1. Introduction

1.1 INTRODUCTION

The information contained in the Handbook is representative of wisdom and experience developed over the past 20 years and about 2 million sweeps and security surveys (OK, so maybe it has only been 200 or so a year-who's counting) and the experience passed on by the hundreds of Criminal Investigators, electronics and TSCM trained people I have had the privilege of working with in the past. Anyhow, after the initial learning phase of two or three years, little of an earthshaking nature has come to light, only unusual and unique variations on the basic themes.

TSCM, electronic countermeasures or "debugging" is just another weapon to be used in protecting information. Such capabilities are often available within the corporate security department, and usually consist of someone who has been assigned the additional function of performing the "sweeps". With the proper training and equipment, such a person can perform an adequate job. However, the one thing to keep in mind is that whenever you venture beyond your safe capabilities, call in outside assistance. It's gone' cost a whole lot less in the long run.

In looking at outside resources, don't hire a salesman; seek a professional. The salesman may be eminently qualified, but his ulterior motive is to sell you his product, be it software, hardware, equipment, etc. Look first at the independent individual or organization with no outside ties. Their services should be directed at the protection of your organizations personnel, property, product and information and may include anything generated during the course of normal business activities. If it's of potential value to your opponents and vulnerable to compromise, efforts should be taken to protect it. This information may consist of such items as

  • proposals, contracts and bids
  • negotiations with labor or unions
  • marketing strategies
  • customer/mailing lists
  • trade secrets
  • computer generated/stored information
  • personnel records
  • financial and legal department documentation


Even when properly performed, the odds of turning up a bug are about 1 in 25 or even 1 in 50.

Why? Because intentional installation of listening devices is generally considered a last option for gathering information.

Does that mean you are wasting your time and money in having a sweep performed? Yes and No.

If performed by properly trained and equipped persons, an unintentional or inadvertent information leak may be detected. The key phrase in the previous paragraph was "intentional installation". Unintentional avenues of information may include improperly installed telephones, intercoms, public address systems, security systems, etc., or lack of control of computer generated information through the lack of a password. these are the avenues a professional intelligence gatherer would look at first, after exhausting all the other avenues open such as compromising employees or support personnel, dumpster diving, attempting to hack into the computer system, etc.

On the other hand, if an improperly trained and equipped individual or organization performs a sweep looking only for bugs and taps, they're not going to find nothing.

In addition to the weaknesses mentioned above, those items most often identified by the TSCM Specialist are a lack of internal controls of documents or information, allowing access to potentially sensitive information by a multitude of persons not authorized access. These include maintenance, cleaning, security and administrative persons authorized to be in the office after working hours.

Additionally, many of the compromises are generally unintentional. As an example, someone responsible for delivering a document to the office of the President/CEO after working hours notices a report titled PROPRIETARY or CONFIDENTIAL (you get the picture). Human nature being what it is, the person scans the cover page and possibly leafs through it. You know what happens next; he or she tells a friend or relative and the snowball is out of control.

1.2 PURPOSE

The Handbook was intentionally kept as non-technical as possible, partly in response to the hundreds of times I've heard someone say" what did he say?", ask me what I was doing while performing a sweep, and partly because there's less chance for a goof-up on my part. (I'm a firm believer in the KISS Principle--Keep It Simple, Stupid). For those daring hearts desiring information of a more technical nature, enroll in an advance TSCM or electronics course.

On the other hand, the Handbook could be a valuable reference or resource when utilized in conjunction with a TSCM training course (which was the original intent).

1.3 DEFINITION OF TECHNICAL SURVEILLANCE COUNTERMEASURES (TSCM)

Simply defined, it is
  1. the systematic physical and electronic examination
  2. of a designated area
  3. by trained and qualified persons
  4. utilizing approved equipment
  5. and techniques
  6. in an effort to locate surreptitious listening devices, security hazards, or other means in which classified, sensitive or proprietary information could be intercepted or lost.

1.4 WHAT IS A TSCM EXPERT

  1. A person who can spell TSCM and is more than 100 miles from the office or
  2. A person who knows all there is to know about
    1. Radio and Electronics
    2. Investigations
    3. Interrogations
    4. Locks
    5. Alarms
    6. Physical Security
    7. Systems analysis
    8. Building constructions and codes/Carpentry
    9. Electricity
    10. Telephones/both conventional and the multitude of new electronic systems
    11. Cellular phones
    12. Threat Assessment
    13. Threat evaluation
    14. Computers
    15. Facsimile
    16. Video and related emanations
    17. Photography
    18. Access Control

1.5 WHO ARE THEY?

There are a number of individuals who are considered experts because of their knowledge about a particular aspect of the items listed above. These are generally government employees who have devoted their careers to learning everything they can about a particular aspect of TSCM. They're the one's contacted when something arises which cannot be explained by the specialist or technician in the field. On the other hand, I'm not aware of anyone who is an expert in the general sense. There's just too much for any one person to state they know it all. A better description would be TSCM Specialists or Technicians, especially if we are prepared to admit we don't know everything and are prepared to learn.
| NEXT |