GOVERNMENT SOLUTIONS

Continuous Technical Surveillance Countermeasures (TSCM)

Stay ahead of sophisticated surveillance, eavesdropping, and data exfiltration attempts with an ever-evolving approach to TSCM on Bastille.

Technical surveillance countermeasures (TSCM) help keep government facilities and sensitive areas safe from data exfiltration and espionage attempts. Today, increasingly hard-to-detect wireless threats call for a new, supplemental approach—continuous TSCM on a unified platform for wireless airspace defense.

What are continuous technical surveillance countermeasures (TSCM)?

Technical Surveillance Countermeasures (TSCM) have been used for decades to protect sensitive information from electronic surveillance devices like hidden cameras, audio bugs, or GPS trackers. Alongside physical inspections, thermal imaging, wire tracing, and other traditional countermeasures, wireless threat detection solutions play a key role by using radio frequency (RF) detection to find surveillance devices that would otherwise go unnoticed.

Today, wireless surveillance and data exfiltration tactics are too sophisticated to be caught in a single sweep. Continuous TSCM ensures secure government, corporate, and temporary spaces like hotels and event venues are kept that way, monitoring for wireless devices and networks 24/7 and alerting security teams the moment a potential threat is detected.

The problem with traditional TSCM

There are many ways for bad actors to exfiltrate information from an organization. For example, covert transmitters can create voice or data channels that are difficult to detect. These devices commonly use wireless protocols at unmonitored frequencies. For data exfiltration, cellular protocols are the most prevalent example of an “out-of-band” network that can move large amounts of data. Organizations are finding it harder and harder to monitor the entire radio frequency spectrum of protocols and bands for anomalous and/or high volume exfiltration signatures.

Surveillance devices are becoming cheaper and easier to access. There are countless numbers of inexpensive bugs, pwn plugs, and listening devices that can be purchased over the counter and over the Internet. They can be installed, have their own computers, and have their own cellular backhaul prepaid chips. 

These devices are not going over the wire, through normal security teams’ monitoring systems. Instead, the devices backhaul the data through unmonitored protocols. 

Typically, when an organization needs to conduct a bug-sweep, they hire an outside firm to do a one-time, point-in-time sweep that is rendered obsolete once the firm leaves. This is not only costly and time consuming, but also very disruptive. Unfortunately, most corporations only use bug-sweeps once per quarter, or in close proximity to a ‘sensitive moment or event’, leaving themselves susceptible to attack.

What does a continuous TSCM solution do?

A Continuous TSCM security solution should provide several key capabilities.

First, it must provide visibility into all of the wireless networks, traffic, and devices operating in your environment rather than only alert you of threats. This helps your organization understand when an anomaly occurs, enforce device policies, and stay compliant with cybersecurity standards like NIST. 
Second, these solutions should inform you of the attack surface for each of these devices and offer best practices for minimizing it. This provides a comprehensive view of threats that could occur, not just those that already have. 

Third, a continuous TSCM solution should alert your teams instantly on active wireless attacks via your existing SIEM systems, providing guidance on how to best mitigate an attack in action.

Finally, for a TSCM solution to be effective in today’s threat landscape, it must operate continuously—24/7 to catch out-of-hours transmission of data.

MORE SPECIFICALLY, A CONTINUOUS TSCM SOLUTIONS SHOULD:

  • Detect all devices operating in the wireless spectrum, to include but not limited to, Wi-Fi, cellular, Bluetooth, and the hundreds of other protocols in the Internet of Things (IoT)
  • Detect current and future protocols without requiring hardware upgrades
  • Detect known and unknown emitters via observing energy patterns
  • Provide awareness of any wireless threats including active attacks and rogue networks
  • Detect data exfiltration via wireless devices
  • Detect vulnerable devices being installed
  • Detect anomalous wireless activity originating from the campus
  • Alert on a wireless attack surface introduced by the installation of new equipment
  • Detect rogue cell towers which can send signals into your facility

Technical surveillance countermeasures on the Bastille platform

Bastille’s patented sensing technology and AI device classification and location models integrate TSCM into a single wireless airspace defense platform. In addition to physical security sweeps and other standard practices, our 100% passive sensors detect threats continuously and discreetly.

Eavesdropping devices

Wireless listening devices that covertly capture audio.

Surveillance tools

Hidden cameras or microphones, tracking devices like Airtags and Tiles, and keyloggers.

Compromised cell phones

Cellular devices with spyware or that are capable of exfiltrating data, voice, and video.

Bluetooth threats

Bluetooth and Bluetooth Low-Energy (BLE) devices.

Data exfiltration devices

Data exfiltration tools like the O.MG Cable, Ninja Cable, Rubber Ducky, and Charger Bug.

Covert wearables

Hidden cameras or consumer products like the Ray-Ban Meta Wayfarer glasses.

Vulnerable wireless building and industrial  controls

Alarm systems, motion detectors, and unconfigured controls with “Radio Ready” Consoles.

Malicious OT/ICS devices

Industrial Control System jammers, blockers, and signal-interfering devices.

Wi-Fi-based threats

Rogue Wi-Fi hotspots and access points and nefarious devices like Wi-Fi pineapples.

Continuous TSCM: a key function of wireless airspace defense

Detecting wireless surveillance and data exfiltration attempts is a critical part of your cybersecurity strategy, but today’s wireless threats extend beyond this category. Bastille’s wireless airspace defense platform enables continuous technical surveillance countermeasures alongside a broader set of wireless analytics and risk detection, maintaining an audit-ready inventory of every wireless network and device that may pose a threat to your organization.

Technical Surveillance Countermeasures (TSCM)

Detect and neutralize covert surveillance tools, like bugs and wireless eavesdropping devices.

Wireless Intrusion Detection (WIDS)

Detect and locate cell phones and all unauthorized wireless devices as they are trying to access or operate within a classified location.

In-Place Monitoring System (IPMS)

Engage in continuous, passive monitoring of a specific area for wireless signals and threats.