Suspicious Behaviors and Activities That Should Be Reported Include:
|
ELICITING INFORMATION
|
Questioning individuals at a level beyond mere curiosity about particular facets of a facility’s or building’s purpose, operations, security procedures, etc., that would arouse suspicion in a reasonable person.
|
|
TESTING OF SECURITY
|
Interactions with or challenges to installations, personnel, or systems that reveal physical personnel or cybersecurity capabilities.
|
|
RECRUITING
|
Building operations teams and contacts, personnel data, banking data, or travel data.
|
|
PHOTOGRAPHY
|
Taking pictures or video of facilities, buildings, or infrastructure in a manner that would arouse suspicion in a reasonable person. Examples include taking pictures or video of infrequently used access points, personnel performing security functions (patrols, badge/vehicle checking), security-related equipment (perimeter fencing, security cameras), etc. All reporting on photography should be done within the totality of the circumstances.
|
|
OBSERVATION / SURVEILLANCE
|
Demonstrating unusual interest in facilities, buildings, or infrastructure beyond mere casual or professional (e.g., engineers) interest such that a reasonable person would consider the activity suspicious. Examples include observation through binoculars, taking notes, attempting to measure distances, etc.
|
|
MATERIALS ACQUISITION / STORAGE
|
Acquisition of unusual quantities of precursor materials, such as cell phones, pagers, fuel, and timers, such that a reasonable person would suspect possible criminal activity.
|
|
AQUISITION OF EXPERTISE
|
Attempts to obtain or conduct training in security concepts (military weapons or tactics) or other unusual capabilities that would arouse suspicion in a reasonable person.
|
|
WEAPONS DISCOVERY
|
Discovery of unusual amounts of weapons or explosives that would arouse suspicion in a reasonable person.
|
|
SECTOR SPECIFIC INCIDENT
|
Actions associated with a characteristic of unique concern to specific sectors (such as the public health sector) with regard to their personnel, facilities, systems, or functions.
|
|
BREACH / ATTEMPTED INTRUSION
|
Unauthorized personnel attempting to enter or actually entering a restricted area or protected site. Impersonation of authorized personnel (e.g., police/security, janitor).
|
|
MISREPRESENTATION
|
Presenting false or misusing insignia, documents, and/or identification to misrepresent one’s affiliation to cover possible illicit activity.
|
|
THEFT / LOSS / DIVERSION
|
Stealing or diverting something associated with a facility/infrastructure (e.g., badges, uniforms, identification, emergency vehicles, technology, or documents [classified or unclassified] that are proprietary to the facility).
|
|
SABOTAGE / TAMPERING / VANDALISM
|
Damaging, manipulating, or defacing part of a facility/infrastructure or protected site.
|
|
CYBERATTACK
|
Compromising or attempting to compromise or disrupt an organization’s information technology infrastructure.
|
|
EXPRESSED OR IMPLIED THREAT
|
Communicating a spoken or written threat to damage or compromise a facility/infrastructure.
|
|
AVIATION ACTIVITY
|
Operation of an aircraft in a manner that reasonably may be interpreted as suspicious or posing a threat to people or property. May or may not be in violation of Federal Aviation Regulations.
|