Protected Distribution Systems: Purpose and Regulatory Foundation
A Protected Distribution System (PDS) is a wireline or fiber-optic telecommunications system equipped with physical and electromagnetic safeguards that allow transmission of unencrypted classified national-security information. The governing standard is CNSSI No. 7003 (2015), issued by the Committee on National Security Systems (CNSS), which superseded the earlier NSTISSI No. 7003 (1996). Any facility design or procurement activity should reference CNSSI No. 7003 as the current authority; NSTISSI No. 7003 is retained only as a historical predecessor for legacy documentation purposes.
PDS is the preferred mechanism when encryption of the transmission medium itself is impractical or undesirable — for example, inside a Sensitive Compartmented Information Facility (SCIF) where the physical perimeter provides a portion of the required protection but the cable runs themselves still represent a potential interception vector. It is critical to note that PDS addresses physical line protection and is categorically distinct from TEMPEST, which concerns electromagnetic emanations security. Both may be required in a classified environment, but they involve separate standards, assessments, and countermeasures.
PDS Categories Under CNSSI No. 7003
CNSSI No. 7003 defines two primary PDS categories, each reflecting a different approach to deterring and detecting unauthorized physical access to the transmission medium:
- Hardened Distribution System: Employs robust physical construction — typically metallic conduit, continuous metallic sheathing, or equivalent mechanical barriers — to make penetration or covert access physically difficult. The emphasis is on resistance to access rather than real-time detection.
- Simple/Alarmed Carrier PDS: Uses a carrier system (often a conduit or sleeve containing the transmission cable) equipped with sensors that detect intrusion attempts. The alarm capability enables continuous or periodic monitoring, shifting the security model from passive hardening to active detection and response.
The selection between these categories depends on the threat model, facility construction, inspection regime, and the sensitivity of the information traversing the system. CNSSI No. 7003 requires Periodic Visual Inspection (PVI) as an ongoing compliance obligation for approved PDS installations.
Alarmed Carrier PDS: The CyberSecure IPS Solution
Heather Technologies partners with CyberSecure IPS, whose Alarmed Carrier PDS platform is purpose-built for CNSSI No. 7003 compliance in SCIF and classified network environments. The system routes classified transmission cables through specialized conduit assemblies containing optical fibers that sense acoustic vibrations characteristic of intrusion attempts — drilling, cutting, or mechanical manipulation of the carrier.
Key Operational Capabilities
- Continuous monitoring: Rather than relying solely on scheduled PVI walk-downs, the platform provides around-the-clock acoustic sensing and centralized alert management, substantially reducing the window in which an undetected physical intrusion could occur.
- Automated PVI support: The system automates elements of the Periodic Visual Inspection and testing workflows required under CNSSI No. 7003, reducing labor burden and improving audit-readiness.
- Centralized management: A single management interface aggregates alarm events across distributed cable runs, enabling security operations staff to correlate events and dispatch physical response efficiently.
- Scalability across facilities: The architecture supports deployment across large campuses, underground runs, and inter-building segments common in government and defense data-center environments.
Power Infrastructure Considerations: Fault-Managed Power in Classified Facilities
High-density classified facilities — including SCIFs supporting AI-driven analytics or hyperscale sensor fusion — increasingly face power distribution challenges that conventional cabling methods address poorly. Fault-Managed Power (FMP), governed by NEC Article 726 (Class 4 Fault-Managed Power Systems) introduced in the 2023 NEC, offers an alternative power architecture worth evaluating for these environments.
How Class 4 Fault-Managed Power Works
Class 4 is a distinct circuit class established alongside the existing Class 1, 2, and 3 circuit categories of NEC Article 725. An FMP source transmits energy in continuously monitored packets. If the system detects a fault condition — including a short circuit, ground fault, cable break, or human contact — power is interrupted within milliseconds, rendering the system touch-safe even at elevated voltages. Equipment must be listed to UL 1400-1; Class 4 cables must be listed to UL 1400-2 (UL Outline of Investigation).
NEC Article 726 permits installation of listed Class 4 cable without conduit in most cases, unlike the wiring method requirements of NEC Chapter 3. This distinction is operationally significant in classified facilities where conduit routing is constrained by existing PDS infrastructure, structural limitations of hardened spaces, or the need to minimize penetrations through SCIF walls and floors.
VoltServer Digital Electricity and DCPacket
Heather Technologies partners with VoltServer, whose Digital Electricity (DE) platform is a commercially deployed implementation of Fault-Managed Power using Packet Energy Transfer (PET) technology. VoltServer's transmitters are capable of delivering power over standard data-type cabling at extended distances and elevated voltages, supporting long cable runs within large secure campuses or between data halls without the copper mass and conduit requirements of conventional high-current distribution. [FLAG: VoltServer per-channel voltage, wattage, and distance specifications — verify against current VoltServer product documentation before inclusion in procurement specifications.]
DCPacket, whose Titan Platform focuses on data-center FMP power distribution, partnered with VoltServer in December 2025. Together, these solutions address the density and reach requirements of modern classified compute environments while maintaining a safety profile compatible with occupied secure spaces.
Integration Guidance for SCIF and Classified Network Deployments
| Design Element | Standard / Authority | Key Consideration |
|---|---|---|
| Physical line protection | CNSSI No. 7003 (2015) | Select Hardened or Alarmed Carrier PDS based on threat model and inspection capability |
| Continuous intrusion detection | CNSSI No. 7003 (2015) | Alarmed Carrier with centralized monitoring reduces PVI labor and detection gaps |
| Emanations security | TEMPEST (separate program) | Addressed independently of PDS; coordinate with cognizant security authority |
| Power distribution (Class 4) | NEC Article 726 (2023 NEC); UL 1400-1; UL 1400-2 | Touch-safe; reduced conduit; verify AHJ acceptance in classified facility context |
When designing power infrastructure within or adjacent to a PDS-protected zone, coordinate with the Authorizing Official (AO) and facility ISSM to confirm that FMP cable routing does not compromise the physical integrity or monitoring continuity of the PDS carrier. Because FMP cable may be installed without conduit under NEC Article 726, care must be taken to ensure any co-located or parallel runs do not create unintended penetrations or obscure the alarmed carrier's sensor integrity.
Procurement and Next Steps
Heather Technologies provides scoping, design consultation, and supply-chain support for both CyberSecure IPS alarmed-carrier deployments and VoltServer/DCPacket fault-managed power infrastructure. Classified facility projects should begin with a site survey coordinating PDS category selection under CNSSI No. 7003, existing conduit topology, power density projections, and AHJ requirements for Class 4 installations under the 2023 NEC. Contact your Heather Technologies account team to initiate a facility assessment.