Scif · Volume 2
A Short History of the Secure Room
2.1 Why history is load-bearing here
A SCIF is not the product of a single act of design. No committee sat down at a clean sheet in 1950 and specified true-floor-to-true-ceiling walls, sound groups, acoustic door seals, RED/BLACK separation, and an accreditation lifecycle. Every one of those requirements is scar tissue. Each is the institutional memory of a specific failure — a device found in a wall, a spike on an oscilloscope, a contractor’s blueprint sold to a foreign service, a building poured full of antennas by the very people it was meant to keep out. Read the modern IC Tech Spec cold and it looks like arbitrary bureaucratic fussiness; read it against the record of the twentieth century and nearly every clause has a corpse behind it.
This volume traces how the doctrine came to exist, roughly in order: the wartime birth of compartmented handling and code words; the accidental discovery that electronic equipment leaks its secrets into the air; the great embassy-bugging episodes that forced physical and technical security to grow up together; the spy scandals that turned “trust the people” into “trust the cleared people and the cleared materials and nothing else”; and finally the paper trail — the Director of Central Intelligence Directives, the 2004 reorganization that produced a Director of National Intelligence, and the unifying standard, ICD 705, that a modern SCIF is built to. The engineering volumes that follow will assume the reader already understands why the rules are shaped the way they are. This is the why.
2.2 Compartments before there were rooms
The oldest idea in the SCIF is not physical at all. It is the idea of the compartment — that access to a secret should be gated not by rank but by demonstrated need, and that even people cleared for the highest general classification should be walled off from a specific secret unless they must have it. That principle was forged in the Second World War, in the handling of signals intelligence, long before anyone built a room to enforce it.
By 1941 the British were reading high-grade German traffic broken at the Government Code and Cypher School at Bletchley Park. The product was so valuable — and so fragile, because a single indiscretion could tell the Germans their Enigma-enciphered traffic was being read and prompt them to change the machine — that it was given a handling designation above the existing “Most Secret” tier. It was Ultra: more than secret, distributed on its own channel to a tiny, named list of officers who were briefed that they could act on it only in ways that plausibly concealed its source. The Americans had run the same logic a step earlier against Japan. Their break into the Japanese diplomatic cipher machine — “Purple” to the codebreakers — yielded a stream of decrypts handled under the code word Magic, walled off from ordinary classified traffic and read by a deliberately minuscule audience.

Two habits of mind were established in that period that the SCIF would later inherit wholesale. The first was the code word as an access boundary, not merely a name: to be “indoctrinated” into Ultra or Magic was to be admitted to a compartment, and knowing the code word at all was itself sensitive. The second was the access list — the roster of who may be told. The most vivid survival of the wartime habit is the “BIGOT list,” the tightly held roster of personnel cleared to know the plan and timing of the Normandy landings; officers admitted to it were, in the black humor of the time, “BIGOTED.” The etymology is disputed — one durable story derives it from “TO GIB” stamped on the papers of officers routed “To Gibraltar” for the North African landings, reversed — and belongs in the semi-legendary drawer, but the practice it names is real and unbroken: a specific operation gets a specific list, and being on the general clearance roll buys you nothing.
Physical spaces followed the compartments rather than the other way around. The archetype is the map room. In January 1942 Franklin Roosevelt had a ground-floor ladies’ cloakroom in the White House converted into a round-the-clock secure communications and plotting center, consciously modeled on the map room Churchill kept in London. It was staffed by rotating Army and Navy officers, its walls covered in the current dispositions of fleets and armies, and — the detail that matters for this history — access was restricted to the President, the room’s own officers, and whomever the President specifically named. The Secret Service was barred. It was, in embryo, the whole SCIF idea: a physically controlled space whose defining feature is not its furniture but the discipline of who may cross the threshold and what may be said inside.

When the war ended the machinery did not stand down. The Central Intelligence Agency was created in 1947 and the signals-intelligence effort that had produced Ultra and Magic was consolidated, eventually, into the National Security Agency in 1952. The wartime compartments hardened into a permanent system of Sensitive Compartmented Information — intelligence about sources and methods, handled under control systems and code words, releasable only to the indoctrinated. Once that category existed as a permanent peacetime fixture, it needed a permanent place to live. The category “SCI” is precisely what puts the “SCI” in “SCIF.” The facility is the room built to hold the compartment.
2.3 The spike on the oscilloscope
The second founding discovery was electronic, and it was an accident. In 1943 a Bell Telephone Laboratories engineer, working with a mixer used in one of the Army’s secure teletype systems — the model 131-B2, part of the one-time-tape SIGTOT family that XORed plaintext with a random key tape — noticed something disquieting. Every time the machine enciphered a character, a spike appeared on an oscilloscope standing at the far end of the laboratory. The machine was leaking. The electromechanical relays that performed the encryption were radiating enough of the plaintext into the room, and onto the wires leaving it, that the ciphered message could be reconstructed from the leakage — after all the mathematical trouble of the one-time tape had been taken to make the ciphertext itself unbreakable.
Bell reported it. The Signal Corps, by the standard account in the NSA’s own later history, was skeptical and asked for proof; Bell obligingly parked a technician in a building across the street and recovered a useful fraction of the plaintext of a test message from the emanations alone. The wartime fix was crude and physical: control a zone around the communications center — a radius said to be on the order of a few tens of metres — so that no adversary could get a receiver close enough. That is the entire concept of a control zone in one sentence, and it is still, seventy years on, one of the load-bearing ideas of emanation security.
The problem was rediscovered, and taken far more seriously, in the early Cold War. In 1951 the CIA revisited the 131-B2 and found it could pull usable plaintext off the signal line a substantial distance away — far enough to make the “few tens of metres” comfort zone look naive. The phenomenon of compromising emanations — that information-bearing equipment radiates its secrets electromagnetically and conducts them down every wire that leaves it — was now a permanent engineering problem, and the effort to characterize and suppress it acquired the cover name it still carries: TEMPEST. The public record of all this is unusually good for once: in 2007 the NSA declassified (with redactions) a monograph titled TEMPEST: A Signal Problem, which tells the 131-B2 story more or less as recounted here. It is the canonical, citable origin.
What must not be stated in a document like this — because it is genuinely classified and inventing it would be both wrong and useless — are the numbers. The specific emanation limits, the zoning distances that define how far an equipment’s compromising signal must be attenuated, the frequency-by-frequency test envelopes: those live in the NSTISSAM/CNSSAM TEMPEST family (the emanation-limit standard NSTISSAM TEMPEST/1-92 and its lineage back through NACSIM 5100), and they are not public. The concept is public: equipment leaks; leakage is measured against limits; installations are zoned so that the leakage that survives at the perimeter is below what an adversary at the nearest possible standoff could exploit; and a facility can be built to attenuate the whole spectrum with shielding. The numbers that make those sentences operational are not. This deep dive stays scrupulously on the public side of that line, and the reader should be suspicious of any hobbyist source that claims otherwise.
The reason TEMPEST matters to architecture, and not just to equipment design, is that emanation security cannot be solved at the box. A room full of leaky equipment leaks as a room. That realization is the seed of the shielded enclosure — the Faraday cage as a building system — and of the discipline of separating RED wiring (carrying plaintext) from BLACK wiring (carrying ciphertext or no classified content), so that the red does not induce its secrets onto the black on the way out of the building. Those become entire volumes of their own later. Here it is enough to note that by the mid-1950s the intelligence community knew, as an engineering certainty, that a secure room had to defend not only against a man with an ear at the wall but against a receiver across the street.
2.4 The Thing
If TEMPEST taught the community that equipment betrays itself, the embassy-bugging episodes taught it that the building is the adversary’s medium — and no episode taught it more elegantly than the one the counter-surveillance people simply called “The Thing.”
On 4 August 1945 a delegation of Soviet schoolchildren presented the American ambassador, W. Averell Harriman, with a handsome carved wooden replica of the Great Seal of the United States, a gesture of wartime friendship between allies. Harriman hung it in the study of Spaso House, the ambassador’s residence in Moscow. It stayed there, admired, for roughly seven years, through Harriman’s tenure and into George Kennan’s, quietly listening.

Inside was a device of extraordinary subtlety, designed by Léon Theremin — the same Soviet inventor whose name is on the electronic musical instrument. It was a passive resonant cavity: a small metal can with a thin conductive membrane at one end acting as a diaphragm, and a quarter-wave antenna. It had no batteries, no valves, no transistors, nothing to wear out or run down, and — crucially — nothing to emit when it was not being interrogated. It was inert metal. When a Soviet operator in a building across the way illuminated it with a radio beam at its resonant frequency, sound in the room flexed the diaphragm, varied the cavity’s resonance, and modulated the beam that was reflected back. The room’s conversations rode home on a carrier the Soviets themselves supplied. Because the bug was passive, it was nearly undetectable by the sweep techniques of the day, which looked for the emissions of powered transmitters; there was nothing to find until it was switched on from outside, and no reliable way to know when that was.


Its discovery, around 1951–52, was itself an accident of emanation leakage — the mirror image of the TEMPEST story. By the durable account, a British radio operator idly tuning across the band heard American voices from the ambassador’s residence coming through on an open channel while the Soviet illuminating transmitter happened to be running, which pointed the sweep team at the residence; a physical search then turned up the device in the carving. The exact details vary between tellings and some belong in the legendary drawer, but the outcome is documented and the device is real: a faithful replica is on public display at the National Cryptologic Museum, where — unlike the original — visitors can open the cabinet and see the cavity inside.
The Thing rewrote the threat model. Before it, technical surveillance countermeasures assumed a bug was a powered transmitter and hunted for its emissions. After it, the community had to assume that a listening device could be entirely passive, could be cast into an innocuous object handed over as a gift, and could sit dormant and undetectable until an adversary chose to wake it. That single lesson propagates directly into modern SCIF doctrine: the deep suspicion of anything brought into the space from outside, the treatment of walls and furnishings as potential carriers rather than neutral background, and the entire premise that a secure area must be built and controlled from the ground up rather than swept clean after the fact.
2.5 The wall full of microphones
If The Thing was elegant, what came next was industrial. In 1964 the United States announced that it had found microphones in the walls of the Moscow embassy — not one clever device but, ultimately, more than forty of them. They were discovered after workers demolished an interior wall and found the first microphone in a wooden tube behind the plaster; the sweep that followed found the building riddled. The devices were old enough that some had visibly rusted, meaning the embassy had been listened to for the entire period the Soviets had leased the building to the United States, more than a decade. Essentially every room had been wired, including bathrooms; the documented exception was a specially constructed “room-within-a-room,” an early screen room, which had been built precisely on the assumption that the rest of the structure could not be trusted.
That “room-within-a-room” is worth pausing on, because it is the practical birth of an idea the SCIF still runs on: if you cannot trust the building, you build a controlled, self-contained secure enclosure inside the untrusted shell, and you treat everything outside it as hostile territory. The screen room — a shielded, isolated, independently constructed box for the conversations that truly matter — becomes standard embassy practice from here forward, and it is the conceptual ancestor of the modern shielded SCIF and of the free-standing secure rooms the government would later ship abroad in pieces.
The bugging of American diplomatic facilities did not stop with wall microphones. Between 1976 and 1984 the Soviets ran one of the most sophisticated technical operations of the Cold War against the embassy’s IBM Selectric typewriters: implants hidden in the metal support bar of the machines that sensed the mechanical motion of the typing element and exfiltrated the keystrokes — a mechanical keylogger, decades before the word existed, defeating the encryption downstream by stealing the text before it was ever enciphered. It is the same lesson as TEMPEST and The Thing in a third costume: attack the plaintext where it is generated, in the room, before any cryptography can protect it. The SCIF’s obsession with what equipment is allowed inside, and with the integrity of that equipment’s supply chain, is a direct descendant.
2.6 The building that was a bug
The episode that did more than any other to produce the modern doctrine of controlled construction was the new Moscow embassy — the chancery on Novinskiy Boulevard, the building sometimes called by its contractor designation. In the détente of the 1970s the two countries agreed to build each other new embassy compounds. The American side, to save money and because the host country insisted on it, accepted an arrangement that in hindsight reads as institutional suicide: much of the structure would be built by Soviet labor from Soviet materials, including precast concrete components fabricated off-site, where no American could watch them being poured.

By the mid-1980s American technical teams concluded the building was hopelessly compromised. The reporting from the period — and it must be read as reporting, because much remains classified and some of the more lurid specifics belong in the semi-legendary drawer — described listening devices and antenna structures cast directly into the concrete beams and columns, so integrated with the structure that the building’s own reinforcing acted as antenna and the implants could not simply be pulled out without demolishing the fabric that held the building up. Construction was halted in 1985. Congress held hearings; the State Department and the intelligence community were sharply criticized for how the arrangement had been allowed and how the discovery had been handled. Estimates of cost and of the number of devices varied wildly and should be treated with caution. What is not in doubt is the resolution and its logic.
After seriously considering tearing the structure down entirely, the United States settled on what became known colloquially as the “Top Hat” solution: demolish the upper floors and rebuild the secure levels from scratch, using cleared American workers and American materials shipped in and controlled end to end, effectively constructing a trusted secure structure on top of an untrusted shell. The building was finally occupied years and hundreds of millions of dollars later. The doctrine that came out of the affair is the one a SCIF is built on to this day: secure areas are constructed by cleared American labor, from materials whose provenance is controlled, under continuous surveillance of the work, with the shell treated as hostile until proven otherwise. The IC Tech Spec’s requirements for construction security surveillance, for cleared or continuously escorted workers, for control of materials, and for inspecting components before they are closed into a wall are not abstract prudence. They are the Moscow embassy, written into a checklist so it does not happen again.
2.7 The human failures that hardened the culture
Hardware was only half the story. The same years produced a run of espionage cases that attacked the other axis — the people — and pushed the culture from “trust cleared personnel” toward “trust cleared personnel, but verify the room, the materials, and the two-person rule.”
The most damaging was the Walker spy ring. John Anthony Walker, a U.S. Navy warrant officer and communications specialist, sold cryptographic keying material and technical details to the Soviet Union for roughly seventeen years until his arrest in 1985, recruiting family members and a friend into the ring. The keys he passed let the Soviets read enormous volumes of encrypted U.S. naval traffic; a Soviet defector later characterized it as one of the most damaging penetrations of the Cold War. The Walker case is a COMSEC catastrophe more than a physical-security one, but its cultural effect on secure facilities was direct: it hammered home that cryptography protects nothing if the keys and the cleared insiders who hold them are compromised, and it reinforced the two-person and strict material-control disciplines that a SCIF’s operating procedures still impose on the handling of keys, media, and classified holdings.
Overlapping with it was the Marine embassy scandal of 1986–87. Sergeant Clayton Lonetree, a Marine security guard in Moscow (and previously Vienna), was seduced and blackmailed by the KGB and became the first Marine convicted of espionage, passing embassy floor plans and identifying intelligence personnel. The initial press furor — lurid claims that Marines had walked KGB officers through the embassy at night — was largely discredited on investigation, and honesty requires saying so; the sensational version belongs in the legendary drawer. But the sober residue was real and consequential: an embassy assumed to be technically penetrated, guards compromised by a classic honeypot, and a security establishment forced to confront that even its cleared American personnel abroad were a vector. Coming on the heels of the new-embassy bugging, the two scandals together produced a moment of institutional resolve about diplomatic and secure-facility security in hostile environments from which much modern practice dates.
The through-line of the human cases and the technical cases is the same, and it is the thesis of the whole discipline: a secure room is only as good as the least-trusted element allowed to touch it — a person, a material, a component, a wire, a typewriter, a gift. Defense in depth is the response, and it is why the SCIF layers physical, acoustic, visual, and emanation protections rather than betting everything on any one of them.
2.8 From directives to a single standard
All of this operational scar tissue eventually had to be written down, and the paper trail is its own instructive lineage — a slow march from fragmented, agency-by-agency rules toward a single unifying standard.
For decades the authority for how to build and accredit a SCIF lived in the Director of Central Intelligence Directives, the DCIDs. The relevant physical-security instruments were DCID 1/21 and, succeeding it, DCID 6/9, “Physical Security Standards for Sensitive Compartmented Information Facilities,” which was in force from 2002 until 2010. DCID 6/9 is the document most working SCIFs of the 1990s and 2000s were built to; a great deal of installed base still traces its lineage to it, and “grandfathered DCID 6/9 space” is a phrase that still appears in accreditation discussions. It was a genuinely detailed construction and security standard — walls, sound attenuation, alarms, access control — but it lived inside the DCI’s authority structure, and that structure was about to be dismantled.
The dismantling came from the September 11 attacks. The 9/11 Commission found the intelligence community fatally stovepiped, and the Intelligence Reform and Terrorism Prevention Act of 2004 (IRTPA) responded by abolishing the old dual-hatted Director of Central Intelligence and creating a Director of National Intelligence to sit atop the whole community. When the DCI role was replaced, the DCID series lost its issuing authority. The DNI’s directives — Intelligence Community Directives, the ICDs — became the new instruments, and the physical-security standard had to be reissued under the new masthead.
That reissue is ICD 705, “Sensitive Compartmented Information Facilities,” signed in 2010, which rescinded DCID 6/9. And here the history makes a genuinely important engineering turn, because ICD 705 is deliberately not a thick construction manual. It is a short capstone directive — a few pages — that sets policy and then points at its implementing documents: IC Standard 705-1 and 705-2, and above all the Technical Specifications for the Construction and Management of Sensitive Compartmented Information Facilities, universally called the IC Tech Spec. The Tech Spec is the thick document — the one with the wall constructions, the sound groups, the door and lock requirements, the acoustic and RF details, the drawings package — and it is maintained and versioned separately from the policy directive above it, so the engineering can be updated without reopening the policy.
The reason this structure mattered is one word: reciprocity. Before ICD 705, agencies built to their own interpretations, and a SCIF accredited by one component was not automatically trusted by another — a cleared contractor might have to reaccredit essentially the same room to work a program for a different agency, at real cost and delay. By putting the whole community under a single set of technical specifications and an explicit reciprocity obligation, ICD 705 made the accreditation portable: accredit a facility once, to the common Tech Spec, and — barring specific documented reasons — other IC elements are obliged to recognize it. That is not bureaucratic tidiness for its own sake; it is the difference between a defense contractor building one SCIF and building five nominally identical ones for five customers. The unification of the standard is arguably the single most consequential development in SCIF policy of the last quarter century, and it is the reason Volume 3 can treat “the standard” as a coherent object rather than a patchwork.

2.9 The parallel track: securing the contractors
There is a second lineage running alongside the intelligence-community one, and a working understanding of the SCIF requires both, because most SCIFs are not in government buildings at all — they are in cleared private industry.
Classified work has always been done by contractors, and the government has always needed a way to extend its security rules onto private premises without owning them. The modern instrument is the National Industrial Security Program, established by Executive Order 12829 in 1993 to consolidate a scatter of agency-specific contractor-security regimes into one. Its rulebook is the National Industrial Security Program Operating Manual, for most of its life known by its Defense Department number, DoD 5220.22-M, the NISPOM — the document that told a cleared defense contractor how to hold a facility clearance, safeguard classified material, vet personnel, and, where the contract demanded it, build and run a secure area on private property. ( From an engineer’s angle, the NISPOM is also famous for a footnote it no longer contains: for years its media-sanitization table was the de facto civilian standard for how many times to overwrite a hard drive — the “DoD wipe” of a thousand disk utilities. That guidance was later superseded, but the folklore outlived it.)
The NISPOM recognizes several Cognizant Security Agencies with co-equal authority — the Defense Department, the Department of Energy, the CIA, and the Nuclear Regulatory Commission — and for the vast bulk of industry it is administered on the Defense Department’s behalf by what is now the Defense Counterintelligence and Security Agency, on behalf of dozens of federal customers. In 2021 the NISPOM completed a long-running shift from a departmental manual to actual federal regulation, codified at 32 CFR Part 117, giving it the force of law rather than the status of a policy document.
The two tracks meet at the secure room. A cleared contractor working collateral classified information builds and operates closed areas under the NISP; a cleared contractor working SCI builds a SCIF to ICD 705 and the IC Tech Spec, typically under the accreditation authority of the sponsoring agency’s Special Security Officer, while still living inside the NISP’s clearance and personnel-security framework. A related sibling, the Special Access Program Facility (SAPF), applies a comparable construction discipline to especially sensitive DoD programs. For the reader’s purposes the important point is structural: the facility standard (how the room is built) and the program that clears the company and its people (who may use it) are two different lineages that a real SCIF satisfies simultaneously. Confusing them is the most common error in the popular literature.
2.10 How the threat model grew up
Step back and the arc of this history is the steady broadening of what “secure” has to mean.
It began as an acoustic and physical problem: keep the eavesdropper’s ear away from the conversation, which is why the oldest SCIF requirements are about walls that reach the true ceiling, doors that seal, and sound that does not carry. The Thing and the Selectric implants added the passive and the supply-chain dimensions: the threat need not be powered, need not be installed after the fact, and can ride in on an object or a component you brought inside yourself. TEMPEST added the emanation dimension: the equipment betrays itself into the air and down every wire, so the room must be able to contain a spectrum, not just a sound. The Moscow embassy added the construction dimension: the building itself can be the weapon, so the fabric must be built and watched by trusted hands from trusted materials. The Walker and Lonetree cases kept the human dimension in the foreground: cleared people fail, so no single control can be trusted absolutely. And the modern era has added the two dimensions the founders never had to face at scale — cyber, because the information now lives on networks that must be isolated and the RED/BLACK problem has migrated onto Ethernet and fiber; and supply chain at industrial depth, because a component with a hostile implant can be manufactured continents away and shipped into the wall or the rack.
The modern SCIF is the accumulated answer to all of it at once: a physically hardened, acoustically isolated, visually controlled, emanation-attenuated, access-gated, alarm-monitored, cleared-personnel-operated volume, built by controlled labor to a single community standard, accredited once and recognized across agencies. Every layer in that sentence is a lesson from the record traced above. The volumes that follow take the layers apart one at a time — starting, in Volume 3, with the standard those lessons finally hardened into: ICD 705, the IC Tech Spec, and the family of documents an accredited facility is measured against.
Sources
- NSA, TEMPEST: A Signal Problem (declassified 2007) — canonical account of the 131-B2 mixer discovery of compromising emanations. Available via the NSA FOIA/declassification reading room and cryptome.org.
- “Tempest (codename),” Wikipedia — TEMPEST/emanation-security history and the NSTISSAM/NACSIM standards lineage.
- “The Thing (listening device),” Wikipedia; Crypto Museum, “The Great Seal Bug” (cryptomuseum.com) — the Theremin passive resonant-cavity bug, its 1945 presentation to Ambassador Harriman and ~1952 discovery.
- National Cryptologic Museum (NSA) — public display and description of the Great Seal bug replica.
- National Museum of American Diplomacy (U.S. Department of State), “Bugged Brick from U.S. Embassy Moscow” — the 1964 discovery of 40+ concealed microphones.
- “Cleaning the Bug House,” Air & Space Forces Magazine (2012); “Unbeatable Bugs: The Moscow Embassy Fiasco,” The Washington Post (1990); UPI archive (1987) — the new-Moscow-embassy bugging, the precast-concrete implants, congressional hearings, and the “Top Hat”/secure-floors resolution.
- “Clayton J. Lonetree,” Wikipedia; Association for Diplomatic Studies & Training oral-history account — the 1986–87 Marine security-guard scandal (with caveats about the discredited sensational reporting).
- “John Anthony Walker,” public record of the Walker spy ring — COMSEC damage and its cultural effect.
- “Ultra (cryptography),” “Magic (cryptography),” and “BIGOT list,” Wikipedia — wartime origins of compartmented handling, code words, and access lists.
- FDR Presidential Library & Museum, “FDR’s White House Map Room”; “Map Room (White House),” Wikipedia — the wartime secure map/communications room.
- Intelligence Community Directive (ICD) 705, “Sensitive Compartmented Information Facilities” (2010), and the associated IC Standards 705-1/705-2 and Technical Specifications — intelligence.gov and DoD/Navy public postings.
- DCID 6/9, “Physical Security Standards for Sensitive Compartmented Information Facilities” (2002–2010) — Federation of American Scientists Intelligence Resource Program (irp.fas.org).
- Intelligence Reform and Terrorism Prevention Act of 2004 (IRTPA) — creation of the Director of National Intelligence and the transition from DCIDs to ICDs.
- “National Industrial Security Program,” Wikipedia; DoD 5220.22-M (NISPOM); 32 CFR Part 117 (2021 codification) — the industrial-security lineage by which cleared contractors operate secure areas.
Comments (0)