Every SCIF has a unique identification (UID) based on its full
spectrum of construction materials, dimensions and MEP
characteristics. Each compromises itself by inadvertent
signals, or rather signals not usually or easily intercepted.
Same for each building and building site above and below
the surface.
Conventional SCIF design characteristics which are in the
public domain do not cover the full spectrum, typically
only the EM. Like CryptoAG and other ruses, SCIFs are
quite collectible behind the EM mask.
Similarly, TEMPEST characteristics which are in the public
domain do not cover the full spectrum of collectible
signals and metrics of compromising emanations.
Some similarity to lie detection ruses.
There are likely other ruses, as customary comsec
disinformation hardly restricted to crypto.
Now could that be what BadBIOS is up to? A leak of
disinfo for those which have limited interception and
analysis equipment? Still, it is a fine story about the many
levels of comsec onion ot be peeled.
At 09:52 AM 11/1/2013, you wrote:
- > perhaps i misunderstand it, though must 'resonance'
- > be audibly acoustic, and would a SCIF actually defend
- > against "vibrations" at all frequencies.
the question highlights how ill-suited the 'spy agencies'​​ are for
conducting asymmetric anything.
Unless they had a Brain inside think of a mechanism and explain it to an
Engineer to propose to a Facilities Security Manager who obtained
confirmation from a Director, they would be vulnerable.
For instance, TEMPEST security - every SCIF has it because inside it was
well documented/implemented. Â SEISMIC security - no SCIF*** is isolated
from seismic vibrations modulated with data. Â So, to ex-filtrate data,
have those passing circus elephants stomp their feet in predetermined
patterns. Â Or make one of those "Dune" style thumpers. Â The
worms in this case being .... ?
*** I'm suppose some very few SCIFs are vibration isolated for various
reasons, but not as an exfil channel.
-daniel