The quest for illicit intelligence is a never-ending threat; from criminals trying to obtain information for financial gain, to sophisticated state-sponsored adversaries looking for political and military gains. While we do not always know what kind of threats are around us, a robust security policy encompassing physical security, cyber security and protection from electronic surveillance is needed to ensure secrets remain secret. The security of your building, your Sensitive Compartmented Information Facility (SCIF), your private conversations, your plans and secrets can all be compromised by surveillance devices; from small, inexpensive GSM/UMTS bugs to bespoke devices created by state actors.
Devices can be difficult to locate
Modern surveillance technologies are highly discreet, highly capable and very difficult to locate. Even the smallest device can pack a considerable amount of technology. These devices can be integrated into USB cables, light bulbs or any number of other common objects. When not in use, such a device can lie dormant. If connected to a mobile network, it may only need to “shake hands” momentarily once every 8 hours (network defined); at other times it remains RF invisible.
Without good OPSEC (Operational Security), undetected RF surveillance and data transmissions can allow an adversary to:
- Conduct ISR operations against the organization
- Collect and disclose classified information
- Hijack critical C2 signals that can cause loss of finances, assets, or even life
- Obtain money and financial data
- Compromise law enforcement and intelligence agency operations
The way to counter technical surveillance is to adopt a multi-layered approach to security.
The foundation of this needs to be vigorous physical security. Everything from security guards and access controls to the layout and construction of the building are important in preventing surveillance taking place. The next a level would be using a sweep team.
The traditional approach to detecting electronic surveillance devices is to use a hand-held bug sweeping tool. This tool is moved through a room to scan for the presence of a bug. They can be highly effective; however, bugs are often able to evade these sweeps only transmitting in short, infrequent bursts or frequency hopping, transmissions are “hidden” close to a high-power signal or simply because the bug has been placed after a sweep has been conducted. Sweeps are also time consuming and extremely disruptive, so much so that many organizations only carry them out periodically. TSCM Sweeps are an intrinsic element of technical security, and support both WIDS and IPMS strategies.
Wireless Intrusion Detection Systems (WIDS)
WIDS are cellphone, Wi-Fi, and Bluetooth monitoring systems. They can detect and identify the presence and sometimes locations, of a device such as a cellphone or a bug transmitting on the cellphone network. They are great for enforcing a no cellphone policy or black/whitelisting certain devices in the facility. While WIDS certainly have a valuable role to play in TSCM they often operate within a limited frequency range, typically up to 6GHz. To provide complete assurance against RF surveillance, there is a need for continuous, wideband TSCM in the form of an In-Place Monitoring System. This is where the RFeye Guard system comes in.
In-Place Monitoring System (IPMS)
RFeye Guard is a continuous TSCM In-Place Monitoring System (IPMS). It continuously monitors the RF environment 24 hours a day, 365 days a year to instantly detect suspect signals, up to 40GHz, in real time. Even if a device transmits at 2am for less than a second, RFeye Guard will be able to detect it.
Fast sweep speeds and exceptionally low noise figures allow the RFeye sensors to detect even the lowest-power and shortest-duration signals. These intelligent sensors, combined with the Guard software suite, operate autonomously and when a signal is detected, the RFeye Guard system can provide a real-time alert and location to a security guard.
Secure facilities & SCIFs
When matters of state and national security are being discussed, secrets need to remain secret. Often, these discussions will take place in a Sensitive Compartmented Information Facility (SCIF). A SCIF is an enclosed area (could be a room or an entire building) that is designed to protect occupants from surveillance. They are acoustically and electronically shielded and often guarded. Electronic devices such as phones or laptops are not permitted in these areas and have to be left outside.
Why In-Place Monitoring?
If a phone or surveillance device was taken into a SCIF, by accident or maliciously, a previous TSCM sweep wouldn’t be effective. Security breaches need to be picked up the instant they happen, not hours or days later. An in-place monitoring system like RFeye Guard would be able to detect any device transmitting inside the SCIF the instance it happened, regardless of whether the device was brought in before or during the meeting. With RFeye Guard the security team can be immediately alerted, and the exact room the security breach occurred pinpointed. The meeting could be stopped before conversations are potentially compromised.
Embassies and diplomatic buildings
In a world of constantly shifting social and political landscapes, it is important that nations have safe spaces to discuss ongoing events and policy both at home and outside home borders. Safe spaces must exist without fear of bugging, interception or eavesdropping technologies. These secure spaces exist within government buildings as well as embassies and other diplomatic buildings such as diplomatic residences. These environments need a solution to ensure those spaces are continually free from transmitting devices and assure absolute freedom to discuss ongoing policy, strategy or intelligence.
Why In-Place Monitoring?
These buildings need to have complete assurance against eavesdropping and other cyber and electromagnetic threats. An occasional TSCM sweep does not usually provide the peace of mind required since it is easy for devices to be switched off or moved during a sweep and reactivated ahead of an important meeting. Hostile actors are then able to gain information to be used in a manner detrimental to the nation’s security or prosperity. In such a scenario the device may be long gone before the data breach is recognized, leaving investigators unable to identify the source or prevent further breaches. Either way, identifying the damage has already been done.
RFeye Guard will autonomously monitor secure government buildings 24/7. This means a surveillance device planted immediately before a sensitive meeting will immediately generate an alarm with a location. Not only does this allow the meeting to be secured, but cross-referencing of RFeye Guard location data with CCTV or other data sources will often allow the responsible person to be identified.
The state-of-the-art software and RF specifications of RFeye Guard mean that even sophisticated devices using advanced transmission techniques designed to evade detection can be identified and located.
Critical National Infrastructure (CNI)
Infrastructure related to energy, transport, communications and public health is essential to a nation’s safety, prosperity and well-being, and this has increasingly made it a target for both physical and cyber attacks. Critical Infrastructure Protection (CIP) measures are vital to key assets such as nuclear reactors, water treatment plants and dams.
Protection from electromagnetic threats needs to fit seamlessly into the infrastructure environment alongside physical and cyber measures to ensure that operation is both smooth and secure.
Why In-Place Monitoring?
The essential services provided by national infrastructure such as power plants, chemical facilities and drug manufacturing facilities need an extremely high level of security. Cyber and electromagnetic intrusion into such a facility can be one of the easiest ways to cause massive economic damage or even large-scale loss of life.
Using a covert device to gain remote access to the network infrastructure of a drug manufacturing facility, the industrial automation systems can be controlled to dangerously alter dosages. A data exfiltration attack on a nuclear power plant can be used to find out when nuclear materials are due to be moved and the security protocols in place. By definition, any attack on Critical National Infrastructure is likely to be disastrous.
RFeye Guard is a key component of protection for the Cyber and Electromagnetic environment in and around these facilities. The system will monitor the RF spectrum in real time, allowing potential threats to be located, removed and investigated.
However, these kinds of attacks designed to do immediate damage are not the only threats that CNI facilities face. RFeye Guard can also be used to prevent the use of eavesdropping devices related to industrial espionage as well as accidental RF interference to industrial automation systems.
Data centre operators trade in trust. The ability to maintain services and assure data continuity alongside security is essential. Owner-operated data centers need to deliver the same level of service and also consider security as a primary function. Internal data services are more likely to be used for IP or business critical data and processing. Reliance on centralized infrastructure is growing as cloud services and virtual desktops become the default computing medium, making security and continuity increasingly dependent on data center resilience.
Why In-Place Monitoring?
Security breaches in data centers can have massive and far-reaching impact on data security and service provision. For this reason, they can have some of the strongest physical and cyber security measures in the world.
One of the easiest ways to prevent security breaches or even accidents, such as staff tripping over and pulling out a cable, is to restrict human access to the bare minimum. This usually means invasive TSCM sweeps are not an option. A system like RFeye Guard can be installed in a data center and left to operate autonomously, reporting back unusual RF activity to a remote security guard. Unusual RF activity may just be a malfunctioning component or could be a suspect transmission used for data exfiltration. Either way, a signal location can be provided, allowing further investigation.
The real-time autonomous monitoring of RFeye Guard provides an extra layer of security without introducing any new risk related to human access to the facility.