TÜV SÜD Product Service has been appointed by CESG, the information security arm of GCHQ and UK’s National Technical Authority for Information Assurance (IA), as the UK’s only commercial laboratory accredited to perform Tempest first-of-type platform testing.
Unintentional signals from Information and Communications Technology (ICT) equipment, on board platforms such as military vehicles, may make sensitive data vulnerable. The TEMPEST service helps manufacturers and users understand its level of electromagnetic vulnerability, so that counter-measures can be in place. Besides performing first-of-type platform testing, TÜV SÜD can perform in-service TEMPEST testing to Ministry of Defence (MoD) requirements.
Jean-Louis Evans, Managing Director of TÜV SÜD Product Service, said: “Security, for both the military and other government departments, is about understanding the vulnerabilities associated with radio frequency emanations ICT equipment and mobile platforms processing classified information.
“Our appointment as the UK’s only commercial TEMPEST first-of-type test laboratory is testament to TÜV SÜD’s pedigree in EMC conformance testing. We have a strong international reputation for impartiality and familiarity with an extensive range of ICT products, as well as experience of working with many governments and NATO.”
This appointment extends TÜV SÜD’s TEMPEST service beyond the accreditation it received from CESG in 2012, which allows TÜV SÜD to evaluate and certify products on under the CESG Formal TEMPEST Certification Scheme (CFTCS). Manufacturers will have to undergo regular TEMPEST production audits to achieve and maintain certification for their ICT equipment, so that compromising electromagnetic emanations remain within the limits defined in NATO standards. Visit: www.tuv-sud.co.uk.
Meanwhile the benchmark scheme certifying cyber security training, the former CESG Certified Training (CCT) was rebranded as GCHQ Certified Training (GCT) on January 1. Under its new name it will continue to certify cyber security training and trainers, helping IT users and organisations navigate the cyber training market and identify training courses.
The new name recognises that GCHQ is a more widely known brand, and is already used to certify cyber security master’s degrees and to acknowledge cyber security research.
The criteria for GCT are based on the IISP Skills Framework, which also underpins the CESG Certified Professional (CCP) scheme and the GCHQ certified Cyber Security Masters degrees. APMG is responsible for ensuring training providers meet GCHQ standards and is GCHQ’s independent Certification Body for certified training.
A GCHQ spokesperson commented: “One of the biggest challenges for the UK in cyberspace is developing enough skilled people. Vital to building cyber skills is having relevant and high quality cyber security training. GCHQ Certified Training helps to deliver that by providing confidence in cyber security training providers and the courses they offer.”
