A recent article by Kalev Leetaru, at Forbes.com, “When Cyber Security Meets Physical Security” discusses the threat that cyber breaches might pose to physical security and the protection of a principal or any valuable asset.
Both cyber and physical security are areas the public is somewhat familiar with. Security professionals, of course, should be taking both of them extremely seriously. But there is an important area in between where cyber and physical do not cover. That is where technical surveillance countermeasures, or TSCM, is needed.
Technical surveillance in many forms can lead to a breach of privacy, theft of data, loss of confidential information, as well as increasing threats to the personal safety of a CEO, executive, or other high ranking persons.
Leetaru writes of a potential threat:
…hackers could monitor all of the traffic cameras in the area to watch the head of state’s movements in realtime and monitor his or her schedule second by second. As he enters a building, the local CCTV cameras throughout that building could be used to surveil his movements and compile an intelligence list of everyone he meets with.
Technical surveillance, though, is not necessarily done by hackers on the computer network, so firewalls and cyber protection may not stop it. There may not be any apparent physical breach, so physical security may not catch it. This is especially true where insider threat is concerned, a disgruntled employee or other covert operative (such as an employee plant) may already have access to the space. The target area could also be an executive’s residence, where security protocols are typically much weaker.
Leetaru describes a hypothetical jewelry heist then continues:
Putting this all together, there is thankfully no record to date of a cyber attack targeting the physical infrastructure as part of an attack on a head of state or a sophisticated jewelry caper, but as the physical world increasingly becomes just a bunch of internet connected devices, we must start contemplating a future in which physical security becomes one with cyber security.
There may not be a record of a cyber attack targeting a principal through the physical infrastructure, but there are many examples of electronic eavesdropping, covert cameras, and other technical surveillance devices being used for crimes ranging from terrorist kidnapping to theft of confidential data worth millions of dollars.
Many new clients call us and say “I never thought that I would be asking for your services, but…”. Of course, we are always ready to provide immediate response. But our recommendation is to not wait until after an incident occurs, that may be too late. Schedule regular TSCM sweeps as part of all serious security plans.