10 minute read
TSCM In the Workplace
TSCM in the workplace By: Ben Gunn, Olchon & Associates Ltd
It is not uncommon to be requested to carry out a TSCM inspection in vehicles, private jets, luxury maritime vessels, and even converted 40- foot containers used as mobile or temporary office space; clearly, very similar environments to where CPO’s frequent, and provide their own unique protective services. of the area, the number of seating/workspaces, the amount of electrical/ technical equipment in the areas, and of course, the threat or the reason for the TSCM request. Please refer to the previous article in The Circuit (Issue 51), where a list of reasons or triggers for requesting a TSCM inspection was produced. A TSCM team can work in a variety of areas, and although the majority of requests are in buildings, commercial office space or domestic properties, the current trend of working from home (WFH) has seen a rise in requests for TSCM inspections to be carried out in converted office spaces at the homes of c-suite executives, members of the board, and personnel working on sensitive projects.
The Quotation
The ability to accurately quote for a TSCM inspection has many permutations, and each TSCM provider has its own formula for quoting. It would be remiss of me to comment on another company’s best practice, however, the following criteria should be taken into consideration. The size of the areas of interest (size does matter!!!), the importance For buildings, even if a pre-inspection site visit or consultancy is carried out, it is good practice to request a copy of the floor plans. Client security protocols allowing, the floor plans will highlight the areas of interest providing all stakeholders, the client, the TSCM project management and most importantly, and if different to the strategic management of the task, the TSCM
team leader with a working platform, and to base the accurate quotation on. Some architects and designers are still providing floor plans in imperial (square footage), but to be current, and metric correct (square meters); for TSCM planning, it matters not. Other considerations taken into account are the construction type and design of the building, including the type of ceilings (high/low, solid, cavity), floors (permanently fixed, cavity), walls (stud partition, brick/solid, etc.) and if a multi-tenanted building, immediate neighbours to the left, right, above and below. A formula and guide that can be used are; each room is assessed as a TSCM area, large, medium, or small. For an openplan office space, internal offices, and meeting rooms, 12 positions/workspaces equate to a medium-sized TSCM area. For smaller areas, the workspaces are merged to make a TSCM area. For larger areas, the space may be broken down into several TSCM areas. The floor plans of 1 Made-Up Place may explain better, pictorially. contained in and around the areas of interest is desired but not essential and should not change the price quoted, unless a client requires every telephone terminal and individual line tested. The technical inspection of a telephone line back to the Comms/Server Room can be time-consuming, therefore, we would suggest that an amount of telephone lines is agreed on the quotation, prioritising the most critical lines. Without stating all of the equipment in a commercial property, some notable deliberations include: • Any equipment that transmits data. Telephony, VTC, smart speakers/displays, and facsimile machines • Any equipment that contains a SIM card including IoT (Internet of Things) enabled appliances. There are now vending machines that transmit data using a SIM card • Current, permanently installed, counter eavesdropping equipment • The layers of security and installations in the building and areas of interest
1
2 3 4 5
A B
a 2-person team will inspect 8-10 TSCM areas in a 10-hr shift* a 3-person team 10-15 TSCM areas in a 10-hr shift* a 4-person team 15-20 TSCM areas in a 10-hr shift* a 5-person team 15-20 TSCM areas in a 10-hr shift* *supported with the appropriate equipment
place in meeting rooms, and then the attendees continue their sensitive, proprietary conversations in break-out areas or a kitchen facility. Finally, sometimes overlooked by the client and TSCM companies is the Comms/ Server Room. As a rule, and if a client permits access to enter this critical area, it should have at least a physical search to check for third-party devices. The areas of interest are to be agreed, thus allowing for an accurate quotation and importantly, avoiding mission creep when the TSCM team turns up. I produce quotes based on a proven, calculation process. On average, one TSCM area with standard office furnishings will take approximately 1 hour to inspect by a 2-man team. Therefore, it is not unreasonable to suggest a TSCM quote could be based on the contents shown in the above Table. The caveat I place on this calculation process is that some flexibility and lateral thinking is needed, especially when it comes to single areas, for example; a Board Room about to hold an AGM, vehicles, aircraft, and yachts, where other legal, technical, and equipment considerations are thrown into the equation. Before anyone raises the flaws in this ‘guide’, I am limited to space in ‘The Circuit’ magazine and will not keep the readers interested if I methodically attempt to explain every term or condition contained in a quote, or the methodology of a TSCM inspection. The lateral thinking is required when one TSCM
area on its own is asked to be inspected. One would expect a quotation for 1 TSCM area = 1 hour. Setting up the TSCM equipment, frequency searches, and crosschecking of frequency activity can be onerous and add to this, other search techniques, then the calculation of 1 hour would require tweaking. The offer to check the connected rooms, or at least, check the connecting walls of the Board Room, and of course, the Comms/Server Room should be made.
I have recently heard of a two-person TSCM team conducting inspections in 40 meeting rooms in a 10-hour timeframe. Using the calculation process in Table 1, my professional conclusion is that 15 minutes to comprehensively inspect each room is unrealistic. The team in question, could have possibly overlooked, vital eavesdropping and InfoSec vulnerabilities.
Furthermore, I draft this article based on commercial TSCM. In the public sector, TSCM teams are often requested to conduct ‘deep’ TSCM inspections where one room could take an inordinate amount of time compared to a commercial TSCM inspection. Every terminal, socket, furniture and equipment is comprehensively stripped and/or searched, every cable run is systematically scrutinised, and every conceivable cavity is inspected. For the avoidance of doubt, the same threat groups and threat vectors are ubiquitous for the commercial and public sectors, but Statesponsored, nefarious eavesdropping, has a greater level of capability and intent.
The Equipment
As stated in The Circuit (Issue 51), the lack of legislation in the TSCM industry enables TSCM practitioners to turn up with whatever equipment they perceive appropriate. There is no official guide on what constitutes a TSCM team's equipment, so it would be inconceivable of me to propose an equipment list. Nor would I endanger any independence by suggesting a particular make or company supplier. However, adopting some reverse psychology, we can ascertain some of the common eavesdropping threats and then consider the baseline countermeasure equipment a team could, in theory, deploy with. The suggested
1 Made-Up Place, Fiction, London, MU1 8FN Ground Floor
Notes:
Area of Interest:
TSCM area #
x
Areas of Interest = 10 TSCM areas = 8
Comms Room Kitchen
1
Quiet Room
Quiet Room
8 2
Meeting Room
3
Board Room
Meeting Room
7
Meeting Room
6 4 5
Conference Centre
Classification - Confidential
list provided is not exhaustive:
GSM/SIM Card.
By utilising the ubiquitous GSM (mobile phone) network, a small, concealed device with a SIM card installed and a sensitive microphone can eavesdrop on a global capacity Counter Measure: GSM/ SIM card detection, physical search equipment, frequency search equipment
Radio Frequency.
Radio Frequency (RF) threats include the use of small, concealed devices to transmit audio over a shortrange
Counter Measure:
Frequency search equipment and physical search equipment
Hard-Wired Microphones.
Hard-wired microphones may be pre-positioned within an area and could be connected to a recording device or Listening Post
Counter Measure:
Microphone detection equipment and physical search equipment
Line Taps.
Intercept equipment or recording equipment on telecom lines leaving a building, lines within a building and cable or wiring including audio, data, and electrical cables Counter Measure: Line analysers and physical search equipment
Telephone Compromise.
Telephone instruments are highly susceptible to technical compromise Counter Measure: Line analysers and physical search equipment
Stand-Off Attacks.
Several stand-off technical attacks are possible including lipreading, via telescope/binoculars, etc., use of directional, parabolic microphones towards open windows and apertures, and laser-based technology Counter Measure: Physical search equipment and a good knowledge of how these threats work
Frequency Assessment.
The ability to assess the current frequency activity will ascertain what is transmitting in and external of the areas of interest Counter Measure: A spectrum analyser or frequency search capability
Electronic Component Inspection.
Concealed passive, and active electronics within the furniture, walls, floors, ceilings, and objects Counter Measure: A non-linear junction detection (NLJD) and physical search equipment
WLAN/Wi-Fi and Bluetooth.
Insecure or suspicious WLAN’s/ Wi-Fi in range of the areas of interest and a scan to detect any Bluetooth enabled devices Counter Measure: Detection of Wi-Fi and Bluetooth devices
Covert Cameras.
Long term or short term covert cameras installed with sensitive microphones Counter Measure: Lens detection and physical search equipment
Physical Search Equipment.
Supporting search equipment including but not restricted to, thermal imagery, hand tools (screwdrivers, etc.), IR torches, torches, a forensic capability, borescope/endoscope, extendable, handheld mirrors
Evidence Gathering Equipment.
In the event of a device find, the options for the client are to be offered. However, a TSCM team should travel with an evidencegathering capability
TSCM LITE (Limited Inspection Technical Equipment)
A concern for any TSCM provider is the time-gap between each TSCM inspection; in some cases, this could be a year. To plug this gap, additional measures may include, but are not restricted to: • A cultural change in the management of information • Employee InfoSec awareness programs • Cell phone vulnerability and advice • Secure communication options • Training the incumbent security team on physical search techniques • Installation of permanent, counter eavesdropping
detection equipment. For example, SIM card detection
From a TSCM perspective, an interim counter measure capability that enhances the physical search could be employed in-between a full TSCM inspection. The provision of a TSCM LITE (Limited Inspection Technical Equipment) capability; a low-cost compilation of equipment that a nontechnical or even a nonsecurity trained person could use: • User friendly – no TSCM or technical experience required • Cabin sized walk-on case, fully deployable and transportable • Thermal Imager (TI) • RF and GSM detector • Endoscope camera • Covert camera lens detectors • Physical search equipment • No maintenance or servicing • A suitable addition to any CPO service
Enquiries about TSCM LITE case provision and training on the equipment can be made with the author of this article, details below.
Ben is a former member of the British Army spending 29 years out of a 33-year military career in UK Special Forces – 19 years in the Regulars and a further 10 years in the Reserve. He had a unique military career; initially expeditionary and latterly, 4 years seconded to Intelligence and a further 4 years in a Counter Terrorism liaison role. Ben is a businessman, incorporating a UK Special Forces tenet into his business planning; ‘the unrelenting pursuit of excellence’ and as such, has established under his directorship, a truly global company based in London, offering a multi-service approach to the security of any asset; protecting People, Property (including Intellectual Property), and Possessions. E: ben.gunn@olchon.co.uk T: +44 (0)203 1903030 W: www.olchon.co.uk
