Corporate counterintelligence - the importance of TSCM

June 2000 Security Services & Risk Management

Steve Whitehead is the Managing Member of TSCM Services. He is a former lieutenant in the South African Police and held the rank of Deputy Director in the National Intelligence Service (NIS) before his resignation. He served for nearly 20 years in the two departments. His last ten years of service was dedicated to the study and practice of counterintelligence and counterespionage. He also taught offensive and defensive espionage methods at the National Intelligence Training Academy for two years. He is a member of various professional institutions and regularly speaks on the subject of electronic countermeasures.

Lorenzo Lombard is the Technical Services Manager of TSCM Services. He is also a former member of the National Intelligence Service (NIS) and the National Intelligence Agency (NIA). He served for nearly 22 years in the technical field and held the rank of assistant director before his resignation. He was primarily involved in the electronics field, offensive as well as defensive and served for many years locally and overseas as a member of the NIS TSCM team. In addition to his Government training courses, he also attended TSCM training courses at international training institutions. During his career he held postings at South African embassies in Europe as a senior technical officer. He is considered by many worldwide to be one of the top TSCM professionals in South Africa.

Do you need to be concerned about the threat against information? Is it exaggerated? Does electronic invasion or telephone tapping take place? Who can you contact to check? How will you know that they can do the job or have the necessary equipment? What is the legal position?

This article will attempt to answer those questions, provide guidelines, and dispel myths regarding training, equipment and service providers who provide TSCM as a counterintelligence service.

The well-known author Peter Hamilton wrote as far back as 1979 in his book "Espionage, terrorism and subversion in an industrial society' that "Industrial espionage poses a significant threat."He further wrote that "It will not be possible for any company or economy to survive the battle without good industrial intelligence. Organised industrial espionage would be a logical outcome of this need."

Leaders throughout history have attempted to secure knowledge and warning to avoid being forced to make uninformed decisions. No business in today's highly competitive marketplace is safe from the threat of industrial espionage.

Intelligence also implies the protection of one's own information from acquisition by others. Just as counterintelligence is important to a nation's security so is counterintelligence, sometimes called defensive business intelligence, also important in the corporate environment. Business managers need to protect the information essential to the successful operation of their businesses.


Counterintelligence is basically directed at coping with or countering threats. Counterintelligence seeks to counter potentially hostile and concealed acts. It comprises measures undertaken to protect against what an adversary may do.

"If one waits until a threat is manifest through a successful attack, then significant damage can be done before an effective countermeasure can be developed and deployed. Therefore countermeasures must be based on speculation. Effort may be expended in countering attacks that are never attempted. The need to speculate and to budget resources for countermeasures also implies a need to understand what it is that should be protected, and why; such understanding should drive the choice of a protection strategy and countermeasures. This thinking should be captured in security policies generated by management; poor security often reflects both weak policies and inadequate forethought."

Source: James A. Schweitzer: Protecting Business Information

Counterintelligence includes measures aimed at identifying possible "threat targets" among personnel, Technical Surveillance Countermeasures (TSCM), security education and estimating and assessing the vulnerability of sensitive installations and activities to counter the business espionage threat.

Security policies and counterintelligence

So much has been spoken and written about security policies but most policies do not cover counterintelligence functions. Most companies do not have centralised records that reflect the level of counterintelligence activities that are conducted or were conducted in the company. Companies do not have laid down standards for their TSCM requirements or any quality control review procedures regarding the level of services that are performed.

But what is the situation in South Africa?

Do you need to be concerned about the threat against information? Is it exaggerated? Does electronic invasion or telephone tapping take place? Who can you contact to check? How will you know that they can do the job or have the necessary equipment? What is the legal position?

What is TSCM?

TSCM is a counterintelligence activity and refers to a set of measures employed to identify hostile technical devices planted by an adversary for collection purposes.

TSCM is largely directed at the protection of information but will often reveal physical and other security problems, lack of security education and can assist to assess the vulnerability of sensitive facilities.

Typical projects by a professional TSCM company include debugging services to discover and locate illegal eavesdropping devices, support of personal and VIP protection programmes, provision of secure environments for special meetings or activities and consultations on matters relating to information security.

TSCM tradecraft encompasses many seemingly unrelated disciplines including electronics, technology, security, investigations and specialised training.

A company offering TSCM services usually comprises a number of individuals with extensive training, who through the years of experience have acquired valuable knowledge of their profession and possesses a variety of equipment.

"Although they are warriors of the information age, Technical Surveillance Countermeasures practitioners remain a rare hybrid between the technical and security professions. TSCM professionals are being sought with more frequency and concern as emerging technologies continue to expose the soft underbelly of both companies and individuals."

Source: Douglas A. Roth

TSCM can be defined as the systematic electronic, physical and visual examination of a designated area by trained and qualified persons utilising appropriate equipment and techniques in an effort to locate transmitting or surreptitious listening devices, security hazards or other means in which classified, sensitive or proprietary information could be intercepted or lost.

If you have reason to believe that you or your company could be a target or that your privacy is threatened, you need the services of a professional. You need to locate someone or a company who is competent in TSCM and will work with you to assess the threat and perform a series of services to determine whether you or your company could be the subject of illegal eavesdropping.

Legal aspects of eavesdropping

In South Africa the Interception and Monitoring Prohibition Act, No 127 of 1992 prohibits electronic eavesdropping. The South African Law Commission recently reviewed the act and made general and specific recommendations to parliament that the act be amended and augmented by a number of new provisions. (Most of the recommendations have to do with the legal interception of cellular telephone communications.)

The following provisions regarding the act are relevant to this discussion:

"No person shall -

* Intentionally and without the knowledge or permission of the dispatcher intercept a communication which has been or is being intended to be transmitted by telephone or in any other manner over a telecommunications line; or

* Intentionally monitor a conversation by means of a monitoring device so as to gather confidential information concerning any person, body or organisation.

* Any person who contravenes a provision ... Shall be guilty of an offence and liable on conviction ..."

The act also makes provision for legal eavesdropping and interception by government and law enforcement agencies under certain circumstances and the procedures they have to follow to obtain the necessary permission.

The act in general prohibits any form of eavesdropping or interception unless it is done by government and permission will only be granted once a judge has been satisfied that the agency applying for permission has adhered to the stringent prescriptions.

Is the threat of eavesdropping real?

Notwithstanding the provisions of Act 127 of 1992, bugging and electronic surveillance services are openly advertised, mostly by private investigators. A quick glance through a Gauteng business directory revealed a number of private investigators offering eavesdropping or electronic surveillance services.

In the same directory, a PI company also advertises "industrial espionage" services. According to Robert Abrahamson, an American author on business intelligence and analyses, "Industrial espionage denotes the illegal gathering of business data, information and trade secrets. This includes bribery, coercion, breaking and entering, installing of electronic transmitting devices."

A private investigator has been openly advertising "Telephone tapping for R1500," in one of the daily Gauteng newspapers for the past few months. Some South African private investigators also advertise these services on the Internet.

In December 1998 one of the South African weekly magazines catering mostly for women, interviewed a private investigator. In the article his use of illegal surveillance tactics is highlighted as one of the techniques he employs, to catch unfaithful spouses.

The list goes on and we can find examples all around us. The SA Law Commission reviewing Act 127 of 1992 commented as follows, "The project committee considered that a matter, which is alarming in South Africa, is the large number of advertisements, sometimes even in law journals of private investigators, offering to deliver services, which include 'bugging'."

The legalities of equipment ownership

The sale of eavesdropping devices is not prohibited in South Africa, creating a contradiction. It is illegal in terms of Act 127 of 1992 to 'bug' or 'tap' someone, but not illegal to manufacture, sell or possess these devices. Various specialised shops have opened up selling mainly surveillance and monitoring equipment.

In the US, the manufacture, distribution, possession and advertising of wire or oral communication interception devices is prohibited.

No real statistics of reported incidents are available from any Government agency, nor does the South African Government assist or advise the business sector regarding the threat of illegal eavesdropping, good counterintelligence practices, etc.

On the other hand the American Government is taking the threat seriously and regularly issues guidelines and suspicious indicators regarding security countermeasures to their industries and businesses.

Is the threat of illegal eavesdropping creating a security problem in South Africa? We hear and read about it regularly, and TSCM is now a regular requested topic at seminars and conferences dealing with security, crime and business intelligence.

During the past few months a number of private investigators were arrested in Cape Town, Gauteng and KwaZulu-Natal for the illegal 'tapping' of telephones. A Cape Town advertising agency boss appeared during December 1999 in the Wynberg Magistrate's Court for the alleged tapping and bugging of another advertising agency.

Towards the end of 1999 the Democratic Party claimed that an independent consultant has determined that their Cape Town Parliamentary offices were 'bugged'. We had the incident with the bungled spy camera at the German Embassy in Pretoria. Hansie Cronje would probably never again discuss any sensitive information on a telephone if the Indian Government's claims prove to be correct. During March 2000 an East Rand newspaper reported on the discovery of a bugging device in the office of the CEO of one of the metropolitan councils in the area.

The threat is real

In view of the above it would probably be reasonable to say that in South Africa there is definitely a threat to companies and individuals. We have to accept that illegal eavesdropping services are performed more regularly throughout South Africa than many people realise. Discovered devices and evidence of tampering found during surveys are also good indicators that the problem exists. Unfortunately many companies are unaware that industrial espionage or illegal eavesdropping has affected their businesses, as they have no counterintelligence policies in place.


The potential benefits generally far outweigh the potential penalties that can be imposed when caught. (Richard Nixon, following the Watergate scandal, might however disagree on this point.) Information in the wrong hands can destroy a corporation, put people out of work, bankrupt companies and devastate shareholders.

Major decisions are often made orally long before they are committed to writing. Audio surveillance of the locations where sensitive discussions are held and decisions are made can give the unauthorised eavesdropper not only the information he requires, but also the lead-time to make use of the information.

In the next issue of Hi-Tech Security Systems, we will look at 'The need for TSCM', the training of TSCM professionals and what you can expect from TSCM service providers.

For details contact Steve Whitehead of TSCM Services on

tel: (012) 664 3157,

fax: (012) 664 3180,


or visit

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Putting secondary storage to work
September 2019 , IT infrastructure, Security Services & Risk Management
By 2022, more than 80% of enterprise data will be stored in scale-out storage systems in enterprise and cloud data centres, up from 40% in 2018.

ContinuitySA offers Complete Continuity Practitioner in October
September 2019, ContinuitySA , Training & Education, Security Services & Risk Management
ContinuitySA is offering its popular five-day Complete Continuity Practitioner Programme on 21-25 October 2019 at its offices in Midrand.

South Africans are urged to be aware when it comes to fraud
September 2019 , Home Security, Security Services & Risk Management
Recent statistics shows that while some forms of fraud are decreasing, there is a sharp increase in other areas.

Edwards Public Address & Voice Alarm System
October 2019 , Security Services & Risk Management, Products
Carrier has added the Public Address & Voice Alarm (PAVA) range to its fire product offerings.

ContinuitySA offers ISO 22301 Lead Implementer course
October 2019, ContinuitySA , Training & Education, Security Services & Risk Management
ContinuitySA is once again offer its five-day Certified ISO 22301 Lead Implementer course on 18-22 November 2019 at the company's Midrand facility.

Preparing your data for PoPI
September 2019 , IT infrastructure, Security Services & Risk Management
When it comes to protecting any information, the way data is secured across the value chain needs to be addressed.

A balanced, fair industry
October 2019 , Residential Estate (Industry), Security Services & Risk Management, Associations
PSiRA is focused on supporting the effective promotion and regulation of the private security industry.

SOAR an essential part for security operations
October 2019 , Editor's Choice, Cyber Security, Security Services & Risk Management
MJ Strydom, MD of cybersecurity specialist company DRS discusses the challenges around the security incident response lifecycle.

The importance of body-worn cameras in the workplace
October 2019 , CCTV, Surveillance & Remote Monitoring, News, Security Services & Risk Management
South Africans have far more agency over their security than they have realised in the past.

Increase in Business Email Compromise (BEC) attacks
October 2019 , Cyber Security, Security Services & Risk Management
A new Mimecast ESRA report finds millions of spam, tens of thousands of BEC or impersonation attacks, dangerous file types and malware attachments being delivered to users' inboxes.