Friday, October 10, 2008

Corporate TSCM - Bug Sweep Demand vs. Supply

The Australian Securities and Investments Commission (ASIC) released a request for tender (RFT) to source technical surveillance counter-measure (TSCM) services. ASIC hopes to find a company to sweep its offices and IT systems for spying devices, a task ASIC is mandated to do.

The problem with ASIC's RFT is that it wants the TSCM — a phrase coined by military describing scanning a site for spying devices — from a single company.

"For TSCM, which is the bug detection process, there are not enough qualified people in Australia with the right level of industry training or government experience to provide the service," Les Goldsmith, managing director of Australian counter-intelligence firm, ESD Australia told ZDNet.com.au.

Goldsmith said his company would not bid for the work due to the likely scale of it. However, he added, "I don't see for this contract they're going to find a single contractor that can do that scope of work."...

Goldsmith said that spying devices are found in around three out of every 10 inspections within Australia, with much higher rates in Asia, particularly in the government sector. (more)

Interesting statistic. Here in the US, the 35-year average I have seen (subjectively) is more like one in 20. (30% vs. 5%) This may be due to the already relatively high security posture of my client family. But, it doesn't matter. All it takes is one strategically located bug or wiretap to cripple a corporation.

More interesting, however, is the one-stop-shopping problem. The solution I had to develop about 10-years ago, due to client demand, can be seen here.

Note to ASIC: Don't let defeatist news reports fool you. I personally know of several quality TSCM providers in Australia who would pool their resources and offer you one-stop shopping, like I do. Please feel free to contact me if you need any help in getting this ball rolling.
Kevin