Suspicious activities are irregular or highly unusual behaviors that may be associated with pre-operational/preparatory surveillance, operational activities exploring or targeting a sector facility or system, or any possible violation of law or regulation that could compromise a sector facility or system, jeopardizing life or property.
What Owners and Operators Can Do
Suspicious incidents may actually constitute pre-operational activities and should be reported immediately.
- Maintain awareness of your environment
- Identify behaviors that are out of the ordinary
- Report the activity and include as much detail as possible
Types of Suspicious Activities
Suspicious activities may include:
- Bomb Threat - Any threat of a bomb attack on property or adjacent properties
- Elicitation - Requests for information via telephone, e-mail, or mail asking for:
- Technical data about the asset or its security system; or \
- Information on hours worked and the number of personnel on duty during any given hour
- Overflight - Airborne vehicles (small planes, helicopters, remotely controlled aircraft) that appear to be using a crossing pattern to survey the property or facility
- Surveillance - Person(s) intending to gather information about the facility, its operations, or protective measures through photography, videotaping, sketching, or use of vision-enhancing devices (e.g., binoculars)
- Test of Security - Testing of security systems, responses and reaction times at a facility, which also includes any attempts to test or penetrate physical security barriers or procedures; and attempts to acquire information, uniforms, badges, passes, or other security-related documents.
- Weapons Discovery - Discovery of weapons or a weapons cache on the property or adjacent properties
Examples of Suspicious Activities
- Showing unusual interest in a facility (e.g., observing through binoculars, taking notes, photography, drawing maps, or drawing structures of the facility
- Persons parking, standing, or loitering in the same area on multiple days with no reasonable explanation for doing so
- Persons not associated with the facility showing an increased interest in the surrounding area
About the Dams Sector Suspicious Activity Reporting Tool
The Suspicious Activity Report (SAR) tool provides Dams Sector partners with the ability to report and retrieve information pertaining to suspicious activities that may be associated with pre-operational/preparatory surveillance, activities exploring or targeting a critical infrastructure facility or system, or any possible violation of law or regulation that could compromise a facility or system and could jeopardize life or property. This online tool provides an extra opportunity for real-time situational awareness across the sector. It also allows stakeholders to better understand the implications of national incidents by examining a broad range of reports. These reviews help identify any need to implement additional protective measures.
This online reporting tool does not replace existing agency or organization reporting mechanisms. Rather, it enhances sector-wide reporting by providing a broader, horizontal approach to reporting suspicious activities. The tool enhances situational awareness among Dams Sector partners and provides intelligence for further analysis to components of various government agencies. Suspicious activities should also be reported to the Federal Bureau of Investigation and other appropriate law enforcement authorities as required.
Using the Suspicious Activity Reporting (SAR) Tool
The Dams Sector SAR tool is available via the HSIN-CI Dams Portal. Upon accessing the entry form, you will provide information about the observed suspicious activity.
The entry form is divided into two main components: “Background” and “Subject.” You will describe the facility, type of suspicious activities, and date/time of the incident in the background section. In the subject section, you will provide generic descriptions of the suspicious activity. These descriptions should contain sufficient data to conduct an analysis.
You must describe the suspicious activity and fill out the form as completely as possible. You can also attach supporting documentation to the report to allow the reader to better understand the incident.
To promote situational awareness, e-mails are automatically sent to a pre-determined list of Government Coordinating Council (GCC) and Sector Coordinating Council (SCC) members to inform them of the reported suspicious activities.
Reports submitted through the SAR tool will be available to appropriate sector stakeholders for further analysis and will be shared with the National Infrastructure Coordinating Center to ensure notification to appropriate authorities.
For additional information, please contact the Dams Sector-Specific Agency at email@example.com.