> ... so going in to collect the bug would be the mode used.
Well, the whole point is that it is supposedly a "secure" facility, so you may have the rare occasion to enter it again, after having beeen exceptionally been able to access it once to install the software (since you cannot install it remotely due to the air gap and faraday cage even if you can get access and by-pass firewalls and/or data-diodes) and deploy the receiver with flash under the floor (no pictures are allowed on walls of a "secure" facility, and someone may notice a fresh patch of plaster on the wall[1]), in order to gather the data next year, on the 4th of July, not exactly "in a timely fashion".
[1] And no, it is not like any "secure" facility is confining with an easily accessible area, the walls are normally reinforced concrete and with no less than 30-40 cm thickness.
First, I've never been in a SCIF as far as I know. That said, one of the history classes at USC was "Espionage and Terrorism" (which was a killer History elective if you were an engineering major) and the professor discusses various tradecraft strategies. One of which is local recording.
Because "bugs" that transmit are susceptible to being sniffed by RF signal detectors, opponents would disguise devices which could record their environment, and figure out ways to 'leave' them in places of interest and recover them later.
Because I've not been in a SCIF I don't know if it gets janitorial service or any regular maintenance at all but if it did, then that might be how this might work.
Mostly I was responding to the challenge of "it's only 100cm and you can't transmit anyway" assertion that the vulnerability was not exploitable. I'm expect someone could figure out how to exploit it.
I've been in a SCIF. Imagine walking into a large empty warehouse protected by armed guards, and in the middle of the warehouse is a building the size of a house raised off the ground. There are two pipes leading into the building, presumably electricity, networking, and water. The entrance is an airlock-setup with an outer and inner door - the type of doors you see on submarines in the movies. Inside, there is a mess of devices, screens, and folks that look like they do 14 hour shifts (if there were janitors, I didn't see any evidence that they'd ever been inside). There are machines that you can operate, and other machines that you are not allowed to be within several feet of. You're not allowed to leave with anything they don't allow you to leave with, and anything they do let you leave with is effectively destroyed (HDDs, etc).
>First, I've never been in a SCIF as far as I know.
Well, several years ago I have actually built a couple of them (actually something very similar to them, the term SCIF is US) for the military here in Italy.
Though admittedly not - at least from the construction specs - to be used for this kind of air-gapped computing, they were either a "safe conference room" or a (very large) "storing safe" (to store paper documents and/or weapons).
I have no idea which security measures/protocols were later employed to limit access to them, of course, but there were a number of safety features that would make physical access by any means seemingly impossible.
Of course if you could impersonate someone else authorized or if you can bribe someone with legitimate access, than any construction/safety measure would be m00t, but then if you can obtain that kind of access it would be easier to simply get the data from the computer.
I’ve been in a bunch of SCIFs but they were all downrange in centcomia and basically were tents or sections of a warehouse with a bored-looking dude with an m4 checking IDs and passes before letting people through a tent flap or plywood door. That is really only permitted under contingency ops rules and required treating the entire base as a perimeter, then a compound with itself higher security, etc. There was enough physical separation from likely threats that it was still mostly ok.
Of course, people still had to be repeatedly counseled for plugging the same USB flash drives from personal movies/internet/etc systems into red (S) and orange (TS) systems. It was sad.
Realistically security countermeasures adapt to the likely threats. In Iraq and Afghanistan the technical sophistication of the adversary in terms of SIGINT/ELINT was poor, so they rightly decided giving up security for wider distribution of information with friendly forces was the right call.
>Because I've not been in a SCIF I don't know if it gets janitorial service or any regular maintenance at all but if it did, then that might be how this might work.
Janitorial service, etc are usually limited to a sign telling whoever works there to take out their own trash and clean up their own spilled coffee. Everything else (like changing a light-bulb) is done in accordance with procedures specifically designed to make it damn near impossible for a single person to do anything they shouldn't.
Well, the whole point is that it is supposedly a "secure" facility, so you may have the rare occasion to enter it again, after having beeen exceptionally been able to access it once to install the software (since you cannot install it remotely due to the air gap and faraday cage even if you can get access and by-pass firewalls and/or data-diodes) and deploy the receiver with flash under the floor (no pictures are allowed on walls of a "secure" facility, and someone may notice a fresh patch of plaster on the wall[1]), in order to gather the data next year, on the 4th of July, not exactly "in a timely fashion".
[1] And no, it is not like any "secure" facility is confining with an easily accessible area, the walls are normally reinforced concrete and with no less than 30-40 cm thickness.