Debugging services and TSCM Inspection Process
TSCM Inspection Process
TSCM Inspection Process You may already know that you need to conduct a thorough examination of your company’s security. You may suspect that there is an information leak, or you may be worried about one in the future. The best way to thoroughly analyze your security status is with a TSCM (Technical Security Counter measures) inspection.
What is a TSCM (Technical Security Counter Measures) inspection?
As we detail on our website, a TSCM inspection is a type of bug sweep detection service. The aim is to detect spying or eavesdropping devices in office buildings, such as hidden cameras or microphones.To perform the service, TSCM investigators will visit your organization and comprehensively inspect every corner of your premises for malicious devices and recording equipment. Here’s a breakdown of what a TSCM inspection process may look like.
TSCM Inspection Process - Summary
- Pre-inspection discussion, evaluation and planning.
- Detailed physical examination of areas at risk.
- Technical inspection of the areas.
4. Information security survey to identify other vulnerabilities. - A post-inspection debriefing.
- A final written report documenting findings, recommendations and due diligence. The most commonly-used procedures and TSCM equipment are listed below. The specific procedures and instrumentation we use for your inspection are custom-crafted based upon your particular:
- concerns,
- location,
- security goals,
- and communications systems.
The search process is constructed so that tests overlap each other in effectiveness, thus automatically creating a double-check analysis strategy.
TSCM Inspection Process - Pre-Inspection
Before your TSCM Inspection, we discuss, in confidence:
- suspicious incidents you may have observed,
- your security concerns,
- and your goals for a successful resolution.
- During follow-up inspections we review interim information, and discuss the implementation of security recommendations made during previous inspections. Upon arrival an initial walk-through orientation of the areas being inspected provides us with information about: access control, building construction, room contents, distances between areas, locations of IT/telecom rooms, etc. All of this diagnostic information is used to plan our TSCM inspection strategy, and select the most effective test procedures to successfully resolve your concerns.
TSCM Inspection Process - Visual Examination
A thorough physical examination is conducted to discover electronic surveillance devices currently in place and any evidence of prior eavesdropping attempts. This phase of the TSCM inspection includes a detailed examination of furniture; fixtures; wiring; ventilation; computers, and all the small items within the area which can hide surveillance devices. Our TSCM physical inspections are enhanced using the latest TSCM equipment: hi-res CCTV, laboratory grade thermal imaging, advanced Non Linear Junction Detection (NLJD), additional tools, and manual inspection techniques. This is how we discover eavesdropping devices which do not use radio-frequency transmission. Examples include:
- miniature voice recorders,
- sound extraction via direct wiring,
- carrier current over power lines,
- transmissions using infrared light,
- ultrasonic and laser microphones,
- covert video spycams with internal SD cards,
- keystroke loggers,
- detection of malicious USB cables, and certification of authentic cables.
These eavesdropping devices may be secreted in hollow walls, behind false ceilings, in or on furniture, fixtures, and other common items that have a legitimate place in the room, such as: computers, power strips, radios and clocks.
TSCM Inspection Process - Technical Steps Detection of Non-Radiating Devices
Surveillance devices do not have to be transmitting, or even turned on, for us to discover them. The Non-Linear Junction Detection instrumentation we use can detect bugs operating in their standby mode, on timers, or even with dead batteries. This detection technology is similar to the shoplifting detectors used at retail store exits. Just the fact that the bug is using electronic components is enough to sound the alarm.
Radio Reconnaissance Spectrum Analysis® (RRSA)
Detection and demodulation of wireless surveillance (audio, video & data) is accomplished with the aid of government-level computerized spectrum analyzers.RRSA® detection is very sensitive. Even though only certain areas of a building are designated for TSCM inspection, surrounding areas also benefit from this particular test.
Optical Emissions Spectrum Analysis® (OESA)
Some electronic eavesdropping devices transmit intelligence by converting sound into infrared or laser light. This invisible light can be picked up optically from a distance and converted back into sound. (The average television remote control operates using the same principle.) Our instruments can detect this.
Concealed Space Examination
Spaces which cannot be directly viewed are optically examined using a flexible videoscope, similar to the one pictured on the right.
Thermal Emissions Spectrum Analysis® (TESA)
Minute amounts of heat are generated as electricity moves through a surveillance device’s circuitry. Our laboratory grade TESA® instrumentation allows us to detect active items. This technique can also see bugs hidden in antique furniture and other delicate items – without damaging them.In addition to the above procedures, we may employ some other specialized tests, based on your unique needs.
Internet of Things Exam
The Internet of Things (IoT) has introduced many not-so-obvious attack points into businesses. From printers to VoIP phones to AV presentation equipment, all are taken into consideration during the TSCM inspection process.
Hard-wired Communications Examination
- Visual inspection of the individual system components and connecting pathways.
- Frequency Domain Reflectometery (FDR) Analysis of the wiring paths.
- Carrier Current Analysis of the wiring paths.
- Audio Leakage Analysis.
- Electrical Characteristics Analysis.
- Advanced Communications Analyzer
- Wireless Communications Examination
- Wireless telephones.
- Wireless headsets, keyboard and mice.
- Wireless presenter’s microphones.
- Other wireless communications (Bluetooth, FM Analog, etc.)
Wireless LAN (Wi-Fi) Security and Compliance Audit
A Wi-Fi security and compliance audit is an essential element of our TSCM inspection process. It lets us detect WiFi-reliant audio and video covert surveillance, and rogue network intrusion devices, in addition to compliance issues. This inexpensively helps guard against eavesdropping, data siphoning and government penalties due to compliance lapses. Although a Wi-Fi inspection is part of our TSCM service, it may be ordered separately when Wi-Fi security and compliance are the sole concerns.
(obrazek poniżej zmień na coś podobnego, wykres odzwierciedlający podobnie statystyki)
Just one loophole…Hackers are in. Data is out. & “You are out of compliance.”
Tamper Detection
Government-grade security seals may be used if required to seal phones and other objects after inspection. Items previously inspected and sealed are reexamined by us to verify seal integrity. The seal numbers are recorded in our written report.Our security seals are custom-made especially for AMASSS. Between inspections, you should visually examine these seals yourself. A damaged or missing seal may indicate tampering. A missing seal may also indicate the object being sealed was replaced with a pre-bugged identical-looking item. Either condition is a suspicious incident which should be investigated further.
Acoustical Ducting Evaluation
This phase of the TSCM inspection evaluates the possibility of sound migration - a sometimes surprising cause of information loss. Pipes, air conditioning, open ceiling plenums, common walls/ceilings/floors can conduct sound in unexpected ways. Our recommendations will help you prevent this type of unnecessary information loss.
TSCM Inspection Process - Information Security Survey
As part of our inspection process, we observe general security efforts already in place, to assess appropriateness and current effectiveness. Items observed include: • CCTV, locks, alarms.
- Employee compliance with good information security practices.
- Access control.
- Security officer efficiency.
- Potential for abusing in-place technologies.
- Security policies (in place, or needed).
- General security and safety observations. Cost-effective recommendations for improvements, repairs, upgrades, and additions are made as necessary.
TSCM Inspection Process - The On-site AMASSS Debriefing
An immediate debriefing to discuss the results of our inspection, urgent security items, and future strategy are discussed at this time.
TSCM Inspection Process - The Written Report
Our written counterespionage report documents your security inspection, and due diligence. prerequisite for protection in court. Thank you for considering our services. If you have any questions, or would like to create an effective security strategy, just let us know.###AMASSS is an independent security consulting firm, providing eavesdropping detection and counterespionage services to business, government and at-risk individuals