Scheduled TSCM Inspections

Scheduled TSCM - Radio-Frequency Spectrum Analyzer Screen Shot

Radio-Frequency Spectrum Analyzer Screen Shot

Scheduled TSCM inspection sweeps are on-site inspections to discover electronic surveillance and espionage attacks.

Scheduled TSCM (Technical Surveillance Countermeasures) inspections are used by businesses to ensure their critical information and data remains protected. Scheduled TSCM inspections are one aspect of a holistic approach to TSCM management and can include a variety of sweep types using a vast array of TSCM technology to maintain your privacy and your competitive advantage. There are a number of advantages and benefits to performing scheduled TSCM sweeps at frequent intervals.

• Increased profitability.
• Intellectual property protection.
• An environment secure from electronic surveillance invasions.
• Advance warning of intelligence collection activities (spying).
• Double check the effectiveness of current security measures and practices.
• Document compliance with many privacy law requirements.
• Discovery of new information loopholes before they can be abused.
• Helps fulfill fiduciary responsibilities to stockholders.
• Helps fulfill due diligence requirements.
• Helps fulfill legal requirements for “Business Secret” status in court.
• Helps fulfill Wi-Fi network legal compliance:
— Sarbanes-Oxley Act — HIPAA — ISO 27001
— GLBA — PCI-DSS — Basel II Accord
— FISMA — DoD 8100.2 — EU – CRD

Scheduled TSCM Security Department Benefits

• Zero capital investment for expensive instrumentation.
• No need to attend expensive and time-consuming training schools.
• A specialist’s recommendations can fortify your own recommendations.
• No risk to your reputation.

Important points:

• Periodic inspections are now a standard business practice.
• They are usually conducted quarterly, or biannually.
• Our scheduled TSCM inspection will usually include an information security survey.

“Why should we have a TSCM inspection?”

Because electronic surveillance is at the core of many business problems.
• Business Espionage
• Competitive Intelligence
• Mysterious Leaks
• Personal Privacy (including spycams in expectation of privacy areas)
• Malignant Activism
• Internal Intrigue
• Strategy Spying
• Media Snooping
• Blackmail
• Revenge
• Eavesdropping Concerns
• Adverse Publicity

“What do scheduled TSCM inspections protect?”

• Sensitive Communications
• Boardroom Discussions
• Mergers & Acquisitions
• Delicate Negotiations
• Lawsuit Strategies
• Employee Safety
• Trade Secrets
• Personal Privacy
• Vulnerable Off-site Meetings
• Wireless Local Area Networks (WLANS)
• Executive Residences & Home Offices
• Executive transportation (vehicles, aircraft)

“What are the benefits of scheduled TSCM inspections?”

• Increased profitability.
• Intellectual property protection.
• An environment secure from long-term electronic surveillance invasions.
• Advance warning of intelligence collection activities (spying).
• Double check the effectiveness of current security measures and practices.
• Document compliance with many privacy law requirements.
• Discovery of new information loopholes before they can be used.
• Help fulfill legal the requirement for “Business Secret” status in court.
• Enhanced personal privacy and security.
• Improved employee moral.
• Wi-Fi Security and compliance with privacy laws.
• Increase employee respect for information security.
• Increase effectiveness of established security measures.
• Reduction of consequential losses, e.g. an information leak sparks a stockholder’s lawsuit, or… an activist releases wiretaps to damage good-will and sales.

“I agree, a TSCM inspection is a good idea. What’s the process?”

Plan a Strategy

Define your security experience, concerns, and goals.

Create a priority list of the locations requiring a detailed inspection. Even though some tests may cover the entire building, not every space requires a detailed inspection. Focusing attention on critical areas provides better results, and reduces costs.

Determine the proper frequency of follow-up scheduled TSCM inspections — everyone’s window-of-vulnerability is different. Most organizations find quarterly or biannual inspections suit their needs. Some use a mixture of both.

Schedule supplementary inspections, as required, for: off-site meetings, Board meetings, and situations where risks are elevated.

We will prepare a no-obligation written proposal for you based on the information you provide. If you decide to schedule us to inspect your location, here is how it works:

Your Scheduled TSCM Inspection

Together, we arrange a mutually convenient time to conduct your inspection. Our services are available any time, any day or night. If required, we handle all the travel arrangements. Simply pick a time and date and we will be there.

Upon arrival, we will both define and refine your concerns, goals and any late-breaking events. This is when we ask for you to give us an orientation tour of your facility where we will look for vulnerabilities you may have overlooked.

Each TSCM inspection unfolds differently. Information (visual, audio and data) can be transferred from sensitive areas in a variety of ways. There is no “one” test, technique, or gadget which will detect every method. we have developed custom protocols, aided by specialized instrumentation, which we modify to fit your explicit organization’s security needs.

Elements Common to Most TSCM Inspections

Radio Reconnaissance Spectrum Analysis™ – A search for illegal surveillance devices which transmit (audio, video or data) information via radio waves.

Thermal Emissions Spectrum Analysis™ – Detection of heat emitted by spycams, bugs and other electronic circuits. Heat signatures can be found even when the device are hidden in ceiling tiles, walls, or furniture.
Our Communications Systems Surveillance Analysis™ – a proprietary test method developed by Murray Associates – which identifies surveillance methods used to extract information from: telephones, faxes, computer networks, etc.

Communications Systems Inspection – In addition to inspecting the actual equipment (phones, speakerphones, faxes, video teleconferencing systems, etc.), wireless networks, LANs, and networked printers are also inspected. We also examine your wiring for taps and transmitters. 

Mapped Physical Inspection™ – Areas are systematically mapped for physical inspection. Each area is combed with several objectives in mind:

    • locate hidden surveillance devices;
    • locate evidence of prior installations;
    • note future surveillance vulnerabilities;
    • report on other security issues.

This is the most important phase of the inspection, and relies heavily on security knowledge, experience, and intelligence. Example: A clear thread seen in a drape or carpet may look normal. Our technical investigators may suspect a fiber optic microphone… and search further.

Non Linear Junction Detection – Areas are re-examined using non-destructive radar. This safe technique reveals semiconductor electronic components (transistors, diodes, etc.), the building blocks of electronic surveillance devices. Devices hidden in – or built into – furniture, ceiling tiles, and other objects can be identified with this technology… even if they are not active during the inspection!

“Will I receive a written report?”

Yes. Your written report will detail:
• locations inspected,
• findings,
• recommendations for remediation,
• non-electronic information security vulnerabilities seen – with recommendations,
• and explanations of our inspection methodology and instrumentation.

On most assignments, photographs and an Inspection Log are also included.Scheduled TSCM - CPP Certified Protection Professional (ASIS) blue seal

Your report is prepared by Kevin D. Murray, CPP, CISM, CFE, an independent and credentialed security consultant with over four decades of experience. His report is proof of your due diligence.

“Let’s schedule a TSCM inspection. What do I need to do?”

Engaging our services is easy. Call us from a “safe” phone. Tell us about your organization’s concerns and goals. We can help with suggestions and strategy development.

Complete our one-page TSCM worksheet. If possible, include a floor map which indicates the sensitive areas requiring inspection. 
Tip: Create a priority list of sensitive areas requiring inspection. Not every square foot will require a detailed inspection. The radio-frequency portion of our inspections will cover large areas surrounding your sensitive areas anyway.

We will send you an accurate written estimate – expenses included. Sign-off on our estimate and return a copy to us. Together we will decide upon a mutually convenient inspection date.

Have keys to locked areas (phone rooms, offices being inspected, contiguous areas, closets, etc.) Have a step ladder handy, if possible.

If this is an emergency TSCM inspection, please collect as much incident background information as you can for us, and…
• Do not discuss our services in, or call from suspect areas.
• Conduct your affairs normally.
• Do not reveal any suspicions you may have to others.
• Limit confidential conversations.
• Keep detailed notes about anything you feel is suspicious.
• Think ahead. If a device is found, what next? We can advise you on this.

“Do you need to see my building first?”

It is rarely necessary to inconvenience you – or tip our hand – with a preliminary visit. The Worksheet is all we need. A floor plan is is always helpful and appreciated.

“Could you give me just a rough idea of the cost?”

Fees generally range between $4,000 – $9,000 depending upon the complexity of the assignment. Travel expenses are only charged as incurred, and are estimated in advance for your approval. We will provide a detailed Proposal when you are ready.

“May I call you with additional questions?”

Please call us with your questions (800-635-0811 or +1-908-832-7900). We are here to help you.

Have a Question About TSCM?

If you have any questions about the TSCM services provided by Murray Associates, simply fill out the form below, or call us from a safe area and phone. If you think you are under active electronic surveillance, or believe you have discovered a bug or covert video camera, go to our Emergency TSCM page. The procedural checklist there will tell you exactly what you need to do next.