Typically, TSCM practitioners do not have a store front operation, or rely on online marketing to connect with their client base. But having been in the TSCM industry since the mid-1990’s, MADPI GLOBAL experts know that the best means to connect with clients is through referrals from a trusted party such as through relationships with legal or corporate firms.

When engaging a TSCM practitioner this way, the client knows that the team has been qualified and has a proven track record in the delivery of reliable services.

All too often, we have met clients who had hired the services of “rain dancers” (wannabe sweep specialist) who wave antennas as they walk through a site with no training or experience, and a minimal investment in “magic boxes”. Those engaging in this type of business are charlatans and do nothing more than provide a false sense of security while bilking clients of their money.

Therefore, make sure that the experts you chose are qualified, experienced, and are highly educated in this domain.

The practitioners delivering TSCM services must constantly maintain awareness to emerging technology developments and the practices necessary to detect and defeat these new forms of compromise. Commercially available hardware designed to detect technical threat is often a few generations late to address these new threats, as is the scope of vendor led training programs.

It is important to note that equipment vendor training is delivered to mixed audiences and cannot include zero-day threat or classified information (including information on emerging threat). Accordingly, most vendor trained “experts” are trained to sweep for yesterday’s technology and are ill equipped to deliver effective services capable of addressing comprehensive risks.

There are very few qualified sweep teams available for contract work, and discerning between those who are actually qualified and equipped, and the paper tigers who believe a vendor’s training certificate is sufficient, are few and far between. It is for this reason that unless the client has the technical background to qualify the sweep team, that it is best to engage a team through those who have already certified the services of those they work with.

Consideration – Is the threat technical?

If you are considering contracting the services of a TSCM practitioner, you have serious concerns about the exposure of your confidential information. The factors which led you to believe your privacy is compromised is critical to determining where the compromise may exist, and the methods which will be used by the TSCM specialists to identify the breach. In many cases, the information which had been exposed may not have been conveyed via technical compromise, in which case the TSCM sweep will provide nothing more than peace of mind that technical threat is not a factor.

Triage – The most critical stage of a sweep

Before TSCM services are delivered it is important to discuss the factors which led the client to believe there is a presence of potential compromise. During this discussion the team lead is able to ascertain the scope of the threat and define and prioritize actions which will address these concerns effectively. Often during the triage stage, an experienced team will be able to optimize their approach to efficiently validate the concern and identify the threat.

This stage is also critical in establishing a level of complexity of the compromise implemented. If the matter is a domestic issue, it can be expected that any potential threat will have a threat level aligned to compromise which can be purchased online, whereas a situation of industrial espionage may involve more complex threat.

It is not just about the hardware

Many TSCM practitioners use the same integrated analysis hardware from the same vendor. Those who rely on this platform are delivering services on hardware which has been designed well over a decade ago and does not provide visibility to present day threat. Others use cobbled together Software Defined Radios (SDR) with laptop-based software. Although this approach appears to be promising on paper, the integration between the SDR and the laptop is too slow to deliver an effective analysis platform.

Understanding hardware design may be critical to hardware selection, but expertise and experience in the technologies used to collect and convey information over all signal paths, including optical and inaudible acoustics, is far more critical to the development of any competent team.

There is no magic box!! Many TSCM equipment vendors will lead their clients to believe that their technology can cover all forms of risk. This is factually incorrect, as most of these technologies will address some, or most of the forms of threat, while ignoring others. As an example, many devices will look for transmitting or recording technical threat, and only indicate the presence of digital transmission sources such including Bluetooth, DECT, or WIFI, without any analysis of these signals. This lack of visibility results in the TSCM practitioner assuming the signal to be classified as legitimate, without knowing where the signal is connected to, or whether it is being used to exfiltrate information.

TSCM is the art of analysing and auditing all modes of information conveyance and needs to be delivered by those who constantly maintain an understanding of these channels. No tool or technology can replace the technical competence required to deliver these services. In many cases, we have seen former law enforcement, or investigators with no technical or communications background spend more than $100,000 on equipment and training hoping to be able to deliver sweep services. Yet, despite this investment, and the false sense of experience, they fail to identify actual threat due to their reliance on the technology without full understanding of the threat complexity.

Our team is comprised of career technologists including professional government signals intelligence officers, mobile RF carrier engineers, security specialists, digital forensics specialists, data communications network specialists and packet level network analysts. Members of our team are involved in the analysis of zero-day threat technologies, where we document operational capabilities, and develop detection and defeat practices. We are dedicated to the identification and analysis of not only RF based threat, but also the detection of embedded technologies, whether active or inactive, or integrated into legitimate technology.

MADPI GLOBAL team goes well beyond the scope delivered by other teams as we are able to include visibility into digital network signals and validate whether local transmission sources are using adjacent networks to exfiltrate information off premises.