TSCM & Cyber TSCM –A Vital Part of Your Financial Institution’s Cyber Security Program
By J. D. LeaSure, President/CEO ComSec LLC
The cybersecurity programs of American businesses need to improve! Ask consumers and they’ll agree. With major data leaks by large retailers and financial institutions, most consumers have been impacted, either directly or indirectly. Regulators have noticed the frequency and severity of the breaches too, particularly their ultimate impact on our national security.
How can financial institutions improve their cybersecurity programs? Arm yourself with the knowledge you need to protect your organization, and implement an effective cybersecurity program. Helpful information follows:
Government & Regulatory Activity:
February 12, 2013: President Obama issued Executive Order 13636, “Improving Critical Infrastructure Cybersecurity.” The order calls for a partnership with the owners and operators of critical infrastructure to improve cybersecurity information sharing and collaborative development and implementation of risk-based standards.
February, 2014: The Department of Commerce’s National Institute of Standards and Technology (NIST) issued the “Framework for Improving Critical Infrastructure Cybersecurity”. The voluntary framework focuses on using business drivers to guide cybersecurity activities and calls on businesses to consider cybersecurity risks as part of the organization’s risk management processes.
Overview of NIST’s Framework:
The framework is composed of three parts: the Framework Core, the Framework Implementation Tiers, and the Framework Profiles. The framework can be used as a compliment to an organization’s existing cybersecurity process, or as a reference to establish a cybersecurity program if your organization has not already established one.
The Framework Core’s elements include the Identify, Protect, Detect, Respond, and Recover activities.
- Identify – Developing the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities.
- Protect – developing and implementing the appropriate safeguards to ensure delivery of critical infrastructure services.
- Detect – Developing and implementing the appropriate activities to identify the occurrence of a cybersecurity event.
- Respond – Developing and implementing the appropriate activities to take action regarding a detected cybersecurity event.
- Recover – Developing and implementing the appropriate activities to maintain plans for resilience and restoring any capabilities or services that were impaired due to a cybersecurity event.
Cybersecurity & Cyber Attack Defined:
According to NIST’s Glossary of Key Information Security Terms cyber security is defined as: “The ability to protect or defend the use of cyberspace from cyber attacks.” And, a cyber attack is defined as: “An attack, via cyberspace, targeting an enterprise’s use of cyberspace for the purpose of disrupting, disabling, destroying, or maliciously controlling a computing environment / infrastructure; or destroying the integrity of the data or stealing controlled information.”
Cyber attacks come in many forms, including those that are beyond the traditional expectations of the IT department. And, cyber attackers don’t just use traditional modes of attack. Their aim is to penetrate your cybersecurity defenses by any means necessary to capture your very valuable data. The successful cyber attacker is crafty, determined and often not very predictable. That’s why a comprehensive cybersecurity program must include measures to defend and protect data in ways the cyber attacker would not expect your organization to typically be prepared.
Importance of TSCM and Cyber TSCM:
Technical Surveillance Countermeasures (TSCM) is a systematic physical and electronic examination of a designated area by properly trained, qualified and equipped persons in an attempt to discover electronic eavesdropping devices, security hazards or security weaknesses. Cyber TSCM involves the same activity, but with a higher degree of expertise in discovering devices that are used to capture data and information traveling through cyberspace.
Use of technical surveillance devices to capture financial data is a routine occurrence. Take, for instance, a device that captures data over a mobile network. Or, a remotely activated GSM bug that funnels data from your network after hours. These types of devices cannot be detected by traditional IT protocols, yet they are credible threats to your cybersecurity infrastructure. TSCM and Cyber TSCM should be vital elements of your comprehensive cybersecurity program.
While NIST’s framework is voluntary at the moment, there is speculation that courts, regulators and consumers may hold businesses accountable for failure to comply with the framework. Failure to implement a thorough cybersecurity program can leave your financial institution vulnerable not only to attacks, but also position you on the losing side of a costly legal battle.
How can your financial institution reduce your risk? Be sure that your cybersecurity program includes TSCM and cyber TSCM! Don’t leave a gapping hole in your cybersecurity program by relying solely on IT security. Contact ComSec LLC to learn how our expert TSCM and Cyber TSCM services can help your financial institution better protect your valuable data.
J.D. LeaSure, CCISM, is the President/CEO of COMSEC LLC, a premier provider of Cyber TSCM, TSCM and Counterespionage Advisory Services to corporations, government and hi-profile individuals worldwide. Visit https://comsecllc.com for more information.
© 2014 ComSec LLC. All rights reserved
*Cyber TSCM ™ is a trade mark of ComSec LLC
© 2015 ComSec LLC