it be considered "THE" TEMPEST standard by any means. If MIL-HDBK-232A is the only document, which they list as the only contractual requirement, then there was never any formal requirement for TEMPEST compliance in the program, only a specification of distances between equipment and cables.The Coast Guard had admitted that the only standard or protocol that they required for TEMPEST certification was only one publications, that being "MIL-HDBK-232A"A list of relevant government standards, which should have been listed within the contracts and the designs, are amended to this document.When the ships began failing all of their TEMPEST inspections the issue of "other standard and specifications" started being brought up. While we initially see that the USCG and SPAWAR quoted violations in regards to NSTISSAN 2-95 and IA PUB 5239-31, but in October 2005, the USCG inspector began trying to apply Air Force standards to the matter at hand to obtain a waiver.This dragging in an Air Force standard is a case of "document shopping" where the Coast Guard and/or ICGS didn't like what the NSA standards for TEMPEST said, so they shopped around for another government standard that they could quote that would let them get away with a waiver of a dangerous situation.This is akin to a child not liking the answer one parent give them, only to run to the other parent to ask the same question in order to get an override.The interesting issue here is that by seeking a waiver under AFMAN 33-214V2, the Coast Guard states that cheap Mylar/foil shielding may be used in cases where the digital signals are less the 5,000 bits per second (or 5Kbps). The CAT 5E cables that are at issue are actually capable of speeds up to, and in excess of 100 million bits per second (or 100Mbps), or twenty thousand times faster. If the cable were merely used for ISDN communications for a STE connection then the data speeds involved would be 192kbps, which is 38 times faster then the USAF specification. In either regards, brining up an Air Force specification, as an excuse as to why he Coast Guard should issue a waiver on the matter is ludicrous, but it also shows just how desperate the Coast Guard was to cover up the problem.In SummaryI have serious discomfort and grave concerns with the prospect of any further asset deliveries, given what I have seen by studying documents regarding the Deepwater program… the men and women of the Coast Guard have a tough job to do, and they deserve better then ships that leak, and are unusable.It has been on honor to be of service to my country in this matter, and an honor to render assistance to this committee.Thank you,James M. Atkinson---------------------------------------------------------------------------------------------------- World Class, Professional, Ethical, and Competent Bug Sweeps, andWiretap Detection using Sophisticated Laboratory Grade Test Equipment.---------------------------------------------------------------------------------------------------- James M. Atkinson Phone: (978) 546-3803 Granite Island Group Fax: (978) 546-9467 127 Eastern Avenue #291 Web:
http://www.tscm.com/ Gloucester, MA 01931-8008 E-mail: mailto:jmatk[at]tscm.com---------------------------------------------------------------------------------------------------- We perform bug sweeps like it's a full contact sport, we take no prisoners,and we give no quarter. Our goal is to simply, and completely stop the spy.----------------------------------------------------------------------------------------------------