# TSCM  – Technical Surveillance Counter Measures

## The threats are real

The quest for illicit intelligence is a never-ending threat; from criminals trying to obtain information for financial gain, to sophisticated state-sponsored adversaries looking for political and military gains. While we do not always know what kind of threats are around us, a robust security policy encompassing physical security, cyber security and protection from electronic surveillance is needed to ensure secrets remain secret. The security of your building, your Sensitive Compartmented Information Facility (SCIF), your private conversations, your plans and secrets can all be compromised by small, inexpensive surveillance devices (GSM bugging devices are available today from well-known online retailers for less than $50). ## Devices can be difficult to locate Modern surveillance technologies are highly discreet, highly capable and very difficult to locate. Even the smallest device can pack a considerable amount of technology. These devices can be integrated into USB cables, light bulbs or any number of other common objects. When not in use, such a device can lie dormant. If connected to a mobile network, it may only need to “shake hands” momentarily once every 8 hours (network defined); at other times it remains RF invisible. Without good OPSEC (Operational Security), undetected RF surveillance and data transmissions can allow an adversary to: • Conduct ISR operations against the organization • Collect and disclose classified information • Hijack critical C2 signals that can cause loss of finances, assets, or even life • Obtain money and financial data • Compromise law enforcement and intelligence agency operations ## Beyond bug sweeping The traditional approach to detecting electronic surveillance devices (or bugs) is to use a hand-held bug sweeping tool. This tool is moved through a room to scan for the presence of a bug. However, bugs are often able to evade these sweeps. Devices that only transmit in short, infrequent bursts or frequency hop, or devices that are “hidden” close to a high-power signal are just a few of examples of how eavesdropping devices can avoid detection by sweep teams. And of course, a device can be switched off during a sweep or placed after a sweep is conducted. To provide complete assurance against RF surveillance, there is a need for continuous real-time TSCM in the form of an In-Place Monitoring System. This is where the RFeye Guard system comes in. ## In-place monitoring system The RFeye Guard continuous TSCM monitoring system is a cost-effective alternative to bug sweeping strategies with guaranteed detection 24 hours, 365 days a year. RFeye Guard continuously monitors the RF environment to instantly detect suspect signals in real time. Even if a device transmits at 2am for less than a second, RFeye Guard will be able to detect it. Fast sweep speeds and exceptionally low noise figures allow our RFeye sensors to detect even the lowest-power and shortest-duration signals. These intelligent sensors, combined with the Guard software suite, operate autonomously and when a signal is detected, the RFeye Guard system can provide a real-time alert and location to a security guard. ## Threats ### Video surveillance ### Data exfiltration ### Audio surveillance ## Applications ## Secure facilities & SCIFs When matters of state and national security are being discussed, secrets need to remain secret. Often, these discussions will take place in a Sensitive Compartmented Information Facility (SCIF). A SCIF is an enclosed area (could be a room or an entire building) that is designed to protect occupants from surveillance. They are acoustically and electronically shielded and often guarded. Electronic devices such as phones or laptops are not permitted in these areas and have to be left outside. ### Why In-Place Monitoring? If a phone or surveillance device was taken into a SCIF, by accident or maliciously, a previous TSCM sweep wouldn’t be effective. Security breaches need to be picked up the instant they happen, not hours or days later. An in-place monitoring system like RFeye Guard would be able to detect any device transmitting inside the SCIF the instance it happened, regardless of whether the device was brought in before or during the meeting. With RFeye Guard the security team can be immediately alerted, and the exact room the security breach occured pinpointed. The meeting could be stopped before conversations are potentially compromised. ## Embassies and diplomatic buildings In a world of constantly shifting social and political landscapes, it is important that nations have safe spaces to discuss ongoing events and policy both at home and outside home borders. Safe spaces must exist without fear of bugging, interception or eavesdropping technologies. These secure spaces exist within government buildings as well as embassies and other diplomatic buildings such as diplomatic residences. These environments need a solution to ensure those spaces are continually free from transmitting devices and assure absolute freedom to discuss ongoing policy, strategy or intelligence. ### Why In-Place Monitoring? These buildings need to have complete assurance against eavesdropping and other cyber and electromagnetic threats. An occasional TSCM sweep does not usually provide the peace of mind required since it is easy for devices to be switched off or moved during a sweep and reactivated ahead of an important meeting. Hostile actors are then able to gain information to be used in a manner detrimental to the nation’s security or prosperity. In such a scenario the device may be long gone before the data breach is recognized, leaving investigators unable to identify the source or prevent further breaches. Either way, identifying the damage has already been done. RFeye Guard will autonomously monitor secure government buildings 24/7. This means a surveillance device planted immediately before a sensitive meeting will immediately generate an alarm with a location. Not only does this allow the meeting to be secured, but cross-referencing of RFeye Guard location data with CCTV or other data sources will often allow the responsible person to be identified. The state-of-the-art software and RF specifications of RFeye Guard mean that even sophisticated devices using advanced transmission techniques designed to evade detection can be identified and located. ## Commercial offices Companies win commercial business through their employees’ ability to talk, develop, design and plan. From board rooms to engineering labs, critical tactical and strategic decisions are made and discussed in great detail. This is why, in modern business, security has to be a key area of focus. We are all familiar with the need for network security to keep intrusions out, which is perhaps why so many security breaches take place inside the organization. ### Why In-Place Monitoring? With IP crime related to theft of trade secrets costing the US economy alone$180 billion a year, there is a growing need for organizations to protect themselves against state-sponsored and competitor-instigated industrial espionage.

In a busy work environment, the traditional method of carrying out TSCM sweeps on a periodic basis is not feasible. The level of activity around the office means that a sweep is only really valid for the time it takes place. It is far too easy for an employee to reactivate an electronic surveillance or data exfiltration device after the sweep team has left or, indeed, for the evening cleaners to place devices at the request of a competitor or foreign government. TSCM sweeps are also highly disruptive to work and will usually require equipment to be switched off.

RFeye Guard can monitor your facility or secure meeting room 24/7 and in real time to detect RF transmissions that may compromise office security. This system works autonomously in the background with an alert and location provided to security guards if/when a suspect device is detected. The system can be integrated with third-party security systems to provide an overall security picture. Often, this will allow RFeye Guard location data to be cross-referenced with other sources such as CCTV to identify the employees responsible for placing covert devices.

## Data centers

Data center operators trade in trust. The ability to maintain services and assure data continuity alongside security is essential. Owner-operated data centers need to deliver the same level of service and also consider security as a primary function. Internal data services are more likely to be used for IP or business critical data and processing. Reliance on centralized infrastructure is growing as cloud services and virtual desktops become the default computing medium, making security and continuity increasingly dependent on data center resilience.

### Why In-Place Monitoring?

Security breaches in data centers can have massive and far-reaching impact on data security and service provision. For this reason, they can have some of the strongest physical and cyber security measures in the world.

One of the easiest ways to prevent security breaches or even accidents, such as staff tripping over and pulling out a cable, is to restrict human access to the bare minimum. This usually means invasive TSCM sweeps are not an option. A system like RFeye Guard can be installed in a data center and left to operate autonomously, reporting back unusual RF activity to a remote security guard. Unusual RF activity may just be a malfunctioning component or could be a suspect transmission used for data exfiltration. Either way, a signal location can be provided, allowing further investigation.

The real-time autonomous monitoring of RFeye Guard provides an extra layer of security without introducing any new risk related to human access to the facility.

## Banking and financial institutions

Banks and other financial institutions are entrusted with a vast amount of consumer and business money and data. In the event of a security breach, the consequences for the affected institution will be loss of reputation and patronage in the best case. In the worst case, there could be financial liability into the millions of dollars. Even where data breaches are not related to negligent or malicious activities by employees, the organization can still be found liable if regulatory authorities find that best efforts have not been made to protect data. Comprehensive cyber, electromagnetic and physical security measures are essential to minimize risk.

### Why In-Place Monitoring?

Banks and financial institutions need a level of cyber and electromagnetic security that cannot be guaranteed by an occasional TSCM sweep. It is far too easy for a data exfiltration device to be placed or reactivated after a TSCM team has given the all clear and left.

RFeye Guard provides institutions with the 100% assurance they need enabling them to protect data, money and services to the extent their customers expect. The autonomy of the system makes it an easy way to increase security. Once a network of sensors (Nodes) is installed in a building, the system will monitor the RF space 24/7, providing an alert and location to security guards when a suspect device is detected. It can be readily integrated with other third-party security systems to form part of an overall security picture.

Guard can also be used to enforce mobile device bans on trading floors. Monitoring of all communications on trading floors is key in the prevention of misconduct such as insider trading. Since this monitoring can be circumvented if traders use their own mobile devices, some banks have begun to implement mobile bans. Employees are not always cooperative with such bans, either due to malicious activity or personal reluctance to be away from their phone. RFeye Guard will seamlessly detect mobile devices and their location in an office without the need to have intensive security measures such as searches and visually monitoring the trading floor.

## Critical National Infrastructure (CNI)

Infrastructure related to energy, transport, communications and public health is essential to a nation’s safety, prosperity and well-being, and this has increasingly made it a target for both physical and cyber attacks. Critical Infrastructure Protection (CIP) measures are vital to key assets such as nuclear reactors, water treatment plants and dams.

Protection from electromagnetic threats needs to fit seamlessly into the infrastructure environment alongside physical and cyber measures to ensure that operation is both smooth and secure.

### Why In-Place Monitoring?

The essential services provided by national infrastructure such as power plants, chemical facilities and drug manufacturing facilities need an extremely high level of security. Cyber and electromagnetic intrusion into such a facility can be one of the easiest ways to cause massive economic damage or even large-scale loss of life.

Using a covert device to gain remote access to the network infrastructure of a drug manufacturing facility, the industrial automation systems can be controlled to dangerously alter dosages. A data exfiltration attack on a nuclear power plant can be used to find out when nuclear materials are due to be moved and the security protocols in place. By definition, any attack on Critical National Infrastructure is likely to be disastrous.

RFeye Guard is a key component of protection for the Cyber and Electromagnetic environment in and around these facilities. The system will monitor the RF spectrum in real time, allowing potential threats to be located, removed and investigated.

However, these kinds of attacks designed to do immediate damage are not the only threats that CNI facilities face. RFeye Guard can also be used to prevent the use of eavesdropping devices related to industrial espionage as well as accidental RF interference to industrial automation systems.