My company wants me to explore in-house TSCM. What is your best advice?


TSCM has changed dramatically in the last 10-15 years. Yet, once in a while, I still hear from a client who wants to start an in-house electronic countermeasures department.

Seems a quaint notion today, but who can blame them? In-house efforts were once commonplace. In fact, we used to provide training, and specified instrumentation purchases, so my best advice remains unbiased.

Over these past decade or so the Technical Surveillance Countermeasures (TSCM) landscape changed.

Most organizations have phased out their in-house efforts. In-house TSCM is pretty much a dead issue now. There are several good reasons for this...

1. These are not your father's surveillance devices.
Eavesdropping and recording devices these days may be purchased in a wide variety of excellent covert disguises. A physical inspection by an amateur (even with training) will miss all but the most obvious surveillance items. Today, an in-house search is barely adequate even for a small company with a few spartan conference rooms. At a multinational corporate headquarters, who's executive floors are showplaces of technology, an in-house inspection is not just inadequate, it is negligent.


2. Human nature works against an in-house staff inspection.
Physical searching is work. It involves bending, stooping, looking under tables.

This is not to slight an otherwise excellent excellent security staff, but consider the reality...
- If you give someone more work, longer hours, they will want more money to do it. No money, no serious search.
- If you give someone the job of finding something they can't recognize even if they see it, they will start thinking "there is nothing to see, so why look."

You may get them to do it a few times, but it will fizzle out.


3. Unless a technician is active several days each week, the initial training will be forgotten.
Inspecting the same, limited environment is mind-numbing.

A few years ago, one of our clients called us in for "advanced" training. They had purchased equipment and initial training from a manufacturer 3-4 years prior. Turned out their spectrum analyzer was working at only 30% sensitivity... and they weren't aware they had a problem! "It always worked like this as far as I recall."


4. Executives are sensitive about their privacy.
On one hand executives want protection against electronic surveillance. On the other hand, they would be pleased if this could be accomplished without someone poking around their office... Especially, a lower-level, company employee who has a vested interest in, and understanding of, all the paperwork in their drawers.


5. Cost is no argument.
Cost-effectiveness of an in-house effort in the 21st Century is specious at best. Cost won't matter when you suffer a loss due to your ineffective in-house efforts. Every espionage loss is an expensive loss.

Spend the money. Buy real protection. It is cheap insurance.

Engaging a professional counterespionage consultant addresses all these issues and has additional benefits.

- Specialists know how to look, and what they are looking for.

- Their instrumentation is more current.

- Their searches are focused. They have no interest in company politics, and won't be there the next day to gossip with other employees. In fact, using an "out of town" firm further reduces the possibility of these complications.

- They are acclimated to being in executive offices, i.e. they don't play with the shelf toys, oggle the family pictures or make inappropriate comments about any apparent wealth.

- Most importantly, a professional team brings with them a wealth of field experience and knowledge that no part-time, in-house "tech" can possibly possess.

Putting it bluntly...
An in-house TSCM effort is a mental band-aid that doesn't adhere well. It can only make the security department look bad in the long run.

The in-house approach is no longer recommended.