1、 I n t e r n a t i o n a l T e l e c o m m u n i c a t i o n U n i o n ITU-T K.81 TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (06/2016) SERIES K: PROTECTION AGAINST INTERFERENCE High-power electromagnetic immunity guide for telecommunication systems Recommendation ITU-T K.81 Rec. ITU-T K.81 (06/
2、2016) i Recommendation ITU-T K.81 High-power electromagnetic immunity guide for telecommunication systems Summary In an information security management system (ISMS) based on Recommendation ITU-T X.1051 and ISO/IEC Standards 27001 and 27002, physical security is a key issue. The electromagnetic inte
3、rference caused by a high-power electromagnetic (HPEM) attack and the ability to intercept information due to unintentional electromagnetic emissions of equipment are significantly determined by the applied physical security measures. When information security is managed, it is necessary to evaluate
4、 and mitigate the threat to either the equipment or the site. This threat is related to “vulnerability“ and “confidentiality“ in ISMS. Recommendation ITU-T K.81 presents guidance on establishing the threat level presented by an intentional HPEM attack and the physical security measures that may be u
5、sed to minimize this threat. ITU-T K-Supplement 5 provides the calculation results of the intentional HPEM threats. The HPEM sources considered are those presented in IEC 61000-2-13, as well as some additional sources that have emerged more recently. Recommendation ITU-T K.81 also provides informati
6、on on the vulnerability of equipment. The example of vulnerability is provided in ITU-T K-Supplement 5. The equipment is assumed to meet the immunity requirements presented in Recommendation ITU-T K.48 and relevant resistibility requirements, such as those described in Recommendations ITU-T K.20, IT
7、U-T K.21 and ITU-T K.45. The 2016 version of this Recommendation deletes Appendices I, II and III, which were republished as Supplement 5 to Recommendation ITU-T K.81. History Edition Recommendation Approval Study Group Unique ID* 1.0 ITU-T K.81 2009-11-29 5 11.1002/1000/10018 2.0 ITU-T K.81 2014-08
8、-29 5 11.1002/1000/12287 3.0 ITU-T K.81 2016-06-29 5 11.1002/1000/12877 Keywords Electromagnetic security, high-power electromagnetic, HPEM, IEMI, immunity, resistibility, electrostatic discharge. * To access the Recommendation, type the URL http:/handle.itu.int/ in the address field of your web bro
9、wser, followed by the Recommendations unique ID. For example, http:/handle.itu.int/11.1002/1000/11830-en. ii Rec. ITU-T K.81 (06/2016) FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of telecommunications, information and communication t
10、echnologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis. The World Te
11、lecommunication Standardization Assembly (WTSA), which meets every four years, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some
12、 areas of information technology which fall within ITU-Ts purview, the necessary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this Recommendation, the expression “Administration“ is used for conciseness to indicate both a telecommunication administration and a recognized
13、 operating agency. Compliance with this Recommendation is voluntary. However, the Recommendation may contain certain mandatory provisions (to ensure, e.g., interoperability or applicability) and compliance with the Recommendation is achieved when all of these mandatory provisions are met. The words
14、“shall“ or some other obligatory language such as “must“ and the negative equivalents are used to express requirements. The use of such words does not suggest that compliance with the Recommendation is required of any party. INTELLECTUAL PROPERTY RIGHTSITU draws attention to the possibility that the
15、 practice or implementation of this Recommendation may involve the use of a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted by ITU members or others outside of the Recommendation d
16、evelopment process. As of the date of approval of this Recommendation, ITU had not received notice of intellectual property, protected by patents, which may be required to implement this Recommendation. However, implementers are cautioned that this may not represent the latest information and are th
17、erefore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T/ipr/. ITU 2016 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior written permission of ITU. Rec. ITU-T K.81 (06/2016) iii Table of Contents Page 1 Scope .
18、 1 2 References . 1 3 Definitions 2 3.1 Terms defined elsewhere 2 3.2 Terms defined in this Recommendation . 2 4 Abbreviations and acronyms 3 5 Threat evaluation 4 5.1 Definitions of threat portability levels 4 5.2 Definition of the intrusion area . 4 5.3 Definition of threat availability levels 6 5
19、.4 Examples of threat devices . 6 6 Vulnerability of devices to be protected . 7 6.1 Definition of vulnerability classifications 7 6.2 Examples of vulnerability of various equipment types to be protected . 8 7 Determination of EM mitigation levels 9 7.1 General . 10 Bibliography. 12 Rec. ITU-T K.81
20、(06/2016) 1 Recommendation ITU-T K.81 High-power electromagnetic immunity guide for telecommunication systems 1 Scope This Recommendation presents guidance on: establishing the threat level presented by an intentional high-power electromagnetic (HPEM) attack on an electronic device or system; the ph
21、ysical security measures that may be employed to reduce this threat level; establishing the vulnerability of the equipment (or system) to be protected from a HPEM attack. When establishing detailed countermeasures to HPEM attacks, it is extremely important that the threat level (strength) of the att
22、ack be adequately estimated. Underestimation means that the applied countermeasures will be insufficient and hence increases the risk that equipment may malfunction; whereas overestimation means that the applied countermeasures may add significant (and unnecessary) cost to the equipment or system. E
23、stimation of the threat level (strength) is calculated using sources such as the IEC Standards, as well as the independent market studies performed during the preparation of this Recommendation. The vulnerability of the electronic device (or system) to be protected is based on either an assessment o
24、f the standards that the electronic device (or system) satisfy, or the results of independent evaluation (i.e., testing) of a sample device. The threat and vulnerability levels considered within this Recommendation reflect the technology levels current as of 2016. Hence, it is expected that this Rec
25、ommendation will require periodic review in the light of ongoing technological change in order to remain current. 2 References The following ITU-T Recommendations and other references contain provisions which, through reference in this text, constitute provisions of this Recommendation. At the time
26、of publication, the editions indicated were valid. All Recommendations and other references are subject to revision; users of this Recommendation are therefore encouraged to investigate the possibility of applying the most recent edition of the Recommendations and other references listed below. A li
27、st of the currently valid ITU-T Recommendations is regularly published. The reference to a document within this Recommendation does not give it, as a stand-alone document, the status of a Recommendation. ITU-T K.20 Recommendation ITU-T K.20 (2015), Resistibility of telecommunication equipment instal
28、led in a telecommunications centre to overvoltages and overcurrents. ITU-T K.21 Recommendation ITU-T K.21 (2015), Resistibility of telecommunication equipment installed in customer premises to overvoltages and overcurrents. ITU-T K.42 Recommendation ITU-T K.42 (1998), Preparation of emission and imm
29、unity requirements for telecommunication equipment General principles. ITU-T K.43 Recommendation ITU-T K.43 (2009), Immunity requirements for telecommunication network equipment. ITU-T K.44 Recommendation ITU-T K.44 (2012), Resistibility tests for telecommunication equipment exposed to overvoltages
30、and overcurrents Basic Recommendation. 2 Rec. ITU-T K.81 (06/2016) ITU-T K.45 Recommendation ITU-T K.45 (2015), Resistibility of telecommunication equipment installed in the access and trunk networks to overvoltages and overcurrents. ITU-T K.48 Recommendation ITU-T K.48 (2006), EMC requirements for
31、telecommunication equipment Product family Recommendation. ITU-T K.66 Recommendation ITU-T K.66 (2011), Protection of customer premises from overvoltages. IEC 61000-2-13 IEC 61000-2-13 (2005), Electromagnetic compatibility (EMC) Part 2-13: Environment High-power electromagnetic (HPEM) environments R
32、adiated and conducted. IEC CISPR 24 CISPR 24 (2010), Information technology equipment Immunity characteristics Limits and methods of measurement. 3 Definitions 3.1 Terms defined elsewhere This Recommendation uses the following terms defined elsewhere: 3.1.1 availability b-ISO/IEC 27002: Ensuring tha
33、t authorized users have access to information and associated assets when required. 3.1.2 emanation b-IETF RFC 2828: A signal (electromagnetic, acoustic, or other medium) that is emitted by a system (through radiation or conductance) as a consequence (i.e., by-product) of its operation, and that may
34、contain information. (See: TEMPEST.) 3.1.3 integrity b-ISO/IEC 27002: Safeguarding the accuracy and completeness of information and processing methods. 3.1.4 tempest b-IETF RFC 2828: A nickname for specifications and standards for limiting the strength of electromagnetic emanations from electrical a
35、nd electronic equipment and thus reducing vulnerability to eavesdropping. 3.2 Terms defined in this Recommendation This Recommendation defines the following terms: 3.2.1 confidentiality: Ensuring that information is accessible only to those authorized to have access. Information leakage due to insuf
36、ficient electromagnetic emanations security (EMSEC) is a risk to this confidentiality. In this Recommendation, if the equipment cannot be EM mitigated itself, the emission values of existing electromagnetic compatibility (EMC) requirements indicate the level of this confidentiality. 3.2.2 EM mitigat
37、ion: The preparations made to avoid either: a malfunction due to a vulnerability caused by high-altitude electromagnetic pulses (HEMP) or high-power electromagnetic (HPEM) emissions, or a lack of confidentiality due to an insufficient electromagnetic emanations security (EMSEC). The level of the EM
38、mitigation of the equipment can be calculated from the threat level and the vulnerability level. 3.2.3 electromagnetic emanations security (EMSEC): Physical constraints to prevent information compromise through signals emanated by a system, particularly the application of TEMPEST technology to block
39、 electromagnetic radiation. Rec. ITU-T K.81 (06/2016) 3 In this Recommendation, EMSEC means only information leakage due to unintentional electromagnetic emission. 3.2.4 threat: A potential security violation that arises from taking advantage of a vulnerability caused by high-altitude electromagneti
40、c pulses (HEMP) or high-power electromagnetic (HPEM) emissions, and which could lead to a lack of confidentiality due to insufficient electromagnetic emanations security (EMSEC). The level of a HPEM threat is defined by the intrusion area, the portability and the availability but also by the strengt
41、h of the electromagnetic field. 3.2.5 vulnerability: The possibility that the equipment does not function correctly when exposed to HEMP or HPEM. 4 Abbreviations and acronyms This Recommendation uses the following abbreviations and acronyms: AM Amplitude Modulation ASP Application Service Provider C
42、B Citizen Band CSP Contents Service Provider CW Continuous Wave DB Database DC Direct Current EM Electromagnetic EMC Electromagnetic Compatibility EMSEC EM emanations Security ERP Enterprise Resource Planning FET Field Effect Transistor FM Frequency Modulation FTP File Transfer Protocol GTEM Gigaher
43、tz Transverse Electromagnetic HEMP High-altitude EM Pulse HF High Frequency HPEM High Power EM IGBT Insulated Gate Bipolar Transistor IP Internet Protocol IRA Impulse Radiating Antenna ISMS Information Security Management System ISP Internet Service Provider IT Information Technology LAN Local Area
44、Network MSP Management Service Provider NEBS Network Equipment Building Systems 4 Rec. ITU-T K.81 (06/2016) PC Personal Computer SE Shield Effect TCP Transfer Control Protocol VSWR Voltage Standing Wave Ratio 5 Threat evaluation In order to evaluate a threat, it is necessary to consider its: portabi
45、lity level; intrusion areas, and availability level. 5.1 Definitions of threat portability levels This Recommendation defines the four levels of threat portability presented in Table 1. Table 1 Definitions of threat portability levels Threat portability level Definition PI Pocket-sized or body-worn
46、(Note 1) PII Briefcase or backpack sized (Note 2) PIII Motor-vehicle sized (Note 3) PIV Trailer-sized (Note 4) NOTE 1 This portability level applies to threat devices that can be hidden in the human body and/or in clothing. NOTE 2 This portability level applies to threat devices that are too large t
47、o be hidden in the human body and/or in clothing, but that are still small enough to be carried by a person (such as in a briefcase or a back-pack). NOTE 3 This portability level applies to threat devices that are too large to be easily carried by a person, but small enough to be hidden in a typical
48、 consumer motor vehicle. NOTE 4 This portability level applies to threat devices that are too large to be either easily carried by a person or hidden in a typical consumer motor vehicle. Such threat devices require transportation using a commercial/industrial transportation vehicle. 5.2 Definition o
49、f the intrusion area This Recommendation recognizes the concept of intrusion area. This concept indicates both: the portability levels of threat device(s) that may be present; the typical minimum separation distance that may be achieved between the threat device and the electronic equipment to be protected. The concept of intrusion area is depicted in Figure 1 and summarized in Table 2. Intrusion area Zone 0 applies to the public spaces surrounding the site or building that houses the equipment to be prot
