In-building enterprise RF monitoring

Some companies get boardrooms or other sensitive areas periodically “swept” for bugs or other surveillance devices, often using external specialists. The word evokes the physical “sweeping” of walls or objects for radio emissions from old-school “bugs”, typically using a handheld detector.  

For the most part, the objective is uncovering audio surveillance systems as a counterpart to cybersecurity for protection against online data exploits.  

Modern counter-surveillance technology is evolving to counteract more sophisticated and hard-to-detect bugs, including ones that use short-burst transmissions or hide their signals within or next to legitimate wireless systems. Such efforts are often described as TSCM (Technical Surveillance Countermeasures).  

Separately, many companies also use basic portable spectrum analyzers to plan and design Wi-Fi networks or, more recently, private 4G/5G installations. They can also detect sources of interference or rogue access points installed by bad actors. Security capabilities are also baked into some enterprise Wi-Fi systems for continual monitoring. These can also detect specific protocols or other signs that can signify wireless-related threats but generally only cover specific unlicensed bands. 

However, these areas are just the starting points for future spectrum monitoring. Many other wireless security and surveillance risks apply inside enterprise premises, especially those operating in the technology sector or other industries with deeply confidential information and valuable R&D, such as biotech or advanced engineering. 

There are three angles to consider here: 

• The need for ongoing RF monitoring rather than periodic sweeps
• Going beyond monitoring for voice surveillance to cover other threats
• Examining the possible inter-dependencies between TSCM and network security 

The need for ongoing RF monitoring 

Occasional TSCM sweeps are becoming insufficient for detecting modern wireless-related issues. Surveillance devices can use frequency-hopping or compress data into short bursts. Some may “hide” their signals in the noise floor or in / adjacent to other legitimate transmissions.  

This means there may be a need for more sophisticated and permanent in-building RF sensing systems. These are essentially scaled-down versions of the wide-area monitoring platforms already used by the military, regulatory authorities, and other government-related organizations.   

These are sometimes called IPMS (In-Place Monitoring Systems). Typically, these cover specific frequencies used for Wi-Fi or public mobile networks and span a huge range from 100Hz to 10’s of GHz. 

IPMS can provide what is essentially a digital twin of the in-building spectrum landscape – and, in particular, help track and analyze any anomalies compared to the normal baseline situation.  

As discussed below, this task will get harder over time as more legitimate wireless systems and frequency bands will be used, against which espionage-related signals will need to be identified.   

While the main focus will be on monitoring for radio sources in boardrooms, C-level offices, and perhaps protected and RF-screened rooms called Sensitive Compartmented Information Facilities (SCIFs), there may be a need for better RF awareness and security in other areas of the site as well. 

Beyond audio surveillance risks 

While the primary concern for surveillance still relates to voice conversations about sensitive topics conducted in meeting rooms, there may be other espionage risks that RF monitoring could also detect, which may occur in other areas of the site: 

• Audio information goes beyond spoken conversation. Microphones can capture machinery noises, vehicle signatures, or even identify individuals from gait or breathing patterns. 
  
  
• Video information is hugely valuable – most obviously for capturing screens or printed documents, but also for facial recognition or object detection. Covert cameras may potentially be installed throughout a site, although they are more likely to need large batteries or external power. 
  
  
• Low-power sensors can be used to exfiltrate important data signals, ranging from room occupancy levels to electromagnetic fields or gas concentrations. Wireless connectivity can be intermittent and work over long ranges.
  
  
• Meaning: The future will likely hold additional challenges. AI-enabled devices may be able to listen to audio or interpret ambient sensor data. They could deduce meaning or extract the essential elements collected before sending them in a short burst or even hidden in other wireless signals. 

There are also wireless-related risks that go beyond surveillance, which could also drive demand for permanent RF sensing:

• Interference with business-critical wireless: The growing range of wireless sources in factories or offices may impact critical systems. A smartphone with the hotspot function switched on, a neighboring site with a poorly configured private wireless system, or a delivery truck with a GPS jammer could cause huge issues. 
  
  Sensitive equipment. Various types of equipment are sensitive to RF signals. This expands beyond traditional areas of concern, like medical systems, to newer categories, such as quantum computers and GPUs used for AI processing. Interference effects can potentially lead to either data errors or, in some cases, outright malfunction. Traditional software error-correction protocols may be less capable of detecting problems arising from algorithmic effects or qubit de-coherence.
  
  
• Regulatory compliance: An ever-growing range of commercial wireless products operating in unfamiliar bands could give regulatory compliance risks and surveillance threats. With the rise in equipment intended for Private 5G, various types of 6GHz Wi-Fi, or other short-range wireless connectivity, there is a chance for unauthorized systems to be brought on-site. In some circumstances, these could result in regulatory enforcement actions. 

Inter-dependencies between TSCM and network security 

Historically, counter-surveillance and network security/operations have been very separate functions in enterprises. Yet, over time, these are likely to come closer together. There is a shared need for better real-time awareness of the RF environment as commercial wireless options expand in scope and importance and potentially become vectors for new forms of wireless espionage or sabotage. 

Importantly, it will become ever more difficult for TSCM teams to switch off all RF sources during sweeps as they become embedded in critical business systems or the fabric of the building itself. A much greater variety of system types and frequency bands will also be available off the shelf.  

 For instance, consider the growth of: 

• 6GHz Wi-Fi equipment, including low- and very low-power ratings. 

• Private 4G / 5G networks, using diverse new (and sometimes unusual) bands around the world, but often in the 3-5GHz range. 

• New off-the-shelf cellular IoT devices using technologies such as NB-IoT, LTE Cat-M, or 5G RedCap, which could be used for video or data surveillance. 

• Sub-1GHz systems for IoT, which can sometimes support basic voice or medium-rate data as well as low-power / long-life battery data transmission using systems such as LoRa and Wi-Fi HaLow. 
• A long-term shift towards more complex spectrum use by devices, either by frequency-hopping, or use of shared / dynamic spectrum bands with multiple tenants and users. 

All of these represent additional background RF usage, which could enable surveillance signals to hide covertly or be installed as independent systems that might not be picked up when watching for normal frequency bands.  

It will be important for TSCM teams to understand the changing commercial wireless landscape, use systems that can reduce the risks of false positives and -negatives, and work collaboratively with network operations and cybersecurity groups to understand complex threats around espionage, sabotage, hacking, or social engineering. 

Conclusion 

Wireless-related espionage risks are increasing, especially for organizations with sensitive discussions, highly confidential data, or undertaking cutting-edge R&D efforts. At the same time, other risks are bringing together the security domains of TSCM and network/IT security, as RF exploits can cause direct harm to the business and its various technical systems.  

Hostile surveillance via wireless means also extends beyond simple microphones and voice interception to other sources of data, such as smart-building and IoT sensor outputs. 

It is also likely that new network types - and their fast-evolving spectrum bands - will accelerate the risks, as new legitimate frequency use could cloak additional threats and broaden the supply of commercially available radios.  

As a result, it will be necessary to monitor and adjust the RF monitoring baseline for a given site on an ongoing basis, as there will be a much broader set of friendly wireless systems with frequent additions and changes. The radio landscape will become more dynamic, diverse, and much harder to switch off / neutralize during traditional bug-sweeps. 

This indicates a requirement for more permanent RF sensing and analytics for enterprises with sensitive data or facing espionage risks across a wide spectrum range. There is also likely to be a growing overlap – or perhaps convergence – between surveillance countermeasures and network / IT security. Although separate systems are likely to remain in place for now, coordination and mutual understanding will become increasingly critical.