An RF Shielding Performance Guide to ICS/ICD 705 and NSA 94-106 Design

In recent years, we’ve noticed a growing confusion in the industry over design and performance requirements for sensitive compartmented information facilities (SCIF). Part 2 of this article is intended to highlight the significant difference in the performance of radiofrequency (RF) shielding between facilities designed per ICS/ICD‑705[1] and those intended to meet NSA 94-106[2] performance requirements. We will also highlight some of the design and construction methodologies that lead to significant differences in performance. 

Introduction to SCIF Specifications

As noted in Part 1[3] of this article, there is a common misconception that a SCIF design utilizing ICS/ICD‑705 construction recommendations will achieve the performance requirement set forth in NSA 94-106, the NSA standard for RF shielding performance and testing. Part 1 reviewed the typical construction recommendations identified in ICS/ICD‑705, recommended materials, and typical installation methodologies used. The article further identified differences in typical construction between SCIF designs and facilities designed to meet the performance requirements identified in NSA 94-106 and provided explanations as to how those differences impact RF shielding effectiveness.

Part 2 of this article will highlight some of the methods utilized in ICS/ICD‑705 that limit RF shielding performance and some alternate methods that could increase the RF shielding performance. Further, we will discuss other common deviations that often increase project costs without providing any enhanced RF performance. Finally, Part 2 will document the significant differences in potential RF performance utilizing measurement data collected from a facility built per ICS/ICD‑705 construction methods and a facility designed to meet NSA 94-106 requirements. 

SCIF Overview

Ranging from physical barriers to facilities constructed using RF shielding with construction methods to reduce acoustic noise, SCIF requirements and construction specifications for a given project are based on a host of factors, including the purpose of the facility, surveillance risk, physical location, etc. The risk and vulnerability of the SCIF should be evaluated by the Accrediting Officer (AO) and Site Security Manager (SSM). That evaluation will help inform the selection of the technical measures required for each SCIF application. The project’s Certified TEMPEST Technical Authority (CTTA) will assess the requirements for TEMPEST,[4] providing direction on RF shielding requirements and design.

Despite a clear process for design direction and general construction recommendations established in ICS/ICD‑705, many project documents deviate from the typical ICS/ICD‑705 direction. Those deviations can range from specifying alternate shielding materials to utilizing alternate construction methods to establishing RF performance requirements not supported by the project’s design. These deviations often have a variety of adverse effects from increased project costs to designs that do not support the shielding requirements. This puts all involved, including the facility owners, facility designers, and general contractors, in the challenging position of having to work through the disconnects between design and specified performance, often during the construction phase of a project.

NSA 94-106 Versus ICD/ICS‑705 Performance

In Part 1 of this article, we noted that it is not uncommon for NSA 94-106 RF shielding performance requirements to be specified as part of a project’s requirements for a SCIF using ICS/ICD‑705 wall types and construction methods. Further, many projects will reference what appears to be an arbitrary performance requirement. For example, a project’s specifications may require 60 dB of performance from 1 GHz to 10 GHz, despite the fact that ICS/ICD‑705 does not specify an RF shielding performance. Further, the general construction methods outlined in ICS/ICD‑705 are not intended to achieve a specific RF shielding performance utilizing industry-standard methods for quantifying RF shielding performance as defined in test specifications such as IEEE 299⁵ and NSA 94-106.

Previously, we noted several reasons why design recommendations in ICS/ICD‑705 will not achieve NSA performance requirements. Some of these reasons include the manufacturer’s data for the shielding foil material typically specified for SCIF applications clearly demonstrating that the material will not achieve NSA 94-106 shielding performance requirements. We also identified that the recommended construction for walls in ICS/ICD‑705 results in substantial perforation of the shielding material, which will degrade performance. Other factors include the typical ICS/ICD‑705 design recommendations that do not require shielding on the ceiling or floor and do not call for use of other elements critical to achieving high levels of RF shielding performance, including filters, waveguides for mechanicals, and RF shielded doors. 

Based on their assessment, the CTTA may provide recommendations or require the shielding of floors and ceilings and request the inclusion of filters, treated penetrations, and RF doors. But this does not mean the design will meet NSA 94‑106 performance without substantial changes to the general design recommendations provided in ICS/ICD‑705. 

To highlight this discrepancy, data is provided from two different SCIF facilities. The first facility, with performance data provided in Figure 1, was designed and constructed in strict accordance with NSA 94-106. Therefore, this facility was designed and constructed using shielding materials that meet all the magnetic field, electric field, plane wave, and microwave performance requirements identified in NSA 94-106, which include 100 dB of attenuation at 10 GHz. This requires a six-sided RF shielded enclosure with properly treated penetrations, electrical filters, and a high-performance shielded door. 

Figure 1: Facility design to meet NSA 94-106 requirements. Attenuation measured utilizing IEEE 299 test procedure.

The second facility design utilized the ICS/ICD‑705 Wall A construction for interior walls and along exterior building perimeters. The facility design provided shielding enhancements beyond those identified in ICS/ICD‑705, including RF doors, electrical filters for power and building management systems, HVAC RF waveguides, and RF waveguides for plumbing, which enhanced performance over the typical recommendations provided in ICS/ICD‑705. Finally, the facility also included windows, which are typically discouraged under ICS/ICD‑705 but are occasionally included in a SCIF design. This facility’s project requirement identified custom RF shielding performance at 90 MHz, 900 MHz, and 6 GHz with attenuation requirements of 10 dB to 30 dB. 

Since the SCIF facility performance requirements identified frequencies that did not coincide with NSA 94-106 test frequencies, only the 100 MHz, 1 GHz, and 10 GHz test frequencies of the facility designed to meet NSA 94-106 were provided to achieve as relevant a comparison as possible. There is clearly a significant difference in the performance, with average differences of 55 dB or more and peak differences of up to 80 dB. The ICS/ICD‑705 Wall A calls for the shielding layer to be sandwiched between two layers of drywall, but the finish layer of drywall had not been installed at the time that these measurements were recorded and the shielding performance would likely decrease further once the drywall is added.

Design and Product Selection Contributors to Limited RF Shielding Performance

RF performance will be significantly limited in cases where the SCIF design only calls for the ICS/ICD‑705 wall construction without shielding on the ceiling and floor, and without RF doors, no treated penetrations, or filtered power. However, it is apparent from the data presented in Figure 2, the case in which many of these factors were eliminated, that there are still additional factors that limit performance. 

Figure 2: Facility design using ICD‑705 Wall A with the addition of floor and ceilings, RF doors, filters, and treated penetrations. Attenuation measured utilizing IEEE 299 test procedure.

In this specific application, the windows are one factor that limited performance. There are a few different types of protection for windows, including RF film, RF glass, and RF shielded windows, which incorporate an RF shielded screen. These technologies are typically limited to between 40 dB and 80 dB at 10 GHz, depending on the performance of a specific product, and vary in performance from 1 kHz to 10 GHz.

Another factor limiting the RF shielding performance is the primary recommended shielding material. An example of the material often used in SCIF designs is shown in Figure 3. The most frequently recommended shielding material does meet the RF shielding attenuation requirements of NSA 94-106, according to the manufacturer’s data. But the manufacturer’s data is based on a small sample under ideal test conditions, tested on an RF shielded enclosure, and performs optimally at greater than 100 dB from 100 MHz to approximately 1.5 GHz. Above 1.5 GHz, the performance rolls off according to the manufacturer’s data. The performance below 100 MHz appears to roll off as well, and the attenuation will certainly decrease substantially for magnetic (H-field) fields as the frequency decreases. 

Figure 3: Example of ICS/ICD‑705 RF shielding barrier installation

To overcome the limited performance in some frequency ranges, some designs will specify thicker copper foil or aluminum sheets. But the specified materials may still not meet NSA 94-106 if identified as a performance requirement. Further, in the next section of this article, we will identify some construction challenges that will degrade RF shielding performance and limit the benefit of specifying a different material

It is also common to see many issues overlooked in designs that are critical to RF performance, resulting in incremental degradation of RF shielding performance. Common issues include not identifying all items that require filtering. Whether it is used for power, communication, data, or building management systems, a component than includes or uses conductive cables or wires needs to be filtered to maximize the RF performance of a shielding system. 

There are multiple examples of a facility filtering all power sources but choosing not to filter all data lines because the data is entering through the floor, which is slab on grade. However, it does not matter the location from where that cable or wire is entering. If it is conductive, it has the ability to carry signals and radiate similar to an antenna. Similarly, critical or protected signals are at risk of coupling to those cables or wires and leaving the secured space. In some cases, this lack of protection may be a concern over costs associated with data filters or communication filters. However, a cost-effective solution may be to use fiber-optics in the secure space that can penetrate the shielding through an inexpensive RF waveguide or series of RF waveguides.

Other common design issues include allowing untreated mechanicals and plumbing not specific to the SCIF to penetrate and pass through the SCIF RF shielding. This simply creates additional points where RF signals can leak into or out of the SCIF. Again, if the purpose is to maximize RF shielding performance, then any penetration into or out of the shielded space must be properly treated. To avoid potential RF performance issues, it is recommended that only items being utilized in the RF shielded space of a SCIF pass through the RF barrier and that any other items supplying other areas of the facility be routed outside the shielded space. Of course, there are exceptions, but those should be evaluated individually based on an assortment of factors including the cost and the impact on RF performance.

Construction Challenges Contributors to Limited RF Shielding Performance

The recommended wall detailed in ICS/ICD‑705 shows the RF shielding material sandwiched between two layers of drywall or drywall and a substrate such as plywood (see Figure 4). The second layer of drywall must be secured to the wall, and this is typically achieved by mechanically fastening the drywall with screws. But this method penetrates the RF shielding, thus creating the potential for RF shielding leakage. 

Figure 4: ICS/ICD‑705 Wall C depicting an RF barrier between plywood substrate and finish drywall

As mentioned in the previous sections, some designs will identify the use of an alternative shielding material. But this method of construction results in potential RF shielding leakage regardless of shielding material specified. Therefore, the installation of alternative shielding materials may not necessarily enhance RF shielding performance and result in additional project costs with no benefit to the RF shielding performance.

Other common construction challenges when building a SCIF include shielding at the ceiling, RF-shielded doors, and treatment of penetrations when specific RF performance requirements have been identified as part of the design requirements. Many SCIF designs may require that the wall foil turns onto and overlaps the ceiling around the perimeter of the SCIF when the ceiling is a metal pan deck. However, RF performance will be limited by the existing penetrations through the metal deck. 

Additionally, projects may identify that a shielding material must be applied to a ceiling. In most cases, the ceiling is also used to support electrical and mechanical systems and components such as plumbing and HVAC. This is often accomplished using threaded rods or angles that are attached through the ceiling. An example is shown in Figure 5.

Figure 5: HVAC, electrical, and plumbing support angles with threaded rod penetrating copper fabric shielding material at the ceiling

Unfortunately, this technique may result in hundreds, if not thousands, of penetrations through the ceiling, creating the potential for RF leakage. RF shielding companies know how to treat these connections to maximize the RF shielding performance, but an HVAC contractor or plumber with no RF shielding experience is not likely to know how to manage the penetrations. Regardless, these additional penetrations of the shielding can have a negative impact on the overall RF shielding performance.

There may also be untreated penetrations through the walls. If the penetrations are made of a conductive material, such as with conduit, plumbing, and HVAC ducts, it may be recommended that the shielding be bonded to the penetration in an effort to maximize the shielding performance. However, this recommendation does not represent a best practice for RF shielding and will likely reduce the overall shielding performance. Further, these penetrations may have construction debris or paint and may limit electrical conductivity if not cleaned properly. Lastly, the penetration may not be conductive, made of either PVC or some other nonconductive material. These penetrations represent additional areas that could significantly reduce the RF shielding performance. An example is shown in Figure 6.

Figure 6: Untreated penetrations passing through shielding material representing a point where shielding performance may be significantly degraded

Addressing Security Requirements for RF Shielded Doors

There is also a significant impact to doors when referencing NSA 94-106 or some other level of higher RF performance criteria for a SCIF application. Currently, there is no RF door available on the market that meets the typical acoustic requirements for a SCIF and the high levels of RF performance required under NSA 94-106. Additionally, specific high-security locks, including X10 locks, are required to meet security requirements. In order to maintain RF attenuation levels of 100 dB, locks typically need to be taken apart and modified to be integrated into an RF door. But this step voids the security rating of the lock. 

Under NSA 94-106, these issues are addressed by either creating a vestibule or an enlarged door jamb to accommodate an acoustic door with the required security locks and a separate RF door to meet the RF performance requirements. Most SCIF designs do not include this type of design for doors, creating a significant and expensive construction issue when SCIF project documents identify NSA 94-106 or some other elevated level RF performance (>60 dB at 10 GHz).

Conclusion

As discussed in Part 1 of this article, referencing both ICD/ICS‑705 and NSA 94-106 as part of a project can create much confusion in terms of project requirements. Part 2 of this article highlights the performance differences between the construction recommendations presented in ICD/ICS‑705 and the requirements identified in NSA 94-106. Further, we highlighted that project-specific performance requirements may be difficult to achieve utilizing the construction recommendations provided in ICD/ICS‑705. Placing specific RF attenuation requirements on a project utilizing ICD/ICS‑705 can put a project at risk if the project’s design is not carefully reviewed to ensure that RF performance requirements are met. 

Finally, it is not uncommon to discover that a project’s design will not meet the RF performance requirements. This puts the project team in the precarious position of having to determine where to compromise between design and project performance requirements while absorbing unexpected and potentially substantial additional costs. 

To mitigate these issues, we recommend that SCIF design teams review the actual requirements with the CTTA before a project specification or request for quotation is finalized. It’s also a good idea to include an RF shielding consultant on the design team to assist in coordinating the RF shielding design and to ensure that the finished structure meets the performance requirements. 

References

  1. ICS/ICD‑705, “Technical Specification for Construction and Management of Sensitive Compartmented Information Facilities.”
  2. NSA 94-106 (not available for public reference).
  3. “SCIF and Radio Frequency Secured Facility Design: An RF Shielding Design Guide to Navigating ICS/ICD 705 and NSA 94-106 Requirements,” In Compliance Magazine, June 2021.  
  4. TEMPEST is a U.S. National Security Agency specification and a NATO certification used in reference to secure facilities.
  5. IEEE 299, “IEEE Standard Method for Measuring the Effectiveness of Electromagnetic Shielding Enclosures.”

One Response

  1. Robert Nichols

    Very interesting and insightful read. I would be very interested in reading Part 1. Could I possibly get a copy.
    Thanks,
    Todd Nichols
    AWS Industrial Security

    Reply

Leave a Reply

Your email address will not be published.

X