Fortis’ TSCM Inspection (TSCMI) teams specialise in servicing clients who wish to safeguard and protect their privacy and / or intellectual property. Typically, this applies to size-able corporations, boardrooms, banks and high net worth individuals with valuable assets and invaluable information. However this service is available for anyone who wishes to safeguard their privacy.
Fortis provides an executive level of assurance for our clients, suited to any environment on the planet, providing you with sky-high protection.
Technical Surveillance Counter Measures
TECHNICAL SURVEILLANCE COUNTER MEASURES
Fortis provides a professional service with over 20 years of experience in sweep operations and information protection, and we equip our team with the finest specialist equipment, augmented by leading edge tools.
Bugs are now much smaller, more technologically advanced and more prevalent than ever. Modern eavesdropping devices are easily capable of fully capturing conversations, video footage and/or data remotely, and can even be activated via silent drones. This can leave businesses and individuals extremely exposed and vulnerable to being covertly monitored, and the victims of technical surveillance.
Eavesdropping can be achieved via a plethora of methods: the establishment of radio frequency (RF) audio microphone transmitters (aka ‘bugs’), the established technique of wire-tapping, IT network cables, telephones, “drop-in” recording boxes to electricity lines (AC & DC) and out of area laser microphones etc. This is also true for wireless communication types, such as mobile phones, and more frequently Internet WiFi & bluetooth.
COMPLETE COVERAGE CAPABILITY
The Fortis TSCMI team manages a detailed inventory of the latest technical equipment for use by the trained and experienced inspectors.
Whilst not an exhaustive list, this includes:
Purpose built spectrum processors, 2G, UMTS, 3G, LTE & 4G, detection, identification & location finding of cellular systems, telephone and line analyzer with built in Frequency Domain Reflectometers, RF, infrared, visible light & carrier current receivers, non-linear junction detectors, stimulated microphone detection systems, cable testers, UV and forensic lighting systems, covert camera detectors including wireless camera’s, WiFi sensors and thermal imaging systems.
The Fortis Approach:
Effective TSCM based defence is not a single product or a short-term response; it is a constantly adapting process, in the face of the rapid evolution of technical surveillance and information attacks. Fortis partner our clients through every aspect of this journey, building long term relationships based on trust, value and assured results.
After the scoping phase, the Fortis TSCMI team will deploy to customer locations worldwide, wherever our client’s electronic privacy is required and data is to be protected from the omnipresent threat of eavesdroppers.
The TSCMI team inspectors will work on the client site with minimal supervision and noise so as not to alert nefarious monitoring teams, and so not to disturb the established work environment which our client enjoys.
At Fortis, the TSCM inspection team is drafted from world-class and prestigious security and intelligence organisations and have experience of, and insight into, a vast myriad of complex surveillance issues. The TSCM inspection team fully understand and comprehend how businesses operate and the nature of the latest risks posed by any threat: from insiders, to a criminal network or a state sponsored attack.
The Fortis TSCM team comprises a founding member of the Technical Surveillance Counter Measures Institute (TSCMi), the premier authority on the subject.
Alongside this outstanding understanding of the TSCM space, our inspectors also keenly engage with the growing physical and electrical security community, being present at specialist TSCM conferences and actively leading the thinking within the TSCMi.
To ensure we adapt in the wake of new threats, our inspectors attend many tradeshows to identify what new threat has emerged to plague the marketplace, alongside their individual study and research. For every surveillance evolution, our team are observing how the TSCM operators and technology evolve, as we watch and learn from the leading figures on information security, to maintain the integrity of the Fortis TSCM inspections.
Through this investment, Fortis forms a bridge between the latest thinking and capabilities in the military, the intelligence community and the commercial world. This ensures our clients receive the right advice, comprehensive support, and access to innovative, state-of-the-art capabilities unseen prior in both private and public sector Enterprise domains.
FORTIS TSCM METHODOLOGY
The Fortis TSCM team leader is a founding member of the TSCM Institute, alongside our vast experience we have engaged with both industry peers and clients over many years. With this outstanding pedigree, Fortis has engineered a methodology which is both effective to counter-measures and efficient to the business or personal needs of the client. After the initial engagement with the customer to identify areas of concern the engagement moves on to the actual sweep itself.
A comprehensive and detailed radio spectrum search. This detects active radios such as GSM, video transmitters, WiFi and general RF.
An electronically enhanced search employing non-linear junction detectors. This ensures eavesdropping devices are located when they are in both an active and passive state.
Thermal imaging search with forensic light equipment. Inspects the structure of office furniture for integrated surveillance devices.
Searching for the presence of computer input devices in the absence of physical electrical eavesdropping devices, preventing the threat of man-in-the-middle attacks (aka an inside threat).
Physical and electronic structural inspection of telecommunications systems, their distribution points and sockets. This includes frame rooms and the main telephone intake room, which are key targets that enable attackers to scale the surveillance footprint and avoid simple counter surveillance measures.
Confirm clear all cable runs using a time-domain reflectometer and BT approved test equipment. Deploying discreet and auditable tamper evidence labels.
Reporting and debrief. A detailed technical threat assessment report that includes the results of both the technical and physical inspection, complete with our qualifies recommendations to improve your security posture, is delivered and presented back to the client, ensuring future security upon completion of the job.
Fortis’ clients are government agencies, NGOs, banks and financial institutions, major corporations and mid-tier small to medium enterprises. The Fortis TSCM professionals also advise individual private clients and families.
Delivering TSCM inspections of enterprise offices, exhibition spaces, hotels, vehicles, airplanes and superyachts.
FORTIS TSCM CLIENTS
OTHER FORTIS ISRM OFFERINGS
Fortis has built a suite of Information Security and Risk Management Services (ISRM) to allow organisations of any size or industry stay in control of their cyber security. By being able to identify security risks and detect vulnerabilities, companies are armed with the knowledge to more easily protect themselves, meet and respond to ongoing and changing cyber threats.
“Taking the vantage point of an attacker and attempting to gain access”
Fortis’ Penetration Testing services enable clients to identify, assess and prioritise vulnerabilities and security flaws across their applications & API’s, platforms and infrastructure.
Penetration testing will help to identify security vulnerabilities which might otherwise leave your company open to compromise. Fortis has a proven track record in finding such vulnerabilities in some of the most complex, and sophisticated IT environments. The majority of the testers Fortis employ work on red teaming engagements as well as penetration testing. This ensures clients receive the highest level of quality, with testers often recognising scenarios that a normal penetration tester wouldn’t have the experience to detect.
The Fortis penetration testing and red teaming group are extremely well certified, holding multiple certifications awarded by bodies such as CREST, Offensive Security and the Tiger Scheme. Fortis also complements this focused knowledge with its National Cyber Security Centre (NCSC) CHECK & Certified Cyber Professionals to provide a valuable wider viewpoint to penetration testing assurance.
“Where is your security risk in the context of business operations”
There is a new style of information security risk assessment which now includes socio-technical elements. This recognises and measures the interaction between people and technology in workplaces. Traditionally risk assessments haven’t included the people working on tech, which is a blind spot for any organisation not assessing the socio-technical component.
In order to effectively target security activities, it is important to understand the holistic risks to businesses. A cyber maturity model should include a modern risk assessment, called a cyber vulnerability risk assessment (CVRA). This offers an enterprise-wide risk assessment of the cyber security posture and awareness of your organisation and highlights key risk areas.
“Win and retain business, stand out from competitors”
The breadth of Fortis service portfolio enables it to offer a variety of risk management & consultancy support solutions:
from a simple one-off gap analysis against a specific standard such as ISO/IEC 27001 or NIST’s Cybersecurity Framework, through to complex multi standard integrated management systems projects.
Fortis prides itself in achieving a 100% success rate with its clients achieving UKAS Accredited Certification to ISO 27001, 9001, 14001 and many other management systems standards ‘first time, every time’.
Fortis will continue to work with your organisation beyond certification to support it with the ongoing maintenance of system. Fortis can do this by providing an innovative and pragmatic risk-based approach across the organisation, helping maintain legal obligations, drive down cost and increase profit.
“Identify what really happened”
Fortis offer a complete, digital forensic investigations package to establish and identify the cause and source of cyber incidents. These events are instigated by internal or external threat actors. These services are carried out by experienced and certified investigators who will utilise versatile and powerful software and technology solutions to undertake digital forensic investigations & data restoration services.