Some companies get boardrooms or other sensitive areas periodically “swept” for bugs or other surveillance devices, often using external specialists. The word evokes the physical “sweeping” of walls or objects for radio emissions from old-school “bugs”, typically using a handheld detector.
For the most part, the objective is uncovering audio surveillance systems as a counterpart to cybersecurity for protection against online data exploits.
Modern counter-surveillance technology is evolving to counteract more sophisticated and hard-to-detect bugs, including ones that use short-burst transmissions or hide their signals within or next to legitimate wireless systems. Such efforts are often described as TSCM (Technical Surveillance Countermeasures).
Separately, many companies also use basic portable spectrum analyzers to plan and design Wi-Fi networks or, more recently, private 4G/5G installations. They can also detect sources of interference or rogue access points installed by bad actors. Security capabilities are also baked into some enterprise Wi-Fi systems for continual monitoring. These can also detect specific protocols or other signs that can signify wireless-related threats but generally only cover specific unlicensed bands.
However, these areas are just the starting points for future spectrum monitoring. Many other wireless security and surveillance risks apply inside enterprise premises, especially those operating in the technology sector or other industries with deeply confidential information and valuable R&D, such as biotech or advanced engineering.
There are three angles to consider here:
Occasional TSCM sweeps are becoming insufficient for detecting modern wireless-related issues. Surveillance devices can use frequency-hopping or compress data into short bursts. Some may “hide” their signals in the noise floor or in / adjacent to other legitimate transmissions.
This means there may be a need for more sophisticated and permanent in-building RF sensing systems. These are essentially scaled-down versions of the wide-area monitoring platforms already used by the military, regulatory authorities, and other government-related organizations.
These are sometimes called IPMS (In-Place Monitoring Systems). Typically, these cover specific frequencies used for Wi-Fi or public mobile networks and span a huge range from 100Hz to 10’s of GHz.
IPMS can provide what is essentially a digital twin of the in-building spectrum landscape – and, in particular, help track and analyze any anomalies compared to the normal baseline situation.
As discussed below, this task will get harder over time as more legitimate wireless systems and frequency bands will be used, against which espionage-related signals will need to be identified.
While the main focus will be on monitoring for radio sources in boardrooms, C-level offices, and perhaps protected and RF-screened rooms called Sensitive Compartmented Information Facilities (SCIFs), there may be a need for better RF awareness and security in other areas of the site as well.
While the primary concern for surveillance still relates to voice conversations about sensitive topics conducted in meeting rooms, there may be other espionage risks that RF monitoring could also detect, which may occur in other areas of the site:
There are also wireless-related risks that go beyond surveillance, which could also drive demand for permanent RF sensing:
Historically, counter-surveillance and network security/operations have been very separate functions in enterprises. Yet, over time, these are likely to come closer together. There is a shared need for better real-time awareness of the RF environment as commercial wireless options expand in scope and importance and potentially become vectors for new forms of wireless espionage or sabotage.
Importantly, it will become ever more difficult for TSCM teams to switch off all RF sources during sweeps as they become embedded in critical business systems or the fabric of the building itself. A much greater variety of system types and frequency bands will also be available off the shelf.
For instance, consider the growth of:
All of these represent additional background RF usage, which could enable surveillance signals to hide covertly or be installed as independent systems that might not be picked up when watching for normal frequency bands.
It will be important for TSCM teams to understand the changing commercial wireless landscape, use systems that can reduce the risks of false positives and -negatives, and work collaboratively with network operations and cybersecurity groups to understand complex threats around espionage, sabotage, hacking, or social engineering.
Wireless-related espionage risks are increasing, especially for organizations with sensitive discussions, highly confidential data, or undertaking cutting-edge R&D efforts. At the same time, other risks are bringing together the security domains of TSCM and network/IT security, as RF exploits can cause direct harm to the business and its various technical systems.
Hostile surveillance via wireless means also extends beyond simple microphones and voice interception to other sources of data, such as smart-building and IoT sensor outputs.
It is also likely that new network types - and their fast-evolving spectrum bands - will accelerate the risks, as new legitimate frequency use could cloak additional threats and broaden the supply of commercially available radios.
As a result, it will be necessary to monitor and adjust the RF monitoring baseline for a given site on an ongoing basis, as there will be a much broader set of friendly wireless systems with frequent additions and changes. The radio landscape will become more dynamic, diverse, and much harder to switch off / neutralize during traditional bug-sweeps.
This indicates a requirement for more permanent RF sensing and analytics for enterprises with sensitive data or facing espionage risks across a wide spectrum range. There is also likely to be a growing overlap – or perhaps convergence – between surveillance countermeasures and network / IT security. Although separate systems are likely to remain in place for now, coordination and mutual understanding will become increasingly critical.
Product brochures
Continuous real-time technical surveillance counter measures for sensitive or secure facilities
Dean Bubley, founder of Disruptive Analysis, writes guest posts for CRFS. He is an independent analyst and advisor to the wireless and telecoms industry and has covered the evolution of private cellular networks since 2001.