Your network is air-gapped.
Your power lines are not.
Power Line Exfiltration lets attackers extract data from air-gapped systems through your building's electrical wiring — with no network access, no physical breach, and no log entries. NIST SP 800-53 PE-19 requires you to address it. Bantam suppresses the channel at every outlet, inherently, through the same patented circuit that conditions power.
Your air gap ends at the power outlet
Air-gapping removes every intentional network path from a protected system. It does not remove the power cord. Beginning with research published in IEEE Transactions on Information Forensics and Security in 2019, a class of attack called Power Line Exfiltration (PLE) demonstrated that the building electrical wiring is a viable covert data channel requiring no network connectivity whatsoever.
Malware encodes data in power consumption
Malicious code on the target system deliberately modulates CPU, GPU, or memory bus utilization at frequencies between 100 Hz and 500 kHz. The resulting variations in power draw impose a signal on the Line and Neutral conductors. A receiver anywhere on the same electrical branch — or across the utility connection — can demodulate and recover the encoded data.
Conventional surge protection is completely transparent to PLE
Metal-oxide varistors (MOVs) are parallel devices that clamp voltage spikes exceeding a set threshold, typically 330V or 400V. PLE signals are deliberately kept well below this threshold. MOVs never activate. The signal passes through a conventional surge protector without any attenuation whatsoever, as if the device were not present.
Surge protectors route energy to the most accessible conductor
Standard surge protection diverts excess energy to the ground conductor. The National Electrical Code requires the ground conductor to provide an unbroken, low-impedance path throughout the entire facility with no interruptions. A surge protector that dumps to ground does not contain the signal — it delivers it to the conductor with the widest distribution and the most accessible collection points.
Series inductors on all three conductors simultaneously
Bantam Clean Power products place selectively-tuned inductors in series on Line, Neutral, and Ground simultaneously. An inductor's impedance rises with frequency: at 60 Hz, power passes with minimal loss. At PLE operating frequencies, impedance is orders of magnitude higher, absorbing the signal before it can propagate into the building wiring. Independent testing at NTS Laboratories measured up to 100 dB attenuation on Line and Neutral, and up to 60 dB on Ground.
The research is peer-reviewed. The test data is independent. The compliance mandate is in writing. The only open question is which systems in your environment are in scope.
Assess my organization's exposureThree reasons your existing infrastructure does not stop PLE
Each of the following is a common, deployed protection approach — and each fails against Power Line Exfiltration for a specific technical reason.
Commercial EMI filters are designed to address frequencies in the 150 kHz to 30 MHz range — the CISPR Part 15 / FCC Part 15 regulated band. Power Line Exfiltration operates at frequencies below 1 kHz. This is deliberately below the FCC regulatory floor. A device can be fully CISPR-compliant and still leak at precisely the frequencies an attacker exploits. Your EMI-filtered power strip was never designed to stop this class of signal, and its certification does not claim otherwise.
Bantam's inductors attenuate from 60 Hz upward — covering the entire PLE signal band, the regulated EMI band, and everything between them.
A standard MOV-based surge protector diverts surge energy toward the ground path. From a shock-protection standpoint this is acceptable. From a PLE standpoint it is counterproductive. The ground conductor is the primary PLE collection point. A conventional surge protector that dumps energy to ground is increasing electrical activity on exactly the conductor an attacker would monitor.
Bantam filters the ground conductor with series inductors, the same as Line and Neutral. No energy is diverted to ground. Ground stays electrically quiet — eliminating the conductor an attacker would monitor and protecting the digital reference signal your equipment depends on.
TEMPEST-rated power line filters address the same conducted-emanation threat as Bantam and they work. They are the appropriate solution for SCIF environments, intelligence community facilities, and classified programs. They require classified procurement channels, SCIF-grade installation, and per-outlet costs that are multiples of the Bantam price.
Bantam fills the gap between a commercial surge protector — which provides no PLE mitigation — and a classified TEMPEST filter — which is inaccessible to most organizations. The same physical mechanism — conducted-emanation suppression through series inductors on all three conductors — available through standard commercial channels at prices that fit an enterprise or government IT budget.
Six frameworks directly address power line emanation
Requires organizations to protect information systems from unintended electromagnetic emanations. PE-19(1) specifies protection to approved levels. Applies to all federal agencies, contractors, and state/local governments adopting NIST frameworks.
Requires agencies to implement controls preventing unauthorized access to Criminal Justice Information through electromagnetic means. Every FCIC/NCIC terminal, server, and workstation is in scope.
Directly requires protection of Controlled Unclassified Information from electromagnetic emanations. Defense contractors processing CUI on any system are in scope. Available through commercial channels — no classified procurement required.
Physical Safeguards require protection of ePHI-containing systems from unauthorized access including electromagnetic threats. Combined HIPAA/PE-19 exposure significantly increases audit risk for government-operated health systems.
Requires agencies handling Federal Tax Information to implement NIST 800-53 PE-19 controls. Tax collector offices, revenue departments, and any system receiving FTI are in scope. Violations carry criminal penalties and loss of IRS data access.
Requires water utilities serving 3,300+ customers to assess and address cybersecurity risks including electromagnetic vulnerabilities in SCADA environments. The EPA Baseline Cyber controls reference NIST physical security standards.
The mandate exists. The research is peer-reviewed. The question is your specific exposure.
NTS Laboratories verified · Reports PR043871, PR070961
1,000× signal reduction · eliminates the primary collection path
8,223,468 · 11,775,645 · 12,019,751 · 12,271,477
Air-gapping a network severs every intentional data path between a protected system and the outside world. It does not sever the power cord. And the power cord, as peer-reviewed research published in IEEE Transactions on Information Forensics and Security has demonstrated since 2019, is a data path — one that carries no log entries, triggers no alerts, and is invisible to every endpoint detection product and SIEM in your stack.
The compliance frameworks governing U.S. government and regulated-enterprise environments have caught up to this reality. NIST SP 800-53 Control PE-19 requires protection against unintentional electromagnetic emanations across all vectors, including conducted emanation through building wiring. IRS Publication 1075 incorporates PE-19 by control number. CJIS Security Policy v6.0 §5.9 requires physical safeguards sufficient to protect Criminal Justice Information against threats an agency reasonably faces — and published research places PLE squarely within that population for any agency in a shared-occupancy or perimeter-accessible facility. CMMC Level 2 reaches the same vector through its physical protection and CUI confidentiality practices. HIPAA §164.310 applies a risk-based workstation security standard that creates a defensible obligation for any covered entity operating in a multi-tenant environment.
Bantam Clean Power products address the channel through a patented series-inductor circuit topology that places high-oersted-rated inductors in series on all three building conductors simultaneously — Line, Neutral, and Ground. Because the inductors are in series and respond at inception, the signal is reshaped before it can propagate into the building wiring. There is no threshold to cross, no configuration to maintain, and no software to update. The control is passive, always-on, and verifiable through test reports available under NDA to qualified procurement and audit reviewers.
The tool below maps your specific compliance exposure. Select the system types your organization operates and it will identify which mandates apply by name, assign a risk level to each asset class, and recommend the correct Bantam product and deployment pattern for your environment.
Same patented circuit. Four form factors. Every installation covered.
PLE suppression is not a feature added to these products. It is an inherent property of the inductor-primary circuit that defines every Bantam product.
Citadel RM1440
1U rack conditioner for server rooms, dispatch racks, and EOCs. 8 outlets, real-time LCD, 12A. The primary PE-19 solution for rack-mounted infrastructure.
Vanguard PP18004A
Desktop conditioner for workstations and RMS terminals. 15A, 1800VA, 4 outlets, lifetime warranty. The workstation-level PE-19 solution.
Vanguard PP300 series
3-amp compact conditioner for edge devices, VoIP, IoT, and network gear. PP3002B (2-outlet) or PP3004A (4-outlet). Extends PE-19 to every outlet.
Tempest SA3600A
OEM PCB module for integrators. Up to 15A, 110 or 240V. 90°C thermal. OEM-integrated enterprise PDU. CMMC Level 2 PE-19 for CUI environments.
The PE-19 compliance documentation your auditors are asking for
A structured PDF mapping each applicable framework to Bantam's circuit — formatted for procurement teams, security auditors, and IT leadership. Includes NTS laboratory report references and per-product deployment guidance.
