ChemLock: Reporting Suspicious Activity and Security Incidents
As one part of a holistic chemical security plan, the ChemLock program encourages facilities with dangerous chemicals to establish a suspicious activity and security incident reporting process. A reporting process can not only aid facility personnel in recording key information so that details of a suspicious activity or security incident can be referred to at a later time, but also inform facility personnel to whom suspicious activity or other security incident should be reported.
Facilities are encouraged to use the information and resources found here as a guide to create their own template for reporting suspicious activity that can be disseminated to facility personnel and to assist them with assessing and exercising their reporting procedures.
Download the fact sheet below to get a suspicious reporting form template that your facility can consider using for your organization.
Reporting an Incident
If a significant security incident is detected while in progress, the facility should immediately call local law enforcement and emergency responders via 9-1-1. Similarly, if the event has concluded but an immediate response is still necessary, the facility should immediately call 9-1-1.
Once an incident has been detected and response measures in the facility's security plan have been initiated, the facility should use a nonemergency number to contact local first responders and other federal, state, and local law enforcement entities, as applicable. Facilities should also report cyber and physical security incidents to CISA Central at central@cisa.gov.
When reporting suspicious activity, remember to include who or what you saw, when you saw it, where it occurred, and why the behavior is suspicious.
What Is Suspicious Behavior?
Suspicious activity is any observed behavior that could indicate potential terrorism or terrorism-related crime.
- Unusual items or situations (i.e., a vehicle is parked in an odd location, a package is left unattended, etc.).
- Eliciting information (i.e., inquiries at a level beyond curiosity about a building’s purpose, operations, security procedures and/or personnel, shift changes, etc.).
- Observation/surveillance (i.e., someone pays unusual attention to facilities or buildings beyond a casual or professional interest, etc.).
- Inquiries for chemical purchases from unknown buyers (i.e., cash purchase, abnormal quantity, etc.).
- Insider threat that could use their authorized access, wittingly or unwittingly, to do harm to the facility or company (i.e., theft of proprietary information or technology, damage to company facilities or systems, harm to other employees, etc.).
- Unusual cyber activity or cyberattacks (i.e., phishing, virus, denial-of-service attack, worm, botnet, etc.).
Do you or your staff need chemical security training to help identify suspicious activity? The ChemLock program offers two no-cost trainings that are offered quarterly or you can request a training specifically for your facility or organization.
Additional Resources
Nationwide Suspicious Activity Reporting (SAR) Initiative (NSI)
This initiative provides law enforcement with another tool to help prevent terrorism and other related criminal activity by establishing a national capacity for gathering, documenting, processing, analyzing, and sharing SAR information.
Fusion Center Locations and Contact Information
State and major urban area fusion centers are owned and operated by state and local entities, and are designated by the governor of their state.
FBI Weapons of Mass Destruction (WMD) Directorate
WMD is the FBI's lead for coordinating the integration of FBI policy, investigations, intelligence, and preventive countermeasures related to WMD.
See Something, Say Something
"If You See Something, Say Something®" is a national campaign that raises public awareness of the signs of terrorism and terrorism-related crime, and how to report suspicious activity to state and local law enforcement.
ChemLock Security Plan
To help facilities use the ChemLock security goals to develop a security plan or evaluate an existing plan, CISA has a security plan guidance document and template that facilities can download and customize for their facility.
Additional Chemical Security Considerations
ChemLock: Chemical Product Stewardship
ChemLock: Chemical Security Considerations for No-Notice Events
ChemLock: Chemical Security on a Budget
ChemLock: Conducting a Chemical Security Self-Assessment
Contact Information
For more information or questions, please email ChemLock@cisa.dhs.gov.
NOTE: Participation in any portion of CISA's ChemLock program does not replace any reporting or compliance requirements under CISA's Chemical Facility Anti-Terrorism Standards (CFATS) regulation (6 CFR part 27). Some ChemLock activities may fulfill CFATS requirements, depending on your specific security plan. Contact local CISA Chemical Security personnel or visit the CFATS webpage to learn more about CFATS regulatory requirements.