An enlightening event
The TSCMi annual conference is a two day event bringing together TSCM consultants and practitioners with representation from across the world from the private and public sectors to share the latest information upon eavesdropping technology and the products and techniques designed to mitigate against the ever more sophisticated threat.
This year’s recent conference covered a wealth of subjects including the challenges of 5G, the view from the opposition and the vulnerabilities of that computer on wheels we all call a car. Most significantly this year a constant and emerging thread running through the event was evidence of an increased awareness by business and government of the threat to corporate and government assets from Technical surveillance and other forms of eavesdropping, and an aligned increase in investment to combat the threat. This is further supported by recent security press articles, particularly from the USA, support this viewpoint
To one who has been actively involved with technical security for many years an understanding of the continued and undiminished eavesdropping threat has been ever present. Conducting TSCM surveys for clients in conference centres and heavily populated business conurbations has frequently resulted in not just evidence of surveillance regarding clients, but also positive identification of active technical eavesdropping attacks upon neighbouring businesses and premises
So why has consideration of the eavesdropping threat been so low in the minds of those concerned with the protection of information assets up to now? And what has triggered this increased awareness amongst the wider business and government community?
Business reaction in recent Years
Cyber attacks and threats have been foremost in the mind of all in recent years particularly since it has impacted every level of the computerised world right into our homes. Previously weak protection methods have enabled those seeking our data to attack our systems from a safe distance, and it was assumed, with due reason, that this threat demanded the highest priority.
As a reaction to this our computers and data storage systems are now monitored by protective software, and larger systems will have staffed security centres constantly alert to intrusion or security operating procedure breaches. National laws require those who lose data in such ways to “own up”. This data loss will impact the business; with possible legal penalties and loss of business reputation as well as the direct financial value of the lost data. This clear understanding has motivated business towards significant investment towards the protection of information from the “Cyber” threat.
When it comes to eavesdropping we have a rather different scenario. There is rarely any evidence that it is happening unless it is actively sought, hence the threat is little considered despite the massive market in technical eavesdropping devices openly available in the public domain.
A failure to consider the possibility of an eavesdropping threat is likely to result in a successful attack, if expedited, and confusion over the eventual impact of such an attack if successful. For example consider the loss of a contract bid – was it simply bad luck, or did the eventual winner employ covert techniques avoiding physical and cyber protection to undermine the competition?
Even if an eavesdropping attack has been detected, either by chance or following a TSCM inspection , it is unlikely to be reported into the public domain. The duty of a business is to its shareholders. If knowledge of an eavesdropping attack might knock millions off the company’s share value, does that company release that knowledge into the public domain if it doesn’t have to? Professional TSCM consultants, quite rightly, will react to the discovery of evidence of an eavesdropping attack by supporting their client’s wishes regarding disclosure of the event, and will guide their client as to choices of response to the find. In almost all cases it will be to keep the knowledge to as few people as possible.
Hence there has been little real data available to convince the business community of the real risk to business and people from eavesdropping, and little public awareness of the presence of the threat. And with the tangible evidence not there those holding the purse strings have been largely unwilling to release the funds necessary to meet the threat.
There are a number of related factors leading to an increased awareness of the threat. Significantly one factor is the clearer understanding of, and resulting diligently applied defensive measures against, the electronic and cyber threats to our digital information and communications. The application of encryption and other protective measures applied to computers and networks, together with a more mature and threat aware user community, has made information sought though these routes to be progressively riskier and less productive for those seeking information for malicious purpose.
However the drive to obtain advantage and profit through the acquisition of valuable information remains. Hence the eavesdropper is forced to seek alternative routes to acquire such assets, and the obvious focus is upon where the targeted information is necessarily free of the encryption and other electronic barriers that have been put in place to protect it. And these are focussed upon the points at which it needs to be said, heard or seen by a human being. Paper documents, screen displays, telephones, meetings and conferences are now the focus of attention of the eavesdropper, and not just in the work place: Those working from home or on the move in public transport and hotels can prove valuable targets, especially since there is likely to be less physical security to overcome and easier access to the proximity of the target, associated communications and computers.
The emergence of knowledge
Another Factor is the increased knowledge and availability, and enthusiastic development, of sophisticated technologies, with high eavesdropping potential, in the public domain. That which may previously have been in the world of secretive government agencies is now freely available for all, with a vast range of both hardware and software, pre compiled, for enthusiasts to play with – and those with malicious intent will be fully involved in applying this technology to their purpose.
Neither has the high end of the technical eavesdropping market been slow to respond. In addition to the vast, low priced, market in basic eavesdropping devices, increasingly sophisticated hardware and software is being actively distributed from a number of sources, and the high prices attached to these products reflect the investment in development as well as the demand.
Business and the Security Sector are beginning to recognise the eavesdropping threat and the risk to their business and financial well-being, and this is evidenced by the rise in investment in countermeasures development, research and technology, and the mitigation of the risk.
The TSCMi is focussed upon ensuring its members are kept up to date and able to meet the increasingly complex range of technologies applied against our businesses and our privacy. Last month’s conference was an eye-opener to many and our members will be taking on board the emerging threats as they serve their clients. It’s a changing world, and we must be ready to meet the change.