One of the most serious technical security liabilities in any modern work environment is the presence of telecommunications equipment with built-in microphones and speakers. Unfortunately this threat
extends to a mobile work environment where Fixed Wireless Terminals (FWTs) are mounted in vehicles. A Fixed Wireless Terminal, (alternatively known as a Wireless Voice Terminal, Fixed Wireless
Telephone, or Fixed Cellular Terminal) is a device that typically uses commercial cellular networks to provide POTS (plain old telephone service) and/or broadband internet service. These devices can be
used in stationary locations or in mobile applications such as in vehicles and boats. However, FWTs and the standard telephones used in conjunction with FWTs are not designed with audio security in
mind and are subject to surreptitious audio surveillance. As such, when used in a U.S. government Accredited Facility (AF) or in a commercially owned Private Secure Area (PSA), these mobile
telecommunications systems must be secured with Committee on National Security Systems (CNSS) approved devices.
Therefore, in order to defeat the audio surveillance threat inherent in vehicle mounted FWT-based telephones, Vector Technologies has developed a Secure Mobile Telecommunications System
(SMTS) that provides the same on-hook audio security required for telephones located in U.S. federal government Sensitive Compartmented Information Facilities (SCIFs). This is accomplished by
incorporating CNSS-approved isolation devices into the SMTS. To Vectorâ€™s knowledge such a CNSSapproved mobile telecommunications system has never before existed.
For several decades, the U.S. federal government has recognized the technical surveillance threat from telephone equipment located in areas where sensitive government information is discussed. The
problem comes from commercial off-the-shelf (COTS) telephones that can pick up nearby audio even while the telephone handsets are on-hook. Essentially, any conversation within earshot can be picked
up by the microphones and speakers built into a standard COTS telephone even when the telephone is hung up. Unfortunately, this audio can then be transmitted out of the facility via the connected
telephone lines and potentially exploited by adversaries.
While the transmitted audio signal strength is usually very weak, modern amplifiers with simple contact leads can recover the transmitted audio well outside the area of origin. In addition, modern audio
forensic software and hardware equipment can be used to enhance the intelligibility of any surreptitiously gathered room audio. To make matters worse, this type of technical surveillance attack is
essentially impossible to detect. It is a passive attack that simply requires access to the targeted telephone line but does not require access to the targeted area.
As with COTS telephones located in office environments, vehicle mounted telephone systems are also susceptible to the same on-hook audio surveillance attacks. Since COTS vehicle mounted FWTs and
COTS telephones are not designed for on-hook audio security, it may be possible to surrepetitiously dial into FWTs and tap into the very weak on-hook audio signals from the non-CNSS-approved
telephones. Essentially when FWTs and non-CNSS-approved telephones are combined into a single telecommunications system it becomes a â€œmobile bug.â€ This combination of technologies is the
equipvalent of a Portable Electronic Device (PED), such as a cellular telephone that can be remotely activated without the knowledge of the user to conduct audio surveillance. This vehicle mounted
COTS telephone system is the same type of telephone system that the U.S. government worries will be used for surrepetitious audio surveillance in sensitive areas.
The only way to ensure absolute telephone security is to exclude telephones from sensitive discussion areas. However, in today’s communications-oriented environment, that solution is impractical. As a
result, the National Telephone Security Working Group (NTSWG), formerly the Telephone Security Group (TSG), developed standards to provide countermeasures against the security weaknesses of
telephone equipment. The NTSWG is the primary technical and policy resource for all aspects of the U.S. technical security program involving telephone systems and is sanctioned by the CNSS.
According to the NTSWG there are two acceptable methods for attaining on-hook telephone audio security:
I. Use of a CNSS-approved telephone that incorporates security features.
II. Isolation of telephones from uncontrolled lines (or uncontrolled FWTs).
III. Use of either CNSS-approved telephones or isolation measures is sufficient to provide on-hook audio security. In addition, neither approach is regarded as being better than the other.
Historically, there have been two categories of “CNSS-approved telephones,” (1) NTSWGapproved
telephones (yes, confusing) and (2) NTSWG-type accepted telephones.
A NTSWG-approved telephone provides all necessary security features as intrinsic properties of the telephone itself. (NTSWG-approved telephones should have been called â€œNTSWG-validated
telephonesâ€ to eliminate any confusion.) These telephones have been technically evaluated (tested) by NSA for the NTSWG and have been determined to meet all applicable on-hook telephone audio
security criteria. Specifically, the NSA’s FABLER Lab carried out telephone equipment testing and evaluations for the NTSWG on new and/or modified telephone equipment. The purpose of the FABLER
Lab testing was to identify telephones for the NTSWG to include on the list of CNSS-approved telephones found in CNSS Instruction No. 5006.
NTSWG-type accepted telephones are telephones that the NTSWG has evaluated in response to a formal application by its manufacturer, and has been approved and awarded a CNSS type-acceptance
number. The NTSWG telephone type-acceptance program is the primary vehicle for evaluating commercial telephones for CNSS approval. The NTSWG has issued type-acceptance standards that
specify the on-hook security design, construction, and performance characteristics required for various genres of telephones and type-acceptance classes. A telephone conforming to these standards
contains specific physical disconnect and isolation measures that ensure:
– It cannot be caused to produce on-hook audio unless modified internally.
– Its basic design does not facilitate modifications that could compromise audio security.
– It can be easily inspected both physically and electrically to verify that the security measures are intact.
Line isolation may be achieved by the use of CNSS-approved line isolation devices, CNSS-approved line disconnect devices or CNSS-approved computerized telephone system installation. The purpose of line
isolation is to separate the telephone from the uncontrolled line when the telephone is not in use. Telephone line isolation and disconnect devices prevent audio signals originating at the on-hook
telephone from passing to uncontrolled telecommunications media. The line isolation or disconnects are interposed in the telephone line within the physically protected space to eliminate the hard-wire
conduction path when the telephone is on-hook.
For both isolators and disconnects, when the telephone is on-hook, all electrical connections to unprotected lines are completely severed. However, when a telephone is actually in use, signals must
pass to the line for communication to take place. During use, isolators establish a temporary communication channel between the off-hook telephone and the unsecured line without using metallic
connection, whereas disconnects provide a temporary metallic connection.
An approved isolator or disconnect device is one that has been evaluated by NTSWG and found to reliably prevent the passage of on-hook audio. CNSS Instruction No. 5006 provides information on approved
isolators and disconnects.
CNSS Instruction No. 5006, “National Instruction for Approved Telephone Equipment,” formerly the TSG Standard 6, “Telephone Security Guide Standards,” is the primary authority and recognized source of
CNSS-approved telephone security equipment. This equipment has been specifically evaluated by the NTSWG for security effectiveness.
CNSS Instruction No. 5006 applies to ALL telephony security equipment and/or systems that currently reside, or will reside, in U.S. federal government or U.S. federal government-sponsored contractor spaces
where national security systems are employed and/or within environments where classified national security information is discussed, stored, processed, transmitted, or when used as a point of isolation in
accordance with Telephone Security Group (TSG) Standard 1, “Introduction to Telephony Security,” March 1990, and, as amended, by Telephone Security Group (TSG) Standard 2a, “NTSWG Guidelines for
Computerized Telephone Systems Supplemental,” March 2001.
Simply stated, a CNSS-approved telephone security system must be used at any location where classified information is discussed and telephone equipment is used. Whether the telephone equipment is used for
unclassified discussions, SECRET discussions or SCI discussion, the telephonic equipment system MUST use some type of CNSS-approved telephone security equipment.
The Vector SMTS consists of an enclosure that is almost identical to the Vector Guardian G2 Portable Electronics Device (PED) Countermeasures Box but repurposed to provide on-hook audio security for non-
CNSS-approved/COTS telephones used with FWTs. The Vector SMTS incorporates the following features:
1. COTS FWT unit(s) with telecommunications provided by major telecommunication carriers
2. CNSS-approved isolation device(s).
3. Non-CNSS-approved/COTS telephone(s)
4. Active sound masking
5. A compartment for secure PED storage of at least 10
With a Vector SMTS solution, any conveyance such as a vehicle or boat can be equipped with a mobile telecommunications system that provides the same on-hook audio security required for telephones located
in the most sensitive U.S. government facilities. Without a Vector SMTS solution, any conveyance equipped with a COTS FWT should be designated as a non-discussion area as a means to protect National
Security Information (NSI) or to protect private information. Otherwise, conversations talking place in conveyances equipped with FWTs and non-CNSS-approved telephones are subject to surreptitious audio
surveillance and unauthorized disclosure of NSI or unauthorized disclosure of private information.