The practitioners delivering TSCM services must constantly maintain awareness to emerging technology developments and the practices necessary to detect and defeat these new forms of compromise. Commercially available hardware designed to detect technical threat is often a few generations late to address these new threats, as is the scope of vendor led training programs.
It is important to note that equipment vendor training is delivered to mixed audiences and cannot include zero-day threat or classified information (including information on emerging threat). Accordingly, most vendor trained “experts” are trained to sweep for yesterday’s technology and are ill equipped to deliver effective services capable of addressing comprehensive risks.
There are very few qualified sweep teams available for contract work, and discerning between those who are actually qualified and equipped, and the paper tigers who believe a vendor’s training certificate is sufficient, are few and far between. It is for this reason that unless the client has the technical background to qualify the sweep team, that it is best to engage a team through those who have already certified the services of those they work with.
Consideration – Is the threat technical?
If you are considering contracting the services of a TSCM practitioner, you have serious concerns about the exposure of your confidential information. The factors which led you to believe your privacy is compromised is critical to determining where the compromise may exist, and the methods which will be used by the TSCM specialists to identify the breach. In many cases, the information which had been exposed may not have been conveyed via technical compromise, in which case the TSCM sweep will provide nothing more than peace of mind that technical threat is not a factor.
Triage – The most critical stage of a sweep
Before TSCM services are delivered it is important to discuss the factors which led the client to believe there is a presence of potential compromise. During this discussion the team lead is able to ascertain the scope of the threat and define and prioritize actions which will address these concerns effectively. Often during the triage stage, an experienced team will be able to optimize their approach to efficiently validate the concern and identify the threat.
This stage is also critical in establishing a level of complexity of the compromise implemented. If the matter is a domestic issue, it can be expected that any potential threat will have a threat level aligned to compromise which can be purchased online, whereas a situation of industrial espionage may involve more complex threat.
It is not just about the hardware
Many TSCM practitioners use the same integrated analysis hardware from the same vendor. Those who rely on this platform are delivering services on hardware which has been designed well over a decade ago and does not provide visibility to present day threat. Others use cobbled together Software Defined Radios (SDR) with laptop-based software. Although this approach appears to be promising on paper, the integration between the SDR and the laptop is too slow to deliver an effective analysis platform.
Understanding hardware design may be critical to hardware selection, but expertise and experience in the technologies used to collect and convey information over all signal paths, including optical and inaudible acoustics, is far more critical to the development of any competent team.