Bug Sweep Estimate Worksheet

Bug Sweep Estimate Worksheet
[How long will it take for a legitimate "Bug Sweep?]

Whenever possible, a client considering a "Bug Sweep" should engage a TSCM Specialist who can visit the facility to be inspected. This will allow for a realistic estimate and/or proposal to be prepared for future TSCM services. Additionally it will allow immediate security vulnerabilities to be discovered and corrected. Left uncorrected these issues could render a future bug sweep ineffective or useless. Such a consultation is referred to as a "Vulnerability Analysis".

In cases where it is not possible to arrange a Vulnerability Analysis consultation in advance, the following worksheet has been prepared as a rough guide. It can be used for estimating the requirements to perform a legitimate TSCM service (or "Bug Sweep") in a typical office or residential environment.

This worksheet is best used by first selecting the column that represents your threat (typically Moderate, or the center column), and then filling in the "Quantity Required" column where you count the number of phones, lights, etc.

Avoid using the "Low Threat" column as much as possible, as it is primarily for "Quick Check" sweeps and cases where the time and resources available for the sweep is extremely limited.

The "Moderate Threat column is most appropriate for typical corporate sweep work; however, in some situations the "Medium Threat" column (in blue) will be best.

The "Medium Threat" column (in pink) is most appropriate for publicly traded companies, firms involved in mergers and acquisitions, most lawyers, or businesses which have been the target of eavesdroppers in the past.

A "Medium Threat" level is also most appropriate for most law enforcement offices, judges, and other non-corporate professions where an eavesdropper could gain a great deal of useful intelligence helpful to their cause via covert eavesdropping.

It should be noted that a legitimate government sweep would start at a "Medium" level of Threat, and quickly go up into "High" and "Extreme" levels of Threat involving double and quadruple the time of a "Medium Threat" level sweep (and are not listed on this estimate sheet).

To obtain a realistic estimate you should have an entry in every row (except for those marked as optional). Then add up the column on the far right to obtain an approximate estimate of the time required for a legitimate sweep. You can then visit our "Terms and Conditions" page and get a rough idea as to how much it will cost for the sweep.

Since every sweep is a little different (and is unique to the clients location) the sweep has to be based on TIME. The time required for the sweep is used to estimate the fee, but not the other way around.

If at all possible try to provide some kind of floor plans with this estimate sheet. Usually a "Fire Evacuation" map sent via fax will work in a pinch, but a full set of blueprints send by courier would be ideal.

A more detailed and complicated version of this estimate sheet is available on request.

Granite Island Group

Estimate Worksheet for "Bug Sweep" Services
Please print this form out, fill out manually, and E-Mail it back to us.

Location or Client Name:
[Who is paying the bill?]

Location Street Address:
[Where are we going?]

Location City, State, and Zip:

Driving Directions:
[How do we get there?]

Parking Instructions:
[Where should we park?]

Ideal Time to Begin:
[When should we start?]

Contact Name:
[Who is bringing us in?]

Contact Position/Title:

Contact Phone Numbers:
[How do we make secure contact?]

(Alternate Contact Number)
(Cellular Phone)
(Pager Number)

Level of Urgency:

Why Do You Think a Bug Sweep is Needed?

What is the Goal of the Sweep?

What Are Your Plans If an Actual Bug is Found?

What Are Your Plans If a Vulnerability
or Weakness is Found During the Sweep?

Who Else Has Knowledge That You Are Considering
Having a "Bug Sweep" Performed?
[Phone Company, Private Investigators, Law Enforcement,
Executives, other Employees?]

Have You Had a "Bug Sweep" Performed in the Past?
[By whom, how long go, and what were the results?]

How Would You Like the Results Presented to You?
[Written Report, Oral Briefing, or Perhaps Both?]

How Often Are These Areas Serviced By The Cleaning Crew
[By Whom, How Often, What Times, Do They Have Their Own Key, etc?]

Are You Familiar With Our Terms and Conditions?
[located at http://www.tscm.com/howcost.html]

Do You Understand That You Must Be Extremely Discreet
[or, risk compromising the entire effort?]

Recommendations for Nearby Hotels
[Assuming that we may need an overnight stay]

Comments:

Segment

Quantity

Threat Level

Estimated Time
Sub Total

Low

Moderate

Medium

External RF Survey and Analysis

Also known as a "pre-sweep". This is normally performed at various distances ranging from 5, 1, and 1/4 miles away from the facility to be inspected and when possible is performed a day or more in advance.

The function of this segment is to detect eavesdropping devices that could be detected and monitored from outside of the facility, and to inventory friendly frequencies being used in the local area.

Normally there will be at least three of these external RF surveys performed in the area around the facility. In dense urban, research, or industrial areas five or more surveys may be required. When time or budgetary restrictions are a concern then only a single external RF survey will be conducted.

Normally this segment of the bug sweep is not at all intrusive.

1 Hour

4 Hours

8 Hours

Internal RF Survey and Analysis

This will be performed as the first segment of any TSCM inspection. May also be performed as "In Place Monitoring" when it is not possible to perform a full TSCM Inspection. TSCM services performed in dense urban environments will require at least twice as much time.

This is a very critical part of any TSCM service, tends to be extremely productive, and is an invaluable segment of any TSCM procedure.

Normally this segment of the bug sweep is not at all intrusive.

2 Hours

6 Hours

12 Hours

Number of Suspect Offices or Rooms

This is the total number of rooms which will be part of this TSCM Inspection.

Please list the names of the areas that will need to be checked and/or the title of the person in the office.

Room Name: _____________________

30 Minutes per room

1.5 Hours per room

2 Hours per room

Approximate Square Footage of Area to be Inspected.

Simply multiply the length by the width of each room, and then sum each of these together.

LL _______ x WW ________

5 Minutes per 100 sq ft

25 Minutes per 100 sq ft

30 Minutes per 100 sq ft

Number of Adjoining Offices of Rooms

Including all storage rooms, wiring closets, waiting rooms, hallways, copy rooms, file rooms, and related areas.

This may be estimated by taking the above "Number of Suspect Offices or Rooms" and multiplying by 2.5.

10 Minutes

30 Minutes

45 Minutes

Distance to Central Office (in miles)

This is the approximate distance between your facility and the telephone company's "Central Office" measured in miles.

May be estimated as one mile in urban areas, and five miles in suburban areas or industrial parks.

5 Minutes

45 Minutes

60 Minutes

Number of Suspect Phone Lines

Include all Dedicated Fax, Modem, Data and Central Office Telephone Lines.

Estimate as one line per 300 square foot of floor space in the entire facility (not just the area being inspected).

10 Minutes

30 Minutes

60 Minutes

Number of Suspect Phone Instruments

Does not include an evaluation of the station wiring (see next item).

Most executives will have at least two phones.

10 Minutes

45 Minutes

60 Minutes

Station Wiring and Cabling for Phones, LAN, or WAN.
[as per TSB-568B]

May be estimated as one outlet or "run" per 30 square foot of floor space in the area to be inspected.

15 Minutes

25 Minutes

45 Minutes

Number of IDF or Wiring Closets

Typically one per 5000 sq ft of space.

This does not include "massive" frame rooms with over 16 punch blocks or 800 cable pairs.

30 Minutes

2 Hours

4 Hours

Number of Switchboards or Operator Consoles

Usually there is one or two per building.

15 Minutes

1 Hour

1.5 Hours

Number of PBX Systems or Rooms

Usually there is one per building

This does not include "massive" switch, PBX, or frame rooms with over 16 punch blocks or 800 cable pairs.

30 Minutes

2 Hours

4 Hours

Number of Lighting Fixtures - Fluorescent

Typically one per 50 square foot of space to be inspected.

5 Minutes

15 Minutes

25 Minutes

Number of Lighting Fixtures - Incandescent

Include wall sconces, directional lighting, accent lighting, spotlights, etc.

2.5 Minutes

10 Minutes

15 Minutes

Number of Power Outlets

Count each jack, not each wall plate.

Typically at least two outlets per 8 feet of wall space.

3 Minutes

10 Minutes

15 Minutes

Number of Switches, Dimmers, or Related Lighting Control

Estimate as two per room to be inspected.

3 Minutes

15 Minutes

20 Minutes

Number of Thermostat or HVAC Controls

Estimate as one per room to be inspected.

5 Minutes

15 Minutes

30 Minutes

Number of Alarm Sensors

This includes door switches, PIR motion sensors, window breakage sensors, and related fire or intrusion alarm equipment in the areas to be inspected.

Estimate as one per room to be inspected.

10 Minutes

30 Minutes

60 Minutes

Number of Major Items of Furniture

Include each desk, chair, bookcase, table, file cabinet, etc.

Estimate as at least six items per room or six items per 50 sq ft of the total area to be inspected.

5 Minutes

30 Minutes

60 Minutes

Number of Suspect Artifacts

Include all clocks, smoke alarms, stereos, lighters, calculators, ashtrays, potted plants, exit signs, etc.

Estimate as at least 16 items per room or eight items per 50 sq ft of the total area to be inspected.

1 Minutes

5 Minutes

15 Minutes

Physical Security Evaluation

Time per 100 square feet based on the entire facility and not just the area being inspected.

1.2 Minutes per 100 sq ft

2 Minutes per 100 sq ft

3 Minutes per 100 sq ft

Number of Fax Machines

Only include fax machines physically located inside the area to be inspected, or machines which are suspect.

10 Minutes

2 Hours

2.5 Hours

Number of Copy Machines

Only include copy machines physically located inside the area to be inspected, or machines which are suspect.

15 Minutes

1 Hour

4 Hours

Number of Speaker Phones

Only include stand alone speaker phones that are not built inside another telephone. Such systems are common in conference areas and executive offices.

10 Minutes

45 Minutes

90 Minutes

Number of Video Phones (Hardware Only)

Basic Evaluation not involving software analysis.

90 Minutes

2 Hours

Number of Video Phones (Hardware and Software)

Comprehensive Evaluation with software analysis.

6 Hours

10 Hours

Number of Suspect Computers (optional)

Virus, Trojan Horse, and Related Software Threat Evaluation

2 Hours

3 Hours

Number of Suspect Computers (optional)

Hardware Threat Evaluation

2 Hours

3 Hours

Computer Network Evaluation (optional)

Limited passive traffic evaluation, per segment or port on switch or hub.

2 Hours

8 Hours

Computer Network Evaluation (optional)

Comprehensive probe and traffic evaluation, per segment or port on switch or hub.

4 Hours

6 Hours

Time Required in Days - SUBTOTAL
(Divide by 8-10 hours for a business day)
[refer to http://www.tscm.com/howcost.html]

Written Report (optional)

Typically 10% of total fee before expenses and travel time.

This include a typical "TSCM Survey Completion Report" with the results of the sweep.

= $

Vulnerabilities, Observations, and Action Items Report (optional)

There will be an additional $25.00 charge for each action item, vulnerability, or observation which requires mention, coverage, or documentation in a hardcopy report.

= $

Travel Time
[outside of the Boston area]

Hourly charge when facility is more then one hour of travel time away.

Remember that travel time is charged in both directions, but at 1/4th the hourly rate.

= $

Travel and Transportation Expenses
(Please Inquire)

= $

Per Diem Expenses

Typically $250-$300 per person, per day in New England, but may be more depending on area (include all travel and lay-over time).

= $

Estimated Fee Total

= $