Nationwide Suspicious Activity Reporting. Crime Stoppers USA Training Conference New Orleans September 2018

Similar documents
NSI. Suspicious Activity Reporting Line Officer Training

The National Network of Fusion Center: Where We Have Been and Where We are Going

Statement of Chief Richard Beary President of the International Association of Chiefs of Police

Nationwide Suspicious Activity Reporting (SAR) Initiative (NSI)

Critical Infrastructure Protection and Suspicious Activity Reporting. Texas Department of Public Safety Intelligence & Counterterrorism Division

NATIONAL INFORMATION SHARING STRATEGY

UNCLASSIFIED. September 24, In October 2007 the President issued his National Strategy for Information Sharing. This

Department of Homeland Security Updates

Good morning, Chairman Harman, Ranking Member Reichert, and Members of

Introduction 1. Purpose 1. Fire Service Role in Meeting Baseline Capabilities 1. Fusion Center Fire Service Integration 4

COUNTERING IMPROVISED EXPLOSIVE DEVICES

TERRORISM LIAISON OFFICER OUTREACH PROGRAM - (TLOOP)

Implementing the Administration's Critical Infrastructure and Cybersecurity Policy

The Office of Infrastructure Protection

Building Privacy into Cyber Threat Information Sharing Cyber Security Symposium Securing the Public Trust

NIEM in Action: Roadmap to Successful Standards- Based Information- Sharing

CYBER INCIDENT REPORTING GUIDANCE. Industry Reporting Arrangements for Incident Response

Louisiana - State Analytical & Fusion Exchange (LA-SAFE)

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE

National Policy and Guiding Principles

ISAO SO Product Outline

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017

THE WHITE HOUSE. Office of the Press Secretary. EMBARGOED UNTIL DELIVERY OF THE PRESIDENT'S February 12, 2013 STATE OF THE UNION ADDRESS

COUNTERING IMPROVISED EXPLOSIVE DEVICES

DHS Cybersecurity: Services for State and Local Officials. February 2017

GAO INFORMATION SHARING ENVIRONMENT

Legal, Ethical, and Professional Issues in Information Security

GAO. Testimony Before the Committee on Homeland Security and Governmental Affairs, U.S. Senate

EU policy on Network and Information Security & Critical Information Infrastructures Protection

TESTIMONY MAURITA J. BRYANT, ASSISTANT CHIEF FIRST NATIONAL VICE PRESIDENT NATIONAL ORGANIZATION OF BLACK LAW ENFORCEMENT EXECUTIVES, (NOBLE)

Testimony. Christopher Krebs Director Cybersecurity and Infrastructure Security Agency U.S. Department of Homeland Security FOR A HEARING ON

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

THE WHITE HOUSE. Office of the Press Secretary EXECUTIVE ORDER

Utilizing Terrorism Early Warning Groups to Meet the National Preparedness Goal. Ed Reed Matthew G. Devost Neal Pollard

Fusion Centers Information Sharing, Analysis and Coordination

THE WHITE HOUSE Office of the Press Secretary EXECUTIVE ORDER

Intelligence-Led Policing, Community Policing and the Prevention of Violent Extremism and Radicalization that lead to Terrorism

Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

National Preparedness System. Update for EMForum June 11, 2014

FBI Role in Overseas Investigations

The Office of Infrastructure Protection

Special Action Plan on Countermeasures to Cyber-terrorism of Critical Infrastructure (Provisional Translation)

Oregon Department of Justice

NATIONAL STRATEGY FOR INFORMATION SHARING. Successes and Challenges In Improving Terrorism-Related Information Sharing

PD 7: Homeland Security Presidential Directive 7: Critical Infrastructure Identification, Prioritization, and Protection

You ve been breached: Now What? Minnesota s Data Breach Preparation and Notification for Electronic Data

FACT SHEET SHIFTING FROM PROSECUTION TO PREVENTION, REDESIGNING THE JUSTICE DEPARTMENT TO PREVENT FUTURE ACTS OF TERRORISM

The Office of Infrastructure Protection

Introduction to the National Response Plan and National Incident Management System

Overview of the Federal Interagency Operational Plans

NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY

Resolution adopted by the General Assembly on 21 December [on the report of the Second Committee (A/64/422/Add.3)]

Introduction to HSIN Basics (HSIN 101)

PIPELINE SECURITY An Overview of TSA Programs

Water Information Sharing and Analysis Center

Cybersecurity for State and Local Law Enforcement: A Roadmap to Enhance Capabilities

S&T Stakeholders Conference

G7 Bar Associations and Councils

An Overview of DHS s Role and Missions. James McCament Chief of Legislative Affairs, USCIS

2017 SPRING INTERNSHIP PROGRAM OPPORTUNITY

2016 National Network of Fusion Centers Final Report

Private Sector Clearance Program (PSCP) Webinar

U.S. Department of Homeland Security Office of Cybersecurity & Communications

Implementing Executive Order and Presidential Policy Directive 21

The Beyond the Border Action Plan

The Office of Infrastructure Protection

Cellular Site Simulator Usage and Privacy

SECURITY & PRIVACY DOCUMENTATION

The Office of Infrastructure Protection

Cyber Security Strategy

MEDICAL DEVICE CYBERSECURITY: FDA APPROACH

The NIST Cybersecurity Framework

How Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner

FEMA Region III Cyber Security Program

Caribbean Cyber Security: Not Only Government s Responsibility

Emergency Support Function #2 Communications Annex INTRODUCTION. Purpose. Scope. ESF Coordinator: Support Agencies: Primary Agencies:

DRAFT of FORTHCOMING ARTICLE IN AFIO INTELLIGENCER. Law Enforcement Intelligence: Its Evolution and Scope Today. By Robert A.

Strategic and operational threat analysis at Europol's EC3

Navigation and Vessel Inspection Circular (NVIC) 05-17; Guidelines for Addressing

Question 1: What steps can organizations take to prevent incidents of cybercrime? Answer 1:

Global Wildlife Cybercrime Action Plan1

Draft Resolution for Committee Consideration and Recommendation

TSA/FTA Security and Emergency Management Action Items for Transit Agencies

The Office of Infrastructure Protection

PRESIDENT BARACK OBAMA, DECEMBER 2012 NATIONAL STRATEGY FOR INFORMATION SHARING AND SAFEGUARDING

STANDARD OPERATING PROCEDURE Critical Infrastructure Credentialing/Access Program Hurricane Season

POSTMARKET MANAGEMENT OF CYBERSECURITY IN MEDICAL DEVICES FINAL GUIDANCE MARCH 29, TH ANNUAL MEDICAL DEVICE QUALITY CONGRESS

Office of Infrastructure Protection Overview

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE

Terrorism Prevention. April 13, 2011 Michael J. McMullen Program Manager

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

The Office of Infrastructure Protection

SOC 3 for Security and Availability

Donor Countries Security. Date

International Law Enforcement Cooperation on Cybercrime investigations: the role of INTERPOL. Mr Olusola Oguntunde

MNsure Privacy Program Strategic Plan FY

RESOLUTION 130 (REV. BUSAN, 2014)

Privacy Code of Conduct on mhealth apps the role of soft-law in enhancing trust ehealth Week 2016

Food and Agriculture Sector Criticality Assessment

National Preparedness System (NPS) Kathleen Fox, Acting Assistant Administrator National Preparedness Directorate, FEMA April 27, 2015

Transcription:

Nationwide Suspicious Activity Reporting Crime Stoppers USA Training Conference New Orleans September 2018

2 NSI Project Partners

If You See Something, Say Something Campaign Overview Launched in 2010 Simple and effective program to raise public awareness of indicators of terrorism and terrorism-related crime Emphasizes the importance of reporting suspicious activity to the proper state and local law enforcement authorities 3

4 Fusion Centers

Role of Fusion Centers Receive threat information from the federal government Analyzes federal information in the context of local environment and disseminates that information to local, state, and tribal agencies Gathers tips, leads, and suspicious activity reports (SARs) from state, local and tribal agencies as well as the public Protects the civil liberties and privacy interests of citizens throughout the intelligence process Fusion Centers provide the federal government with critical state, local, and tribal information as well as subject matter expertise. 5

What is the NSI The Nationwide Suspicious Activity Reporting (SAR) Initiative (NSI) is a joint collaborative effort by the U.S. Department of Homeland Security, the Federal Bureau of Investigation, and state, local, tribal, and territorial law enforcement partners. The NSI is a standardized process including stakeholder outreach, privacy protections, training, and facilitation of technology for identifying and reporting suspicious activity in jurisdictions across the country and also serves as the unified focal point for sharing SAR information. 6

Nationwide SAR Initiative (NSI) Focuses on behavior Processes the information to identify terrorism-related SARs Links these SARs with information from across the nation Results in a national effort to detect, prevent, and disrupt terrorism-related activities - Using the framework of the ISE-SAR Functional Standard - Appropriately protecting privacy/civil rights/civil liberties 7

NSI Refresh Widening the aperture. Counterterrorism Mass Casualty Events and School Violence Transnational Organized Crime Cyber Security Counterintelligence Economic Security 8

ISE-SAR Functional Standard Version 1.5.5 9

NSI Process SAR Behaviors Vetting and Submission - Information submitted by law enforcement is reviewed by a trained analyst against the NSI Vetting Guidelines - Functional Standard-compliant information is either shared in the NSI SDR or reported in eguardian - Only the information determined by the submitting agency as shareable is available for search/view 10

Definitions of SAR and ISE SAR Suspicious Activity Report (SAR): Official documentation of observed behavior reasonably indicative of preoperational planning associated with terrorism or other criminal activity ISE-Suspicious Activity Report (ISE-SAR): An ISE-SAR is a SAR that has been determined, pursuant to a two-part process, to have a potential terrorism nexus (i.e., to be reasonably indicative of criminal activity associated with terrorism). ISE-SAR business, privacy, and civil liberties rules will serve as a unified process to support the reporting, tracking, processing, storage, and retrieval of terrorismrelated suspicious activity reports across the ISE - the term other criminal activity must refer to criminal activity associated with terrorism and must fall within the scope of the 16 terrorism pre-operational behaviors identified in the Functional Standard. 11

Reasonably Indicative Reasonably Indicative Operational Concept - Reasonably indicative is a concept for documenting and sharing a suspicious activity report that takes into account the circumstances in which that observation is made which creates in the mind of the reasonable observer, including a law enforcement officer, an articulable concern that the behavior may indicate preoperational planning associated with terrorism or other criminal activity. It also takes into account the training and experience of a reasonable law enforcement officer, in cases where an officer is the observer or documenter of the observed behavior reported to a law enforcement agency 12

13 Progression of Information Development

ISE-SAR Criteria Guidance Defined Criminal Activity and Potential Terrorist Nexus Activity - Breach/Attempted Intrusion - Misrepresentation - Theft/Loss/Diversion - Sabotage/Tampering/Vandalism - Cyberattack - Expressed or Implied Threat - Aviation Activity 14

ISE-SAR Criteria Guidance Potential Criminal or Non-Criminal Activity Requiring Additional Fact Information During Investigation - Eliciting Information - Testing or Probing of Security - Recruiting/Financing - Photography - Observation/Surveillance - Materials Acquisition/Storage - Acquisition of Expertise - Weapons Collection/Discovery - Sector-Specific Incident 15

Vetting Issues Each jurisdiction must follow its own policies, regulations, and/or laws regarding the initial timeline for vetting, follow-up reviews, and updates to SAR information Follow your fusion center s SAR standard operating procedure and agency privacy policy regarding the submission of SAR information that may not meet the Functional Standard Vetting is based on analyst/investigator training and experience and must be viewed in the context, facts, and circumstances of the incident 16

Vetting Issues Analysts or investigators who need additional information for SARs are encouraged to follow up with the submitting agency Not all information is reasonably indicative of terrorism or criminal activity - When the behavior describes activities that are not inherently criminal and may be constitutionally protected, the vetting agency should carefully assess the information and gather as much additional information as necessary to document facts and circumstances that clearly support documenting the information as an ISE-SAR 17

Submission Information submitted by law enforcement is reviewed by a trained analyst/investigator against the NSI ISE-SAR vetting guidance Context, facts, and circumstances should be used to interpret the behaviors Functional Standard-compliant information is either shared in the NSI SDR or reported in eguardian - Only the information determined by the submitting agency as shareable is available for search/view 18

Privacy Considerations Privacy, Civil Rights, and Civil Liberties Considerations for the Suspicious Activity Reporting (SAR) Vetting Process 20

P/CRCL Issues: How Do They Arise? Initial collection was illegal or inappropriate Poor data quality - Sharing of erroneous or otherwise deficient data may lead to denial of benefit or liberty Data used for purpose other than original purpose Mishandling/misuse of records Inappropriate storage, dissemination, and retention Data breach Lack of redress available to the individual 21

P/CRCL Issues: What Is the Harm? To individual - Personal harm (job, reputation) - Loss of benefits or liberties To agency - Limitation/loss of sources, methods, and information - Disciplinary action and job loss - Limitation/shutdown of operation and court action - Economic harm - Loss of public trust 22

P/CRCL Issues: What are the Solutions? Comprehensive privacy and civil liberties protection policies (e.g., fusion center privacy policies) Enhanced P/CRCL protections - Information systems - Technology Transparency and accountability Privacy Impact Assessments Community outreach Training, technical assistance, national standards 23

24 Training and Outreach Resources

Resources To view/download class information as well as intelligence resources Visit https://filecloud.iir.com/x/dhs2018 Password - 2018DHS NSI Public Web Site https://nsi.ncirc.gov 25

Questions Wesley Moy, Ph.D. nsiinformation@ncirc.gov 26

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback