UPCOMING REPORT: The Need for Wireless Airspace Defense
Get early access
UPCOMING REPORT: The Need for Wireless Airspace Defense
Get early access
Safeguarding Classified National Security (CNSI) from the Threats Posed by Personal or Portable Electronic Devices Within SCIFs and SAPFs
Read moreStay ahead of sophisticated surveillance, eavesdropping, and data exfiltration attempts with an ever-evolving approach to TSCM on Bastille.
Technical surveillance countermeasures (TSCM) help keep government facilities and sensitive areas safe from data exfiltration and espionage attempts. Today, increasingly hard-to-detect wireless threats call for a new, supplemental approach—continuous TSCM on a unified platform for wireless airspace defense.
Technical Surveillance Countermeasures (TSCM) have been used for decades to protect sensitive information from electronic surveillance devices like hidden cameras, audio bugs, or GPS trackers. Alongside physical inspections, thermal imaging, wire tracing, and other traditional countermeasures, wireless threat detection solutions play a key role by using radio frequency (RF) detection to find surveillance devices that would otherwise go unnoticed.
Today, wireless surveillance and data exfiltration tactics are too sophisticated to be caught in a single sweep. Continuous TSCM ensures secure government, corporate, and temporary spaces like hotels and event venues are kept that way, monitoring for wireless devices and networks 24/7 and alerting security teams the moment a potential threat is detected.
There are many ways for bad actors to exfiltrate information from an organization. For example, covert transmitters can create voice or data channels that are difficult to detect. These devices commonly use wireless protocols at unmonitored frequencies. For data exfiltration, cellular protocols are the most prevalent example of an “out-of-band” network that can move large amounts of data. Organizations are finding it harder and harder to monitor the entire radio frequency spectrum of protocols and bands for anomalous and/or high volume exfiltration signatures.
Surveillance devices are becoming cheaper and easier to access. There are countless numbers of inexpensive bugs, pwn plugs, and listening devices that can be purchased over the counter and over the Internet. They can be installed, have their own computers, and have their own cellular backhaul prepaid chips.
These devices are not going over the wire, through normal security teams’ monitoring systems. Instead, the devices backhaul the data through unmonitored protocols.
Typically, when an organization needs to conduct a bug-sweep, they hire an outside firm to do a one-time, point-in-time sweep that is rendered obsolete once the firm leaves. This is not only costly and time consuming, but also very disruptive. Unfortunately, most corporations only use bug-sweeps once per quarter, or in close proximity to a ‘sensitive moment or event’, leaving themselves susceptible to attack.
A Continuous TSCM security solution should provide several key capabilities.
First, it must provide visibility into all of the wireless networks, traffic, and devices operating in your environment rather than only alert you of threats. This helps your organization understand when an anomaly occurs, enforce device policies, and stay compliant with cybersecurity standards like NIST.
Second, these solutions should inform you of the attack surface for each of these devices and offer best practices for minimizing it. This provides a comprehensive view of threats that could occur, not just those that already have.
Third, a continuous TSCM solution should alert your teams instantly on active wireless attacks via your existing SIEM systems, providing guidance on how to best mitigate an attack in action.
Finally, for a TSCM solution to be effective in today’s threat landscape, it must operate continuously—24/7 to catch out-of-hours transmission of data.
MORE SPECIFICALLY, A CONTINUOUS TSCM SOLUTIONS SHOULD:
Bastille’s patented sensing technology and AI device classification and location models integrate TSCM into a single wireless airspace defense platform. In addition to physical security sweeps and other standard practices, our 100% passive sensors detect threats continuously and discreetly.
Wireless listening devices that covertly capture audio.
Hidden cameras or microphones, tracking devices like Airtags and Tiles, and keyloggers.
Cellular devices with spyware or that are capable of exfiltrating data, voice, and video.
Bluetooth and Bluetooth Low-Energy (BLE) devices.
Data exfiltration tools like the O.MG Cable, Ninja Cable, Rubber Ducky, and Charger Bug.
Hidden cameras or consumer products like the Ray-Ban Meta Wayfarer glasses.
Alarm systems, motion detectors, and unconfigured controls with “Radio Ready” Consoles.
Industrial Control System jammers, blockers, and signal-interfering devices.
Rogue Wi-Fi hotspots and access points and nefarious devices like Wi-Fi pineapples.
Detecting wireless surveillance and data exfiltration attempts is a critical part of your cybersecurity strategy, but today’s wireless threats extend beyond this category. Bastille’s wireless airspace defense platform enables continuous technical surveillance countermeasures alongside a broader set of wireless analytics and risk detection, maintaining an audit-ready inventory of every wireless network and device that may pose a threat to your organization.
Detect and neutralize covert surveillance tools, like bugs and wireless eavesdropping devices.
Detect and locate cell phones and all unauthorized wireless devices as they are trying to access or operate within a classified location.
Engage in continuous, passive monitoring of a specific area for wireless signals and threats.
