Wyche Innovation Centre,
Types of Technical Surveillance Counter Measure (TSCM) Services
Assure Technical explaining the different Types of TSCM services at the March 2014 Enterprise Security & Risk Management Conference in London.
Contact Us Today for a confidential discussion regarding your requirements
Okay. This slide covers the type of corporate TSCM searches there are, or what people may sell their services as.
People sell sweeps, surveys. Sweeps and surveys very reactive usually. ‘Oh, we think we might have a problem, oh, we got a board meeting coming up, we need to secure this area.’ That’s not something that people treat their IT security like or that physical security like. You know, if you think about building security, what security managers don’t say ‘it is looking a little bit rough this weekend, we might get some locks on the door’. Or, look at their IT security and think ‘well, we might have a firewall on Fridays and Saturdays’, yeah? So we need to look at it as a holistic part of information assurance.
Corporate espionage threat briefs – Again, previously when I talked about people’s perceptions, people’s perception of threat in the Technical Surveillance world. Buyers of a service aren’t in the correct position to quality assure what they require and quality assure the service that they are buying in unless they understand the threat and the vulnerability. Therefore, the first stage of any assurance in Technical Surveillance Counter Measures is to understand the threat and the Corporate espionage threat brief really is the way to start that process.
Training – again – I know a lot of companies and there’s probably a lot here who have their own in-house teams. We need to look at how those teams are managed – are they doing it every day? Yeah? What kind of training have their received? It’s the training that’s required as an ongoing process. And what quality assurance should we be laying across that training to ensure we mitigate the threat. Not just the threats from yesterday and today, but the emerging threats.
Secured meetings – How many people in the room, I won’t ask for a show of hands, how many people in the room have meetings outside of their secure areas? How many people remove sensitive information, willingly from that secure environment out to nice location like hotel or something like that and then carry on the process of storing, creating, or communicating that valuable information?
A bit like today. If I look at today, I’m wearing the radio mic. That radio mic is analogue. Therefore anybody from outside of here can quite happily receive that on something that bought from Maplin, eBay, something like that. Even the small bits of information, that could be useful, all intelligence as a value. So process again around securing meetings. Making sure that meetings at external areas where communication happens is covered.
What range of equipment is available and what’s required to do a survey? I can tell you now, if anybody that talked to me for half an hour 121 would realise that what you see in the movies just isn’t true. We have, as a team, invested initially £250,000 in equipment to survey for all known threats.
Threat changes day by day, week by week, year by year. We have to re-invest another £75,000 a year to keep up with that threat. The equipment that we purchase can’t be purchased on eBay or Maplin. A lot of it is controlled equipment.