TSCM in the 21st century

April 2017 Security Services & Risk Management, Information Security

When talking about security and risk management, cyber is the new buzzword. The authors Refsdal, Solhaug and Stolen in their book Cyber-Risk Management explain, “Due to cyberspace and its underlying infrastructure, people and organisations have access to more and better services than ever before”. They go on to say that cyberspace has introduced and “continues to introduce, numerous new threats and vulnerabilities.”

Steve Whitehead.
Steve Whitehead.

Many of these new threats and vulnerabilities can both be identified and countered with the appropriate level of technical surveillance countermeasures (TSCM) services. In addition to the cyber communication threats, we have seen a tremendous growth in surveillance-enabling technologies over the last decade. Devices operating on GSM, GPRS, UMTS, LTE, Wi-Fi and Bluetooth are found in every business and residence.

New technologies such as the Internet of Things (IoT) are rolled out on a daily basis without considering the technical surveillance threats that come along with these technologies. (IoT is the incorporation of electronics into everyday items that allows them to be connected to each other). IoT devices are deployed in the banking, financial, medical, agricultural, industrial, oil, gas and motor industries, to name a few.

In the May 2015 edition of this magazine, in the article ‘How eavesdropping-resistant is your organisation’, I wrote that risk managers, security professionals, information protection officers and facility managers need to understand the threat of modern technical espionage.

It is however equally and sometimes more important that those offering technical surveillance countermeasures (TSCM) services in South Africa themselves pay attention to key trends, new technologies and new threats, and adapt their service offerings accordingly to stay relevant. There is no longer space for outdated services, training or equipment when it gets to the safeguarding of sensitive information and data.

A snap survey during January 2017 among local TSCM service providers showed that there is reason for concern about the current levels of TSCM services offered in South Africa. There are only two companies in South Africa that can offer an up-to-date modern-day technical surveillance countermeasures service to corporate South Africa.

The role of TSCM in the cyber world

Charles Patterson, a TSCM professional from the US recently wrote: “where cyber and physical security almost meet is TSCM”. Patterson says, “Both cyber and physical security are necessary, but there is an area in between that neither one extends into. That is where TSCM sweeps are needed”.

J.D. LeaSure, director of the Espionage Research Institute International (ERII) (USA), has been talking for a number of years about this area that Patterson refers to and has named it Cyber TSCM. It extends beyond the traditional practice of TSCM. His presentation, ‘The Dragon in the Machine’ at the CBIA Business Counterintelligence Conference at the Kwa Maritane Bush lodge in September 2012 explained how an organisation’s data and Wi-Fi networks were exploited to steal corporate information, and the need for Cyber TSCM that goes beyond the traditional approach.

Since then, many TSCM service providers around the world have made the paradigm shift and are now offering Cyber TSCM surveys to counter the most modern threats. We are also seeing various strands of Cyber TSCM developing in different parts of the world.

Professional TSCM teams now offer a superior technical countermeasures service which incorporates additional services to identify how sensitive, classified and secret information as well as data could be intercepted, lost or stolen, no matter what the communications medium.

To be able to offer services on such a high level requires total commitment, a deep understanding of counterintelligence principals and a range of sophisticated equipment that covers a wide range of communication technologies. The size of a professional TSCM team has also increased, and a typical cyber TSCM team now consists of a minimum of four to five members.

What to expect from a TSCM service provider

Security and risk managers should expect high standards from their technical surveillance countermeasures (TSCM) service providers.

Proactive and regular TSCM surveys keep a company’s security one step ahead. It will ensure compliance with the King IV corporate governance requirements regarding information security risk management. King IV says technology governance and security have become critical issues. “Technology is now both the source future opportunities and of potential disruption.”

If listed companies do not conduct regular TSCM surveys of their sensitive areas, it could be argued that they do not take prudent and reasonable steps to safeguard their information against possible technical attacks. The same could be true if a company selects an outdated service provider who does not comply with the minimum accepted requirements regarding training, experience and equipment.

There are six easy tests to follow when selecting a Cyber TSCM service provider. The following which are adapted from some of my previous work can be requested during the initial contact with the service provider:

1. Enquire about and request proof of training in the field of technical surveillance counter-measures. Request proof of training at recognised TSCM training organisations as well as certification on the equipment;

2. Enquire about their equipment. Attacks occur on various levels and contrary to many claims, there is no quick fix or any special black box or briefcase containing gadgets that can detect all eavesdropping devices. Look for equipment names such as Oscor Blue/Green spectrum analysers, ANDRE and WAM near field detectors, Kestrel SDR, TALAN Telephone and Line Analysers, Orion and SB Non-Linear Junction Detectors (NLJD), GSM and Wi-Fi detection equipment, thermal imagers and network tools. If you do not see these then they do not have the latest and most modern equipment available in South Africa to service providers.

3. Enquire about the prospective service provider’s survey procedure and checklist and verify that they follow an action plan.

4. Membership of Professional Associations. There are only three associations in the world that cater for and recognise TSCM professionals. They are the Espionage Research Institute International (ERII) (USA), TSCM Institute (TSCMi) (UK) and Business Espionage Countermeasures South Africa (BECSA) (RSA). BECSA has a dedicated portal for trained and qualified local TSCM practitioners. These associations will gladly confirm and verify the status of a prospective TSCM service provider.

5. Written technical report, analysis and recommendations. On completion of the survey a report should be submitted detailing the tests conducted and the findings of the survey. The report should include a record of the signals found and analysed (including GSM, Wi-Fi, Bluetooth and narrowband IoT), telephone measurements obtained (including analogue, digital and VoIP) as well as other electronic and energy signals detected and evaluated. Procedures on the actions that should be taken if an eavesdropping device is found have to be discussed before the commencement of the survey.

6. Certificate of Quality. The service provider should carry calibration certificates or a certificate of quality regarding the equipment that they use during a survey on your premises. This certificate issued by the manufacturer or its representative should state the following:

• That the equipment is of the latest generation software and version;

• It is in proper calibration and operating procedures as defined by the manufacturer’s specifications and factory standards; and

• Has been tested at the manufacturer or its authorised representative’s facility within the past twelve (12) to eighteen (18) months. This is necessary to prevent that your premises are checked with old and outdated equipment.

Conclusion

TSCM is an important function. To counter technical surveillance threats in the cyber world is not an easy task. TSCM has become much more complicated and requires a whole new approach and an array of appropriate equipment, training and lots of new experience. We have reached a point where prospective service providers who did not keep pace with all the changes will simply disappear.

The demand for professional TSCM surveys will continue to grow as the technical threats escalate and the gap between physical and IT security widens.

TSCM is about risk management. Failure to implement an appropriate TSCM programme could lead to a risk of operation, disruption, intellectual property loss, public embarrassment and reduced trust in an organisation’s ability to protect its information.

For more information contact EDS-TSCM, [email protected], www.tscm-za.com





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Boost revenue streams for MNOS
News & Events Security Services & Risk Management Financial (Industry)
ReveNet has introduced its new solution, designed to safeguard and potentially boost revenue streams in an increasingly challenging landscape for MNOS. The new platform combines advanced analytics and is built on trust, transparency, and sustainability principles.

Read more...
Risk-IO manages mining security risks
Security Services & Risk Management Mining (Industry)
[Sponsored] A local mining company with three large operations experienced increased security costs. The liability included no standardised risk assessment, poor management of the efforts to mitigate hazards, and unauthorised access with subsequent theft. The reactive approach to security was not only expensive but also wasteful in the sense that the costs were poorly managed, and there were no metrics to show improvement or trends in incidents.

Read more...
Smart surveillance and cyber resilience
Axis Communications SA Surveillance Information Security Government and Parastatal (Industry) Facilities & Building Management
South Africa’s critical infrastructure sector has to step up its game regarding cybersecurity and the evolving risk landscape. The sector has become a prime target for cybercriminals on top of physical threat actors, and the consequences of an incident can be far-reaching.

Read more...
NIS2 compliance amplifies skills shortages and resource strain
Information Security Security Services & Risk Management
A new Censuswide survey, commissioned by Veeam Software reveals the significant impact on businesses as they adapt to this key cybersecurity directive, with 95% of EMEA businesses siphoning other budgets to try and meet compliance deadline.

Read more...
SA company develops world-first safe K9 training for drug detection
Editor's Choice News & Events Security Services & Risk Management Government and Parastatal (Industry)
The Braveheart Bio-Dog Academy recently announced the results of its scientific research into training dogs to accurately detect drugs and explosives without harming either the dogs or their handlers.

Read more...
Autonomous healing systems are the future
Infrastructure Information Security AI & Data Analytics
Autonomous healing software, an emerging technology, is gaining traction for its potential to transform how organisations manage software maintenance, security, and system performance.

Read more...
Understanding South Africa’s Cybercrimes Act
Information Security Security Services & Risk Management
The Cybercrimes Act No.19 of 2020 is a comprehensive legislative response to the evolving landscape of cyberthreats in South Africa. Its effectiveness, however, relies on enforcement, which relies on implementation, international cooperation, and collaboration between the public and private sectors.

Read more...
Partnership addresses fire hazard mitigation
Brigit Fire (a Division of Hudaco Trading) Elvey Security Technologies Fire & Safety Security Services & Risk Management
Brigit Fire has partnered with the Elvey Group. The collaboration will see Brigit Fire distributing both the advanced C-TEC addressable fire detection systems (CAST Technology) and GreenMist lithium extinguishers.

Read more...
Fire protection for a solvent extraction plant in Africa
FS Systems Fire & Safety Security Services & Risk Management Mining (Industry)
A prominent mining site operates a state-of-the-art solvent extraction (SX) plant, integral to separating and purifying metals from ores, which pose significant fire risks, as SX processes involve highly flammable organic solvents and elevated operating temperatures.

Read more...
Taking fire safety seriously
G2 Fire Editor's Choice Fire & Safety Security Services & Risk Management
To gain insights into how fire systems must be designed, installed and maintained, SMART Security Solutions asked Nichola Allan, MD of G2 Fire, for some insights into the local fire market.

Read more...