Implementing TSCM Security Sweeps

The information below is provided to help businesses and corporations integrate TSCM sweeps into their information security programs. A more detailed version can be downloaded below.

Technical Surveillance Countermeasures, or TSCM, is also known as eavesdropping detection and electronic bug sweeps. It includes methods of defense against technical, electronic, and cyber surveillance used for corporate and industrial espionage and other unlawful or unethical activities.

Corporations should work to develop an atmosphere where proactive TSCM sweeps are an accepted part of security in the workplace, protecting information assets and protecting privacy.

We have developed a simple three part process in order to help our clients and their organizations better understand how to properly implement TSCM sweeps into their security programs. The process begins with a risk assessment to understand the threats and the value of what is at stake. Then based on the risks, establish appropriate schedules when sweeps should be needed. Finally, develop policies that help your organization improve information security and respond timely and efficiently when specific needs arise.

As with all aspects of security, performing a risk assessment is an important first step in order understand the need for TSCM inspections, as well as knowing how and where they should be applied. It involves reviewing your business operations, identifying locations where information is stored and discussed, and recognizing what activities may require additional protection due to their sensitive or confidential nature.

TSCM sweeps fall into three categories:

• Proactive and Recurring Sweeps
• Special Event Sweeps
• Incident Response Sweeps

Understanding each type of sweep will better enable organizations develop strategies and policies necessary to improve their privacy and security.

Proactive sweeps provide regular, ongoing security for information and communications. They are inspections performed on a regular basis throughout the year. Regular sweeps are highly effective not only in finding and eliminating active eavesdropping threats, but they also help to identify security vulnerabilities. Proactive inspections additionally provide a deterrent, as they help employees understand the importance of confidentiality and that security procedures and countermeasures are being put in place.

After determining the priority of the locations and areas discussed above, plan an appropriate schedule for recurring TSCM sweeps. The typical and recommended schedules are presented below.

1. Quarterly: A quarterly schedule is recommended for highly confidential, high priority, active spaces. Depending on your business activities, a more frequent schedule of sensitive areas may be desired.
2. Semi-annual: Semi-annual inspections may be adequate for less critical but sensitive areas that still have confidential meetings and discussions.
3. Annual: Annual inspections may be considered for areas that are perhaps a lower priority or are still sensitive but may be less active.

Special events may include confidential off-site or on-site meetings and conferences that require TSCM inspections. Consideration of information security and the need for TSCM inspections should be included from the beginning of the planning of all important meetings and programs. Such meetings may be held at venues that are less secure than the usual corporate facilities.

Typical events that require TSCM sweeps:

• Board Meetings
• Shareholder Meetings
• Mergers and Acquisitions Discussions
• Audit Committee Meetings
• Human Resources, Financial, and Legal Team Meetings
• Industry Events and Conferences
• Private Meetings

Security incidents as well as non security-related matters may require that electronic sweeps be performed promptly. Whenever suspicious incidents occur, standard security procedures should include consideration of whether TSCM inspections are appropriate. Could confidential information have been leaked, surveillance devices installed, or privacy breached in some way?

Security related incidents

• Break-ins or theft may be more serious than they initially appear. An apparent theft may have been a cover to hide the planting of eavesdropping devices.
• Contractors or other persons found in unauthorized areas may indicate that access control of confidential offices was breached.
• Sexual harassment incidents may require inspection for cameras or other surveillance devices.
• Discovery of an illicit device such as a camera in one location may necessitate that a professional inspection be performed of that area as well as other location.
• Reports of suspicious activity may need investigation. Many eavesdropping incidents are revealed because the perpetrator’s actions or comments raised suspicion in fellow employees.
• Cyber related incidents may involve electronic devices. Rogue access points and other misuse of technology often go undetected by typical network security measures. A professional TSCM team is equipped to conduct special tests including WiFi and VOIP inspections.
• All security incidents should be cause for concern if they allowed access to confidential areas or a breach of privacy.

Consider that the TSCM response to incidents like those above will be better implemented if proactive sweeps have been performed previously. Your TSCM team will already be familiar with the facility, and will be able to respond in a timely and efficient manner whenever incidents do occur. Records from previous sweeps, such as for known radio signals and unique network attributes, will allow a much more effective inspection after an incident has occurred.

Business Policy Development
Every company will have slightly different needs and requirements, but presented above are a number of considerations that you should be able to adapt to your situation. Policies and procedures should be established that clearly indicate when and where security sweeps should be performed. By understanding priorities and how your business conducts its activities, the appropriate TSCM response can be selected.

General Policy Practices
Employees as well as executives should be aware of the need for information security. They should also be encouraged to speak up if they suspect problems with security or privacy.

Clear policies will help employees recognize that the information they handle is considered confidential, and they should know who to contact if they suspect something improper may be going on. Many incidents of corporate eavesdropping are exposed due to another employee reporting a suspicious occurrence or conversation.

Department staff, such as legal, financial, human resources, and others, should know that electronic privacy sweeps are readily available any time they may suspect a concern.

It is essential to consult with a TSCM specialist when going through this process in order to provide a professional, independent perspective for your organization. Please contact us at any time for assistance with your privacy and information security needs.