TSCM Surveys: Procurement Tips
TSCM Surveys: Procurement Tips (revised and reissued)
Sarah Louise Hopkins Saul – MD Verrimus Limited
This article aims to assist people who are tasked with procuring the services of a Technical Surveillance Counter Measures (TSCM) service provider. We have highlighted previously the difficulties faced by private clients whom require the services of a TSCM operator. See the publication of a Mystery Shopping survey that we commissioned Wandwavers and Wizardry, which can be found on my LinkedIn page.
TSCM Surveys or inspections, bug sweeps, electronic counter-surveillance, TSCM surveys, sweeps, technical threat detection or whatever else people wish to call them all involve a physical and electronic survey of a target area (be that a room, an office, a residence, a vehicle, a boat or aircraft etc.).
Verrimus TSCM Procurement Course
This article follows the general outline of our Verrimus TSCM Procurement 2 day course. We deliver this to corporate clients, whom wish to have a baseline understanding of the service they are attempting to procure. Often clients wish to have a procurement course delivered prior to them writing their RFQ/RFI/Tender documentation. This ensures that they are asking service providers the questions, which will allow them to then make a detailed and level comparison between potential suppliers. They then can finally select a supplier that meets their organisational risk appetite.
Cyber Surveillance Device – TSCM Bug Sweep
What is TSCM?
Firstly, briefly, what is TSCM? I’m still amazed by the number of corporate clients who feel that they have an understanding of TSCM , but when asked it transpires that this understanding is largely derived from Hollywood movies and TV shows! Okay, so you probably are aware that the full term is Technical Surveillance Counter Measures. (Beware of companies whom refer to Technical Security Counter Measures…if they can’t get the terminology correct, how likely is it that they can competently carry out the necessary service!)
Technical Surveillance refers to any ‘technical’ attempt to obtain, view or access some aspect of personal or organisational information.
Understanding how the ‘technical surveillance’ threat fits into your organisation’s security strategy is essential. Organisations need to view the defence of critical information holistically and not in the traditional silos of physical security or cyber security. Technical surveillance methods often fit into the gap between the two traditional domains and so can get overlooked. Your Firewalls and cyber security will not detect, identify and locate a passive network tap for example. A technical surveillance attack may involve the attacker breaching physical security systems often using social engineering methods. Basically, a technical surveillance ‘install’ will use whatever methods are convenient. Looking only at security in silos or distinct security areas will inevitably lead to gaps that can be exploited.
Verrimus offer a TSCM Awareness course to organisations. These short courses are for organisations who would like to know what TSCM threats and attacks are and generally raise their level of understanding regarding what is possible and what is probable in relation to their specific industry sector. Informally we at Verrimus refer to this awareness course as the ‘duck hunting 101’ as in, you can’t attempt to go duck hunting unless you know what a duck looks like! Visit www.tscm-training.com for more information about Verrimus TSCM Training.
Audio Attack – Bug Sweep
TSCM Operators Don’t Have Superpowers!
Once you have an understanding generally of what Technical Surveillance (TS) threats are, you then have to have some idea of how TS threats are detected, identified and located by TSCM operators. I have had senior executives tell me that there is no need for a technical scan of a target area “just do a physical search”….My operators are extremely proficient, but as yet none of them have developed the ability to see heat signatures, feel Bluetooth signals, hear GSM communications or X-ray a wall! Those superpowers would be extremely useful!
Measurement, Analysis, Interpretation, Recommendation
Any TSCM Team will require equipment to assess each threat domain, as well as physical non-destructive examination (NDE) skills.
The basis of all TSCM surveys is to;
- examine and measure each threat domain,
- interpret the results
- make decisions and recommendations based on those results.
Some TSCM service providers will list equipment, or show you gadgets to convince organisations that they know what they are talking about. Well they must do, since they have loads of ‘scanner type’ equipment! But how does an organisation, trying to procure a TSCM service provider, assess whether the equipment in use is relevant, used correctly, redundant or obsolete? The second phase of the Verrimus TSCM Procurement Course takes attendees through the TSCM threat domains and discusses equipment which is (and some that isn’t) effective in detecting, identifying and pinpoint locating a technical surveillance threat.
GSM Network Attack – Bug Sweep
TSCM Procurement Starting Questions
There are some starting point questions that an organisation can ask a TSCM service provider, listed below. The organisation also has to understand what answers they are likely to receive and how to ‘read between the lines’ to understand the answers that are relevant and those which are irrelevant;
- What experience does the company have in regards to TSCM? (Is it their main service, or one of many?)
- Does the company have their own TSCM operators or are they going to sub-contract the service out? If sub-contracting, then how are the operators insured whilst on your premises? If sub-contracting are those operators working as a main job in another industry?
- What equipment does the company use? Are all threat domains covered by this combination of equipment?
- What is included in their TSCM survey?
- What is their find procedure and can your organisation have an input to this?
- How will your internal investigation strategies cope with a TSCM confirmed find which will require investigation?
- Do they offer TSCM training and education? Does the training offered meet your organisational training needs analysis?
Tracker and GSM Detection – TSCM Bug Sweep
Regular TSCM Surveys Act as a Deterrent
Procuring a TSCM service provider to conduct regular maintenance TSCM surveys of key areas for a set period of time, can reduce the likelihood of a technical surveillance attack being mounted. Knowing that regular (irregularly spaced, obviously) TSCM surveys are conducted, any would-be attacker will understand that their attempts will be detected. Making decisions as to how frequent TSCM surveys should be conducted is dependent on your organisations risk appetite and particular industry circumstances. There may be occasions where your organisation may wish to increase the frequency of TSCM surveys (such as if involved in litigation or corporate transfer negotiations). A TSCM service provider should be able to adapt to changes in schedules to meet your requirements.
Ultimately, if you are in the process of writing the RFI/RFQ or tender document to procure TSCM services for your organisation, spend a little time learning the basics about TSCM. Then your tender document will elicit the necessary information for you to make informed comparisons between organisations and assess the best fit for your organisation.
For further information contact info@verrimus.com