Technical surveillance counter-measures

TSCM (technical surveillance counter-measures) is the original United States Federal government abbreviation denoting the process of bug-sweeping or electronic countersurveillance. It is related to ELINT, SIGINT and electronic countermeasures (ECM).

The United States Department of Defense defines a TSCM survey as a service provided by qualified personnel to detect the presence of technical surveillance devices and hazards and to identify technical security weaknesses that could aid in the conduct of a technical penetration of the surveyed facility. A TSCM survey will provide a professional evaluation of the facility's technical security posture and normally will consist of a thorough visual, electronic, and physical examination in and about the surveyed facility.

This definition is however lacking some of the technical scope involved. COMSEC (communications security), ITSEC (information technology security) and physical security are also a major part of the work in the modern environment. The advent of multimedia devices and remote control technologies allow huge scope for removal of massive amounts of data in very secure environments by the staff employed within, with or without their knowledge.

Radio frequencies
Most bugs transmit information, whether data, video, or voice, through the air by using radio waves. The standard counter-measure for bugs of this nature is to search for such an attack with a radio frequency (RF) receiver. Lab and even field-quality receivers are very expensive and a good, working knowledge of RF theory is needed to operate the equipment effectively. Counter-measures like burst transmission and spread spectrum make detection more difficult.

Devices that do not emit radio waves
Instead of transmitting conversations, bugs may record them. Bugs that do not emit radio waves are very difficult to detect, though there are a number of options for detecting such bugs.

Very sensitive equipment could be used to look for magnetic fields, or for the characteristic electrical noise emitted by the computerized technology in digital tape recorders; however, if the place being monitored has many computers, photocopiers, or other pieces of electrical equipment installed, it may become very difficult. Items such as audio recorders can be very difficult to detect using electronic equipment. Most of these items will be discovered through a physical search.

Another method is using very sensitive thermal cameras to detect residual heat of a bug, or power supply, that may be concealed in a wall or ceiling. The device is found by locating a hot spot the device generates that can be detected by the thermal camera.

Technology used
Technology most commonly used for a bug sweep includes but is not limited to:
 * Multimeters for general measurements of power supplies and device components.
 * Time-domain reflectometer (TDR) for testing the integrity of copper telephone lines and other communication cables.
 * Frequency scanner with a range of antennas and filters for checking the electromagnetic spectrum for signals that should not be there.
 * Oscilloscope for visualisation of signals.
 * Spectrum analyzer and vector signal analyzer for more advanced analysis of threatening and non threatening RF signals.
 * Nonlinear junction detector (NLJD) for detection of components associated with hidden eavesdropping devices.
 * Portable x-ray machine for checking the inside of objects and walls.
 * Computer security devices and tools for computer-related threats.
 * Tools for manual disassembling of objects and walls in order to visually check their content. This is the most important, most laborious, least glamorous and hence most neglected part of a check.
 * Thermal imaging helps find hot spots and areas higher in temperature than the ambient area temperature. Finds heat generated from active electronic components.
 * Flashlight one of the most important tools to have beside a ladder for providing a competent sweep.