The Technical Security Branch (TSB) of PDTG has over thirty (30+) years of experience in conducting TSCM related assignments around the globe. Through our experience, plus our extensive technical security research, the TSB has created a two (2) step process to identify and classify the various threat levels that our clients might face.
Note: It is extremely important to correctly identify the threat level in a timely manner either before or early in the TSCM assignment so that the correct equipment resources and personnel can be utilized at the correct time.
Our experience indicates that many of our clients already have had a feeling that private and confidential correspondence, conversations, communications and other forms of information are not as private as they would have expected them to be or they have suspicions that they may be the victim of covert electronic or other forms of surveillance. Without hard evidence, some compromised companies or individuals hesitate too long before contacting a reputable TSCM company. At this point the damage has been done and often the eavesdropper is long gone and little can be done to identify the true extent of the loss of critical business or personal information.
Step 1
First, to the best of your ability, assess if the threat of compromise is internal or external in nature.
Internal Threats
Internal threats can be electronic or non-electronic in nature and involve individuals, either employees or those somehow aligned with a targeted organization. All these individuals must be identified and assessed, including management personnel; cleaning staff; temporary administrative employees; disgruntled personnel (known or unknown); internal individuals involved in labour organizations or employees that may have issues relating to past, current, or future labor unrest; and all other individuals that work directly for or have regular unescorted access to the target facility.
External Threats
External threats can be electronic or non-electronic in nature and involves individuals who, by their very nature, are out to steal information, sabotage operations, or gain an unfair competitive advantage. In general, although not exclusively, these actors encompass business competitors, industrial spies and foreign governments, even those countries considered to be allies.
Caution and due diligence must be exercised to assess and verify all potential onsite individuals who may appear to be something that they are not including those who masquerade as contract personnel such as site security guards, service and maintenance staff, office equipment service personnel, telephone company installers, public utilities, etc.; repair crews; or government agencies (regulatory and other inspectors).
External threats also include electronic violations perpetrated by individuals offsite. These may go undetected if there are inadequate surveillance and security measures.
These external threats may sound like something that would only happen in fiction but our experience has proven that such skullduggery is only too real.
Step 2
Once the actual or probable internal or external threat level has been identified with reasonable certainty, the next step is for the TSB to analyze these threats in order to recommend an appropriate TSCM sweep plan in consultation with the client. Our expertise enables us to identify quickly the minimum equipment resources, personnel qualification and experience required, as well as the methods and techniques necessary for each specific sweep assignment or TSCM program. This knowledge is embodied in our unique five (5) level sweep service as outlined below. These levels directly correlate to the type and importance of information.
Threat Level I typically includes the protection of classified, protected and restricted information relating to such issues such as national security, government, military, embassy, and law enforcement related functions. There is also some cross over with corporate client’s engaged in certain sectors.
Threat Level II typically includes protected and proprietary information, relating to corporate (and other business environments), research and development, corporate security, travel planning, protective operations, and a variety of industrial, manufacturing and commercial related business functions.
Threat Level III typically includes confidential and sensitive information, relating to high profile sales and marketing, lawyers, media monitoring, disgruntled employees and internal matters and issues surrounding labor unions and their activities.
Threat Level IV typically includes confidential and private information, relating to cases involving criminal harassment and stalking scenarios, invasion of privacy issues, and investigative monitoring conducted by some private investigators and other interested parties.
Threat Level V typically includes private and personal information, generally involving or relating to domestic disputes and situations, targeted radio scanning and monitoring of cordless telephones, and other electronically assisted surveillance activities.