Typical sequence of actions when conducting TSCM inspections.

A typical sequence of actions when conducting TSCM inspections.

Typical Sequence of Actions Followed by Granite Island Group in Conducting TSCM Inspections

James M. Atkinson, Granite Island Group

(Slight variations may be made at the client’s request and in accordance with operational safety requirements)

• Client views GIG website and TSCM related materials
• Contact is made from outside the suspected bugged location (airport pay phone, etc.)
• Contact is not made from suspected phone, cordless phone, or cell phone
• Initial arrangement for secure face-to-face meeting (if necessary)
• Send GIG materials related to suspected target

• Initial and safe face-to-face meeting (if required)
• Initial meeting in a “clean” location away from the suspected site
• Discuss the client’s concerns and vulnerabilities
• Order TSCM services if appropriate
• Formulate an action plan in the event a listening device or security threat is found

• Review site drawings
• External radio monitoring (from 9 kHz to 40 GHz)
• External reconnaissance in relation to the object

• Threat assessment
• Physical security assessment
• Electronic security assessment
• Internal radio monitoring
• Audit of communication systems and the object
• Inventory of furniture, movable property and other items
• Assessment of structural elements (walls, ceilings, floors)
• Sketch of the suspected area and premises
• Identification of the sensitive area
• Identification of interception sites
• Identification of possible listening posts
• Development of a threat model
• Carried out during normal working hours (with appropriate cover

• Without noise, no activity that would reveal the work, nothing that could alert the person listening
• Automated detection of bugs and wireless microphones (from 3 kHz to 9 GHz)
• Initial VLF examination of all power supply, telcom, LAN and ventilation, air conditioning and heating system wires
• Initial detection of IR devices and laser control devices
• Detection of video cameras, voice recorders, devices with VLF radiation and ultrasonic devices
• Detection of other types of threats
• Initial assessment of physical security, locks, alarms, etc.
• At this stage, most of the bugs will be detected at the level of a private detective, a spy shop or amateur

• Just no noise and no unmasking activity, nothing that could alert the persons carrying out the wiretapping
• Soft music, “client on the phone”, curtains drawn
• Full Passive RF Sweep (20Hz to 110GHz+)
• Full Passive Light Sweep (300nm to 1710nm)
• This step will detect most PI, Spy Shop, and Advanced Hobbyist level bugs

• Minimal noise generated; should not disturb eavesdroppers
• VLF/RF Inspection — AC power (all electrical outlets)
• VLF/RF Monitoring — AC Power (all light switches/hardware)
• VLF/RF Monitoring — Air Conditioning, Ventilation, Heating
• VLF/RF Monitoring — Alarm and Access Control Sensors
• VLF/RF Monitoring — Fire Alarm and Suppression Sensors
• VLF/RF Monitoring — Other
• Assess all telephone lines and trace them back to the central office
• Document, log and examine all artifacts
• Examine all walls and artifacts with side lighting
• Initial examination of all baseboards, window frames and door jambs
• Initial examination of all wall installations (electrical, PBX, LAN)
• UV sweep (below 400nM/100THz)
• IR sweep (above 700nM/180THz)
• Light sweep (from 350nM to 750nM/90THz — 195THz)
• Sweep with a tuned special light source and filter (250nM — 1750nM/65THz — 455THz)
• Monitoring for changes/problems in the telephone network
• Monitoring for anomalies in PBX hardware and software
• Monitoring for changes/problems in voice mail
• Investigation of all computer and LAN connections
• Investigation of all laser printers and computer output devices
• At this stage, law enforcement and professional level bugs will be detected
• Typical threat level for most corporate offices

• Detection (chirp detection) of hidden microphones and other transducers
• IR, audio and ultrasonic jamming (on demand)
• Temporarily disabling listening devices
• Examination of all furniture (tables, chairs, pots, etc.)
• Opening ceilings and walls (shifting ceiling ties and panels
• Thermal control
• Control of openings and air conditioning, ventilation and heating systems
• Borescope examination of all electrical input and junction boxes
• Detailed examination of all lighting fixtures
• Inventory of all conductors, pipelines, wall nails, etc.
• Detailed search for electromagnetic energies (above 110 GHz)
• At this stage, professional eavesdropping devices will be detected
• typical threat level for Fortune 500 offices and law firms
• Testing and tracing all conductors using TDR/FEXT/NEXT
• Tracing telephone network wiring using TDR
• Tracing computer network wiring using TDR
• Tracing cable TV and closed-circuit television networks using TDR
• TDR tracing of AC power supply network (all electrical wiring)
• TDR tracing of AC power supply network (all electrical fittings/switches)
• TDR tracing of HVAC control circuits
• TDR tracing of security alarm and access control system sensors
• TDR tracing of fire alarm and extinguishing sensors/systems
• TDR tracing of other systems
• Assessing PBX, ESS and SN conversions if any
• Assessing voice mail systems
• Inspecting photocopiers
• Inspecting fax machines
• Certifying the security of PBX, alarm systems, HVAC systems, audio systems
• Assessing artifacts (e.g. books, furniture, computers, etc.)
• Inspecting cavities in walls, floors, ceilings
• Increasing physical inspection (every cubic centimeter)
• This stage identifies diplomatic, law enforcement, and intelligence level devices.
• Typical threat level for justice agencies, defense contractors, and aerospace firms

9. Special checks (used only when necessary)

• Non-linear detector tests — active and passive
• X-ray, radiographic, and fluorographic tests
• Magnetic Anomaly Survey

• Sealing and subsequent wiping of all cavities, wall boxes, artifacts, etc.
• Installation of IPM alarms and interacting security systems
• Installation of encryption devices
• Installation of locks, doors and hinges that provide a high degree of security
• Installation of physical security devices
• Training and coaching of client personnel

• Verbally reporting findings before leaving the site
• Submitting a written report (if necessary)
• Corrective actions
• Pursuit actions
• TSCM follow-up services

• Collecting documentation on the device or activity
• Notification to law enforcement agencies (if required)
• Forensic identification and analysis of the item
• Counter-control work
• Counter-intelligence work

• Analysis of all electromagnetic/radio frequency emissions in the range from 20Hz to 110GHz and above
• Active and passive examination of the light spectrum from 250nm to 1750nm
• Examination of all sockets, switches and lighting fixtures for VLF/HF products
• Examination of all PBX, LAN and WAN connections and equipment
• Auditing and monitoring of all computers for security anomalies
• Inspection of all copiers, fax machines and other display equipment
• Examination of all fiber optic connections and wires
• All telephone lines are inspected and tested back to the central office
• All locks, safes and physical security devices are assessed
• Most work is done with overlapping joints to ensure complete coverage

All TSCM services exceed the following standards:

Director of Central Intelligence, Physical Security Standards for Sensitive Information Facility (SCIF) Cameras (Directive 1/21), DCI, July 29, 1994.

Director of Central Intelligence, Technical Control Countermeasures (Directive 1/22), DCI, August 1984.

Director of Central Intelligence, Procedures Manual No. 1 Pursuant to DCI Directive — Requirements for Reporting and Measuring Engineering Control Intrusions, DCI, August 1984.

Director of Central Intelligence, Director of Central Intelligence, Procedures Manual No. 2, Pursuant to Directive of the Director of Central Intelligence — Requirements for Reporting and Taking Measurements in the Event of an Emergency,DCI, August 1984.

Director of Central Intelligence, Procedures Manual No. 3, Pursuant to Directive of the Director of Central Intelligence — Guide for Conducting Surveys to Counter Audio Surveillance,DCI, August 1984.

Defense Intelligence Agency, DIAM 50-3, Technical Security Standards for Establishing a SCIF

Defense Intelligence Agency, DIAM 50-4, Security of Dedicated Computer Operations

Defense Intelligence Agency, DIAM 50-5, Requirements for Contractor Administration of Dedicated Sensitive Information (SCI) Security, Volumes I and II

Department of Energy, DOE Technical Control Countermeasures Procedures Manual, DOE, April 1988

Department of Energy, DOE TSCM Instructions, DOE, April 1988