Every SCIF has a unique identification (UID) based on its full spectrum of construction materials, dimensions and MEP characteristics. Each compromises itself by inadvertent signals, or rather signals not usually or easily intercepted. Same for each building and building site above and below the surface. Conventional SCIF design characteristics which are in the public domain do not cover the full spectrum, typically only the EM. Like CryptoAG and other ruses, SCIFs are quite collectible behind the EM mask. Similarly, TEMPEST characteristics which are in the public domain do not cover the full spectrum of collectible signals and metrics of compromising emanations. Some similarity to lie detection ruses. There are likely other ruses, as customary comsec disinformation hardly restricted to crypto. Now could that be what BadBIOS is up to? A leak of disinfo for those which have limited interception and analysis equipment? Still, it is a fine story about the many levels of comsec onion ot be peeled. At 09:52 AM 11/1/2013, you wrote:

...

perhaps i misunderstand it, though must 'resonance' be audibly acoustic, and would a SCIF actually defend against "vibrations" at all frequencies.

the question highlights how ill-suited the 'spy agencies'​​ are for conducting asymmetric anything.

Unless they had a Brain inside think of a mechanism and explain it to an Engineer to propose to a Facilities Security Manager who obtained confirmation from a Director, they would be vulnerable.

For instance, TEMPEST security - every SCIF has it because inside it was well documented/implemented. Â SEISMIC security - no SCIF*** is isolated from seismic vibrations modulated with data. Â So, to ex-filtrate data, have those passing circus elephants stomp their feet in predetermined patterns. Â Or make one of those "Dune" style thumpers. Â The worms in this case being .... ?

*** I'm suppose some very few SCIFs are vibration isolated for various reasons, but not as an exfil channel.

-daniel