Many in the security field focus on hardening data networks against hackers and malware, but voice conversations often require the highest level of protection too. For government agencies and contractors, the need is obvious: having the ability to discuss classified information in full confidence that it will not be overheard, intercepted, stolen or leaked.

Sensitive Compartmented Information Facility

This is where a SCIF comes in: a Sensitive Compartmented Information Facility. Typically, this is a purpose-built room in a building or a portable enclosure where sensitive phone conversations can take place in complete privacy. SCIFs are accredited for use by the Federal government with standards defined by the defense and intelligence communities.

To achieve this level of security, SCIF defines building requirements that greatly exceed those achieved by typical commercial construction. Walls, ceilings and floors, for example, must use special materials to prevent leakage of electromagnetic or radio frequencies that might be monitored and collected by lurkers for unintended uses. The surfaces can be even be “hardened” with noise generators that radiate a blend of frequencies to produce a sound like running water or static.

All telephone, electrical power, security systems, data and emergency systems must be dedicated to and contained within the SCIF. Any utility that enters the SCIF must terminate there and not traverse the space. Where the conduit for any of these systems penetrates the SCIF perimeter, they must be hardened to minimize the chance of compromise.

Duct work, for example, must be equipped with steel bars, welded at the intersections, with inspection ports inside the SCIF. The openings, duct work and duct breaks must be specially fabricated to prevent signal leakage.

The SCIF door and frame assembly also must prevent signal leakage, and must employ two access control technologies: one for daily use and one for secure lock up when the SCIF is unattended for long periods.

Secure, Certified Phones

To help defense, intelligence and civilian agencies protect sensitive information, the phones used within the SCIF must be certified by the Committee on National Security Systems (CNSS) to ensure compliance with electrical and acoustical guidelines.

If the manufacturer substitutes any component that alters a phone’s electrical or acoustical characteristics, it must be resubmitted for CNSS certification.

Phones are randomly selected for testing one calendar year after CNSS approval to ensure continued compliance with the guidelines.

Cabling and Network Infrastructure

In the case of structured cabling and network infrastructure, projects must follow security specifications required to receive site survey certification and approval. Each aspect of the network requires special attention, including:

• Shield Twisted Pair / Fiber / Hybrid Infrastructure
• Wire-ways / Conduit / Transport
• Cabinets / Main Distribution Frame / Communications Closet
• Station Drops / Cabling
• Labeling / Inspection / Administration

Putting it all Together

The growing number of attacks on enterprise data networks, their increasing sophistication and persistence, and the emergence of a new breed of cyber criminals intent on stealing or ransoming sensitive information all point to the need for tighter security measures.

When it comes to protecting sensitive voice communications, federal agencies and contractors have a proven solution – SCIF. Partnering with an experienced technology provider can streamline the accreditation process, prevent implementation delay, and facilitate the safe discussion of private information.

Jeff Nolte is President and CEO of CTS, a leading Voice and IT services provider based in Millersville, Maryland. He may be reached at (800) 787-4848 or jnolte@ctsmd.us.