A TEMPEST vulnerability prediction method for cyber security practitioners

Sensitive information can have its security compromised by unintentional electromagnetic emissions from the information technology equipment (ITE) being used to process it. It is important to assess the likelihood of a potential compromise, and this requires radio frequency (RF) engineering expertise to predict the likelihood of the vulnerability occurring. This paper describes the development of a fuzzy inference system that can be used to assess the radiated and conducted vulnerability likelihood of unintentional electromagnetic emanations. The system has the potential to be a valuable tool for cybersecurity practitioners without RF expertise. The system has been tested on office-based ITE devices, and it is effective in predicting the likelihood of radiated and conducted vulnerabilities occurring. Areas of future work include extending the fuzzy inference system to use RF propagation models and enabling it to make vulnerability likelihood predictions after countermeasures have been applied.