A TSCM team can work in a variety of areas, and although the majority of requests are in buildings, commercial office space or domestic properties, the current trend of working from home (WFH) has seen a rise in requests for TSCM inspections to be carried out in converted office spaces at the homes of c-suite executives, members of the board, and personnel working on sensitive projects.
It is not uncommon to be requested to carry out a TSCM inspection in vehicles, private jets, luxury maritime vessels, and even converted 40-foot containers used as mobile or temporary office space; clearly, very similar environments to where CPO’s frequent, and provide their own unique protective services.
The ability to accurately quote for a TSCM inspection has many permutations, and each TSCM provider has its own formula for quoting. It would be remiss of me to comment on another company’s best practice, however, the following criteria should be taken into consideration. The size of the areas of interest (size does matter!!!), the importance of the area, the number of seating/workspaces, the amount of electrical/technical equipment in the areas, and of course, the threat or the reason for the TSCM request. Please refer to the previous article in The Circuit (Issue 51), where a list of reasons or triggers for requesting a TSCM inspection was produced.
For buildings, even if a pre-inspection site visit or consultancy is carried out, it is good practice to request a copy of the floor plans. Client security protocols allowing, the floor plans will highlight the areas of interest providing all stakeholders, the client, the TSCM project management and most importantly, and if different to the strategic management of the task, the TSCM team leader with a working platform, and to base the accurate quotation on. Some architects and designers are still providing floor plans in imperial (square footage), but to be current, and metric correct (square meters); for TSCM planning, it matters not.
Other considerations taken into account are the construction type and design of the building, including the type of ceilings (high/low, solid, cavity), floors (permanently fixed, cavity), walls (stud partition, brick/solid, etc.) and if a multi-tenanted building, immediate neighbours to the left, right, above and below.
A formula and guide that can be used are; each room is assessed as a TSCM area, large, medium, or small. For an open-plan office space, internal offices, and meeting rooms, 12 positions/workspaces equate to a medium-sized TSCM area. For smaller areas, the workspaces are merged to make a TSCM area. For larger areas, the space may be broken down into several TSCM areas. The floor plans of 1 Made-Up Place may explain better, pictorially.
Pre-deployment information of the technical equipment contained in and around the areas of interest is desired but not essential and should not change the price quoted, unless a client requires every telephone terminal and individual line tested. The technical inspection of a telephone line back to the Comms/Server Room can be time-consuming, therefore, we would suggest that an amount of telephone lines is agreed on the quotation, prioritising the most critical lines. Without stating all of the equipment in a commercial property, some notable deliberations include:
- Any equipment that transmits data. , VTC, smart speakers/displays, and facsimile machines
- Any equipment that contains a SIM card including IoT (Internet of Things) enabled appliances. There are now vending machines that transmit data using a SIM card
- Current, permanently installed, counter eavesdropping equipment
- The layers of security and installations in the building and areas of interest
It is not uncommon for important meetings to take place in meeting rooms, and then the attendees continue their sensitive, proprietary conversations in break-out areas or a kitchen facility. Finally, sometimes overlooked by the client and TSCM companies is the Comms/Server Room. As a rule, and if a client permits access to enter this critical area, it should have at least a physical search to check for third-party devices.
The areas of interest are to be agreed upon, thus allowing for an accurate quotation and importantly, avoiding mission creep when the TSCM team turns up.
I produce quotes based on a proven, calculation process. On average, one TSCM area with standard office furnishings will take approximately 1 hour to inspect by a 2-man team. Therefore, it is not unreasonable to suggest a TSCM quote could be based on the contents shown in the above Table.
The caveat I place on this calculation process is that some flexibility and lateral thinking is needed, especially when it comes to single areas, for example; a Board Room about to hold an AGM, vehicles, aircraft, and yachts, where other legal, technical, and equipment considerations are thrown into the equation. Before anyone raises the flaws in this ‘guide’, I am limited to space in ‘The Circuit’ magazine and will not keep the readers interested if I methodically attempt to explain every term or condition contained in a quote, or the methodology of a TSCM inspection.
Lateral thinking is required when one TSCM area on its own is asked to be inspected. One would expect a quotation for 1 TSCM area = 1 hour. Setting up the TSCM equipment, frequency searches, and cross-checking of frequency activity can be onerous and add to this, other search techniques, then the calculation of 1 hour would require tweaking. The offer to check the connected rooms, or at least, check the connecting walls of the Board Room, and of course, the Comms/Server Room should be made.
I have recently heard of a two-person TSCM team conducting inspections in 40 meeting rooms in a 10-hour timeframe. Using the calculation process in Table 1, my professional conclusion is that 15 minutes to comprehensively inspect each room is unrealistic. The team in question, could have possibly overlooked, vital eavesdropping and InfoSec vulnerabilities.
Furthermore, I draft this article based on commercial TSCM. In the public sector, TSCM teams are often requested to conduct ‘deep’ TSCM inspections where one room could take an inordinate amount of time compared to a commercial TSCM inspection. Every terminal, socket, furniture and equipment is comprehensively stripped and/or searched, every cable run is systematically scrutinised, and every conceivable cavity is inspected. For the avoidance of doubt, the same threat groups and threat vectors are ubiquitous for the commercial and public sectors, but State-sponsored, nefarious eavesdropping, has a greater level of capability and intent.
As stated in The Circuit (Issue 51), the lack of legislation in the TSCM industry enables TSCM practitioners to turn up with whatever equipment they perceive appropriate. There is no official guide on what constitutes a TSCM team’s equipment, so it would be inconceivable of me to propose an equipment list. Nor would I endanger any independence by suggesting a particular make or company supplier. However, adopting some reverse psychology, we can ascertain some of the common eavesdropping threats and then consider the baseline countermeasure equipment a team could, in theory, deploy with. The suggested list provided is not exhaustive:
By utilising the ubiquitous GSM (mobile phone) network, a small, concealed device with a SIM card installed and a sensitive microphone can eavesdrop on a global capacity
Counter Measure: GSM/SIM card detection, physical search equipment, frequency search equipment
Radio Frequency (RF) threats include the use of small, concealed devices to transmit audio over a short-range
Counter Measure: Frequency search equipment and physical search equipment
Hard-wired microphones may be pre-positioned within an area and could be connected to a recording device or Listening Post
Counter Measure: Microphone detection equipment and physical search equipment
Intercept equipment or recording equipment on telecom lines leaving a building, lines within a building and cable or wiring including audio, data, and electrical cables
Counter Measure: Line analysers and physical search equipment
Telephone instruments are highly susceptible to technical compromise
Counter Measure: Line analysers and physical search equipment
Several stand-off technical attacks are possible including lip-reading, via telescope/binoculars, etc., use of directional, parabolic microphones towards open windows and apertures, and laser-based technology
Counter Measure: Physical search equipment and a good knowledge of how these threats work
The ability to assess the current frequency activity will ascertain what is transmitting in and external of the areas of interest
Counter Measure: A spectrum analyser or frequency search capability
Electronic Component Inspection.
Concealed passive, and active electronics within the furniture, walls, floors, ceilings, and objects
Counter Measure: A non-linear junction detection (NLJD) and physical search equipment
WLAN/Wi-Fi and Bluetooth.
Insecure or suspicious WLAN’s/Wi-Fi in range of the areas of interest and a scan to detect any Bluetooth enabled devices
Counter Measure: Detection of Wi-Fi and Bluetooth devices
Long term or short term covert cameras installed with sensitive microphones
Counter Measure: Lens detection and physical search equipment
Physical Search Equipment.
Supporting search equipment including but not restricted to, thermal imagery, hand tools (screwdrivers, etc.), IR torches, torches, a forensic capability, borescope/endoscope, extendable, handheld mirrors
Evidence Gathering Equipment.
In the event of a device find, the options for the client are to be offered. However, a TSCM team should travel with an evidence-gathering capability
TSCM LITE (Limited Inspection Technical Equipment)
A concern for any TSCM provider is the time-gap between each TSCM inspection; in some cases, this could be a year. To plug this gap, additional measures may include, but are not restricted to:
- A cultural change in the management of information
- Employee InfoSec awareness programs
- Cell phone vulnerability and advice
- Secure communication options
- Training the incumbent security team on physical search techniques
- Installation of permanent, counter eavesdropping detection equipment. For example, SIM card detection
From a TSCM perspective, an interim counter measure capability that enhances the physical search could be employed in-between a full TSCM inspection. The provision of a TSCM LITE (Limited Inspection Technical Equipment) capability; a low-cost compilation of equipment that a non-technical or even a non-security trained person could use:
- User friendly – no TSCM or technical experience required
- Cabin sized walk-on case, fully deployable and transportable
- Thermal Imager (TI)
- RF and GSM detector
- Endoscope camera
- Covert camera lens detectors
- Physical search equipment
- No maintenance or servicing
- A suitable addition to any CPO service
Enquiries about TSCM LITE case provision and training on the equipment can be made with the author of this article, details below.
TSCM in the Workplace
By: Ben Gunn, Olchon & Associates Ltd
Ben is a former member of the British Army spending 29 years out of a 33-year military career in UK Special Forces – 19 years in the Regulars and a further 10 years in the Reserve. He had a unique military career; initially expeditionary and latterly, 4 years seconded to Intelligence and a further 4 years in a Counter Terrorism liaison role.
Ben is a businessman, incorporating a UK Special Forces tenet into his business planning; ‘the unrelenting pursuit of excellence’ and as such, has established under his directorship, a truly global company based in London, offering a multi-service approach to the security of any asset; protecting People, Property (including Intellectual Property), and Possessions.