TSCM in the Private Security Industry

Introducing TSCM

The art of technically and physically searching for illicit bugs, and/or devices, is generally referred to as a Technical Surveillance Counter Measures (TSCM) inspection. This was agreed by a committee of TSCM specialists who provided Skills for Security their public and private sector knowledge in order to establish the first UK National Occupational Standards (NOS) for TSCM. The NOS are submitted and then approved by UK government regulators, and to this day, still establish a good foundation to build UK governance for TSCM in the security industry.

Unfortunately, the TSCM industry still can’t agree on the correct name for TSCM, nevermind industry licensing! The UK National Authority for Counter Eavesdropping (UK NACE) is managed by FCO Services but still refers to ‘Technical Security Countermeasures’. The stalwarts of the industry still affectionately refer to a ‘Technical Sweep’. In theory, it references two aspects of a TSCM inspection. 1. The ‘sweep’ of a frequency range and 2. The ‘sweeping’ motion when using a particular type of equipment. TSCM is also referred to as a ‘Technical Search’ inspection, or ‘Electronic Counter Measures’ (ECM).

Definitions

For the purposes of this article, the following definitions are used by the author:

Eavesdropping. Interception of information transfer, including conversations by bugging, tapping, or other technical and non-technical means without the knowledge of the individuals.
Tapping. Illicitly connecting to conversations and communications media for the purposes of gathering information.
Bugging. The planting of suitable transducers in order to gather information.
Bug. An eavesdropping device.
Device. A piece of hardware made or adapted for a particular purpose, especially for a piece of mechanical or electronic equipment.
Information Security (InfoSec). Managing policy and process to protect and prevent information loss to digital and non-digital information (data) and to secure against unauthorised use of this data.

Eavesdropping

The Bible refers to acts of espionage, but only hints that individuals covertly listened to conversations, evidently without the sophisticated technical equipment that supports a modern-day eavesdropper. Research has not confirmed exactly where or when the word ‘eavesdrop’ was introduced into the English language, but it is believed to have originated in the 17th century.

It won’t surprise the reader that the word eavesdrop derives from two words, eaves and drop. It is believed that eavesdrop originated from when a single storey dwelling had a thatched roof; long before guttering and drainage pipes were designed. The constant dripping of rainwater from the thatched roof produced a noticeable line in the ground called the eavesdrop line. It was then said that if an individual stood inside this line, under the eaves, and stood next to a window opening (shutters), they would, in theory, be able to listen into [eavesdrop] the conversation held within the building, and without the knowledge of the occupants. The phrase ‘the walls have ears’ is recognised to support this theory.

Espionage

The act of espionage is one of the oldest professions in the world. It is alleged that espionage comes in second only behind the ubiquitous, profession of prostitution! Espionage (and possibly prostitution) continues to dominate the thoughts of leaders, executive boards, and VIPs within all businesses and sectors. Often the risks associated with business espionage and eavesdropping can be mitigated by taking simple preventative action. Business espionage quite rightly remains high on all government and commercial organisational agendas, and the need for effective counter-measures seems endless.

Threat

The main InfoSec threat is unequivocally from cyber-related actors; this may include cyber-related eavesdropping which is conceivably an IT Security concern. A conventional TSCM inspection does not cover cyberspace but could detect illicit cyber devices attached to hardware or cabling infrastructure.

Not dissimilar to Personal Protection, a professional TSCM inspection team will consider the threat. The threat of business or corporate espionage is considered to be of particular relevance to sensitive industry conversations where competition is high; in particular, between similar companies providing the same services. This, however, does not suggest that espionage is conducted by these companies, but any sensitive information loss to a rival or the impact caused by any security incident could have serious implications.

Many countries, businesses, and individuals actively seek privileged and proprietary information to advance their own political, economic, technological, and personal aspirations. The need for an action plan to cater to all Information Security (InfoSec) incidents is critical for those who have an interest in protecting some of the most valuable assets, reputation, proprietary information, and personal data.

There is a real and credible eavesdropping threat. London’s premier spy shop sold approximately 1500 covert units (covert video, audio recording, and GSM audio) from their London shop in their last financial year. This figure only includes actual units sold over the counter and does not include online sales, not to mention the number of general enquiries. In theory, if this shop remains open for 6 days a week, this equates to 5 covert sales a day. My assumption, therefore, is these people are purchasing this type of equipment to conduct a form of espionage or eavesdropping into other people’s conversations. Admittedly, a percentage will end up in the domestic world, but I have no doubts that some of this equipment will make its’ way into the corporate world.

With technological advances in recent years, in particular in the GSM industry (mobile phone/SIM card), the most capable commercial or state-sponsored eavesdropper has the capability to operate on a global scale.

Suffice it to say the technology in the eavesdropping industry means that smaller and more sophisticated technical devices are available and are easier to acquire than ever before, in particular, devices using SIM cards. The availability of these eavesdropping devices on the commercial market, and the internet, plus the additional ease of installation to a permanent power source is indicative of a significant eavesdropping threat to businesses and individuals.

The Argument

The threat from business espionage remains relevant but is on the decrease due to:
• Better awareness of the threat.
• In general, improved layers of security and procedures with the overlapping of technology and human in a corporate building.
• Improvements in employee and sub-contractor vetting.

The threat from individuals, private espionage and voyeurism (covert camera installations) is on the increase due to:
• GSM technology.
• The ease of searching for spy products on the www, the ease of purchase and installation.
• Technology advances – products are easier to use, smaller and available to purchase with no due diligence.

The Trigger

A TSCM inspection may be ‘triggered’ or requested for several reasons. Most requests received are following a confirmed or suspected leak of confidential information. Some requests are as part of good business practice and as a precautionary, proactive measure to ensure the integrity and conversational security in the areas of interest.

No matter what the trigger for the TSCM inspection is, the credible threat should be considered and a task planned accordingly.

Circumstances in which to consider an inspection can be:
• Prior to any confidential meeting/function. For example: an AGM.
• Prior to a temporary move into a location. For example: VIP into hotel room.
• Following a confirmed or suspected physical security breach.
• Following a confirmed or suspected leak of confidential information.
• Supporting an investigation to confirm/deny facts.
• Supporting other search/inspection regimes (i.e. physical, explosive/drug dogs).
• Following the introduction of new equipment/furniture/fittings.
• Following a period where third party sub-contractors have completed construction work, cabling work, or renovation.
• Periodically (as required).

UK Governance

Apart from the NOS and UK NACE, the lack of UK government direction, and private security industry governance or licensing, is commonly flaunted by poorly trained, inefficient, and maverick TSCM teams. Anyone can purchase equipment and purport to deliver TSCM in the commercial sector. This is not uncommon in any other sector or security capability that struggles with regulation and standards. The advocates of the Skills for Security NOS committee formed the concept of a TSCM institute (TSCMi), a trade body established to create an ethical culture, draft legislation, best practice, and guidance for TSCM practitioners. However, the TSCMi remains self-governing and to date, has no formal UK government support.

Health & Safety

A minimum two-person team, working in tandem, is generally accepted. I do not concur with the counter-argument from the solo practitioners. Working with, and close to 240v ac electricity, working at height, plus an inspection is normally conducted in unsociable hours when a building is on minimal manning, not to mention the overlapping, complementing techniques of a two-person team, concludes me to endorse my argument, based on health and safety and procedures, that a minimum of two persons is always recommended.

Legalities

A TSCM inspection capability should not deliberately interfere with or prevent the operation of third-party communication equipment; specifically, the transmission of, or the receiving of, licensed communications equipment and frequencies. In particular, from the main threat vector, GSM signals and the omnipresent SIM card.

The legal way to conduct a TSCM inspection is by employing SIM card detectors that, without transmitting any interfering signal, provide visible and/or audible warnings if an active or passive device is nearby. The ability to determine if a GSM device is in the area of interest should be ascertained by the powers of deduction, technology, and also the overlapping TSCM search techniques.

TSCM in the Private Security Industry

By Ben Gunn

Ben is a former member of the British Army spending 29 years out of a 33-year military career in UK Special Forces – 19 years in the Regulars and a further 10 years in the Reserve. He had a unique military career; initially expeditionary and latterly, 4 years seconded to Intelligence and a further 4 years in a Counter-Terrorism liaison role. Ben is a businessman, incorporating a UK Special Forces tenet into his business planning; ‘the unrelenting pursuit of excellence’ and as such, has established under his directorship, a truly global company based in London, offering a multi-service approach to the security of

E: ben.gunn@olchon.co.uk
T: +44 (0)203 1903030

Share276

276 Shares

Leave a Reply Cancel reply

Zelenskiy Denies Ukraine’s Involvement in Alleged Kremlin Drone Attack

Ukrainian President Volodymyr Zelenskiy has refuted Russia’s claims that Ukraine was involved in a drone attack on the Kremlin, which was allegedly aimed at killing Russian President Vladimir Putin. Zelenskiy stated that Ukraine fights and defends its territory, not attacking Putin or Moscow. The Kremlin reported that two drones were used in the attack but were disabled by Russian defenses.

Bodyguard Saves Japanese PM from Pipe Bomb Attack

A bodyguard has been hailed as a hero for his quick-thinking actions during a suspected pipe-bomb attack on Japanese Prime Minister Fumio Kishida. Video footage captured the bodyguard kicking away a metal object as it landed near Kishida
before positioning himself between the Prime Minister and the device, shielding him with a collapsible, handheld ballistics shield.

AlertEnterprise Reveals First-Ever Guardian AI Chatbot Powered by OpenAI ChatGPT

AlertEnterprise has unveiled its first-ever Guardian AI Chatbot powered by OpenAI ChatGPT. The chatbot will make its global debut at the ASIS Europe and ISC West trade events. Built on OpenAI’s GPT-3 platform, the Guardian AI Chatbot aims to provide security operators with instant access to critical physical access and security insights through quick questions and prompts.

Transferable Skillsets from Nightclub Security Professionals

In fact I would venture to say that one should almost seek out the experience before pursuing some of those paths. I say this because within the walls of that club you encounter such a vast amount of people, cultures, and potential threats, and to meet all these challenges, the nightclub security professional must be well equipped and prepared physically and mentally. In order to get the best out of these encounters it’s important to understand the skills required, and the skills that are being developed every time you step behind the velvet rope.

Protective Medical Services

As protectors, the Executive Protection (EP) community is comprised of “Alpha-type” personalities who are well skilled and tend to focus on the “direct action” skillsets of the EP mission, the so-called “hard skills”. But EP is more. It is full-time customer service also. EP agents serve their clients and their family members in a variety of ways, many of which were probably not envisioned while on the shooting range. Driving course or dojo.

Hostile Surveillance Threats

The average citizen has security concerns and can benefit from an understanding of the concepts of surveillance countermeasures that enhance personal protection. However, the application of surveillance countermeasures without a sound perspective regarding the threat-specific surveillance techniques they are intended to defeat can be counterproductive, and potentially dangerous. For this reason, the practitioner of surveillance countermeasures must think like a surveillance operator in order to anticipate how an operator would act based on specific circumstances.

Training for Survival

“The training is necessary because of the world we live in and the kinds of issues our students face,’’ said Wilson, who travels around the entire county to help students. “We deal with emotional, physical and psychological trauma. You’re always wondering if it’s going to be you or your school next.”

Working with a VIP doesn’t make you one

Sometimes, close protection agents have a tendency to define themselves based on the status of their Principal. However, it’s worth remembering that working with a VIP doesn’t make you one!

Stop Procrastinating

Life can have a habit of getting in the way, as we have all seen in the past couple of years but looking inwards at the goals you set out for yourself, is it life that has stopped you from achieving them or is it barriers put up by yourself?

I have always liked to set goals for myself and work towards achieving them. Still, when life comes on top, and with a heavy workload, it is very easy to push things to the right and look to complete these goals later…….the only problem with this is whether the actual task or goal you have set yourself gets completed or gets forgone completely?

I have learned that the more you put things off, the more significant the task pile can become, and you can quite literally make a mountain out of a molehill where in the end, you accomplish nothing.

FOOT STEPS: Episode 8: Monica Duperon Rodriguez

Monica Duperon Rodriguez is a seasoned professional protector who has worn many hats as she …

Continue Reading about FOOT STEPS: Episode 8: Monica Duperon Rodriguez

Phishing Phenomena on the Rise

We've spoken a couple of times now about tactics used to weaponise social media, and you will have …

Continue Reading about Phishing Phenomena on the Rise

Securing Smart Home Devices

Smart home technology is a rapidly growing consumer and business product. Here are some figures that …

Continue Reading about Securing Smart Home Devices

Weaponising Social Media

This article we’re going to be looking more at how conspiracy theories and opportunistic …

Continue Reading about Weaponising Social Media

Stress and Self Care

Let’s face it – everyone gets stressed out from time to time – whether they care to admit it or not. Research by the American Psychological Association indicates that as many as 75-80 percent of Americans self-report their stress to be at moderate to high …

Continue Reading about Stress and Self Care

Hiding from OSINT

In terms of cybersecurity, Open Source Intelligence (OSINT) covers any data or information which can be collected from publicly available sources. It often comes as a surprise just how much is available and the nefarious uses it can be put to. OSINT can be …

Continue Reading about Hiding from OSINT

Emotional intelligence

In today’s lifestyle and business dynamics, solving emotion-related problems is equally crucial in both personal and professional settings. In a professional context, we deal with complex problems and must work as a team to provide the most efficient solutions for our principals or clients.

The Key Elements of Counter Surveillance

Counter Surveillance is defined as the actions that a person (or team) carries out, in order to detect that a person (Principal) is under surveillance and to identify the composition and makeup of a hostile surveillance team.
In this article, Pete Jenkins talks through the key principles of a counter-surveillance operation.

Operating in Mexico – The Uncomfortable Truth

There are many misconceptions about close protection and private security operations in Mexico. As usual, most of the myths originate from Hollywood movies and fictional T.V. dramas. The realities of working as a bodyguard in Mexico are quite different, it's …

Continue Reading about Operating in Mexico – The Uncomfortable Truth

Jailed Abroad! Avoiding Crime and Corruption When Travelling

These days if you travel internationally or work in emerging markets, you are running the risk of being arrested for some reason. Criminals are not the only ones who can end up in handcuffs! It may come as a shock to some people, but many police forces are …

Continue Reading about Jailed Abroad! Avoiding Crime and Corruption When Travelling

Be courteous and professional when answering questions

However, when you think about it, what I’m really talking about is communicating knowledge and that is vital in close protection. Security means that ensuring people understand what you mean quickly and effectively is essential, and one way to help develop …

Continue Reading about Be courteous and professional when answering questions

Training for Tactical Shooting

State Duma deputy, Sergei Yushenkov, was killed in Moscow, apparently in a contract killing. He had just left his chauffeur-driven car and was walking towards his apartment block in the early evening. He was shot in the back four times by an assassin armed …

Continue Reading about Training for Tactical Shooting

A day in the Life – Maritime Security

The word on the high seas is that the first modern-day Somali Pirates were, in fact, the Somali Coastguard. With Chinese, Spanish and Italian fishing fleets invading the waters off Somalia and fishing them almost dry of Tuna it was inevitable that …

Continue Reading about A day in the Life – Maritime Security

Working in the Maritime Security Industry

Working in the Maritime Security (MARSEC) Industry By Kevin ‘Knocker’ Whyte Maritime Security has become the new ‘Must Enter’ sector of the security industry, with long established MARSEC companies and new start-ups alike, picking up manpower intensive …

Continue Reading about Working in the Maritime Security Industry

How to Become More Employable

How to become more employable by specialising in pre hospital care Many close protection operators (CPO’s) are now identifying the value of becoming specialised in other aspects that surround the role. One of these specialist areas is Pre Hospital Care …

Continue Reading about How to Become More Employable

Catastrophic Haemorrhage

CATASTROPHIC HAEMORRHAGE During the Vietnam War, 50% of battlefield deaths were the result of major haemorrhage. Of these, 80% were torso injuries, which, in the pre-hospital environment, are classed as non-compressible injuries. For the immediate …

Continue Reading about Catastrophic Haemorrhage

Introducing TSCM

Definitions

Eavesdropping

Espionage

Threat

The Argument

The Trigger

UK Governance

Health & Safety

Legalities

Buy The Latest Issue

Subscribe to the Newsletter

Latest Podcast Episode

Latest Issue

Issue 68

Introducing TSCM

Definitions

Eavesdropping

Espionage

Threat

The Argument

The Trigger

UK Governance

Health & Safety

Legalities

Buy The Latest Issue

Subscribe to the Newsletter

Reader Interactions

Leave a Reply Cancel reply

Latest Podcast Episode

Latest Issue

Follow us