Skip to main content
U.S. flag

An official website of the United States government

Here’s how you know

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

HTTPS

Secure .gov websites use HTTPS
A lock (LockA locked padlock) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Free Cyber ServicesSecure by design Secure Our WorldShields UpReport A Cyber Issue

Cybersecurity & Infrastructure Security Agency logo America’s Cyber Security Defense Agency National Coordinator For Critical Infrastructure Security and ResilienceCybersecurity & Infrastructure Security Agency logo America’s Cyber Security Defense Agency National Coordinator For Critical Infrastructure Security and Resilience
CISA Logo

Search

 

America's Cyber Defense Agency
 
  • Topics
    Cybersecurity Best Practices
    Cyber Threats and Advisories
    Critical Infrastructure Security and Resilience
    Election Security
    Emergency Communications
    Industrial Control Systems
    Information and Communications Technology Supply Chain Security
    Partnerships and Collaboration
    Physical Security
    Risk Management
    How can we help?
    GovernmentEducational InstitutionsIndustryState, Local, Tribal, and TerritorialIndividuals and FamiliesSmall and Medium BusinessesFind Help LocallyFaith-Based CommunityExecutivesHigh-Risk Communities
  • Spotlight
  • Resources & Tools
    All Resources & Tools
    Services
    Programs
    Resources
    Training
    Groups
  • News & Events
    News
    Events
    Cybersecurity Alerts & Advisories
    Directives
    Request a CISA Speaker
    Congressional Testimony
    CISA Conferences
    CISA Live!
  • Careers
    Benefits & Perks
    HireVue Applicant Reasonable Accommodations Process
    Hiring
    Resume & Application Tips
    Students & Recent Graduates
    Veteran and Military Spouses
  • About
    Divisions & Offices
    Regions
    Leadership
    Doing Business with CISA
    Site Links
    CISA GitHub
    CISA Central
    Contact Us
    Subscribe
    Transparency and Accountability
    Policies & Plans

Free Cyber ServicesSecure by design Secure Our WorldShields UpReport A Cyber Issue

Breadcrumb
  1. Home
  2. Resources & Tools
  3. Programs
  4. ChemLock
  5. ChemLock: Reporting Suspicious Activity and Security Incidents
Share:

ChemLock: Reporting Suspicious Activity and Security Incidents

Related topics:
Chemical Security, Critical Infrastructure Security and Resilience

As one part of a holistic chemical security plan, the ChemLock program encourages facilities with dangerous chemicals to establish a suspicious activity and security incident reporting process. A reporting process can not only aid facility personnel in recording key information so that details of a suspicious activity or security incident can be referred to at a later time, but also inform facility personnel to whom suspicious activity or other security incident should be reported.

Facilities are encouraged to use the information and resources found here as a guide to create their own template for reporting suspicious activity that can be disseminated to facility personnel and to assist them with assessing and exercising their reporting procedures.

Download the fact sheet below to get a suspicious reporting form template that your facility can consider using for your organization.

ChemLock: Reporting Suspicious Activity and Security Incidents Template(DOCX, 46.54 KB )

Reporting an Incident

If a significant security incident is detected while in progress, the facility should immediately call local law enforcement and emergency responders via 9-1-1. Similarly, if the event has concluded but an immediate response is still necessary, the facility should immediately call 9-1-1.

Once an incident has been detected and response measures in the facility's security plan have been initiated, the facility should use a nonemergency number to contact local first responders and other federal, state, and local law enforcement entities, as applicable. Facilities should also report cyber and physical security incidents to CISA Central at central@cisa.gov.

When reporting suspicious activity, remember to include who or what you saw, when you saw it, where it occurred, and why the behavior is suspicious.

CISA Central

What Is Suspicious Behavior?

Suspicious activity is any observed behavior that could indicate potential terrorism or terrorism-related crime.

  • Unusual items or situations (i.e., a vehicle is parked in an odd location, a package is left unattended, etc.).
  • Eliciting information (i.e., inquiries at a level beyond curiosity about a building’s purpose, operations, security procedures and/or personnel, shift changes, etc.).
  • Observation/surveillance (i.e., someone pays unusual attention to facilities or buildings beyond a casual or professional interest, etc.).
  • Inquiries for chemical purchases from unknown buyers (i.e., cash purchase, abnormal quantity, etc.).
  • Insider threat that could use their authorized access, wittingly or unwittingly, to do harm to the facility or company (i.e., theft of proprietary information or technology, damage to company facilities or systems, harm to other employees, etc.).
  • Unusual cyber activity or cyberattacks (i.e., phishing, virus, denial-of-service attack, worm, botnet, etc.).

Do you or your staff need chemical security training to help identify suspicious activity? The ChemLock program offers two no-cost trainings that are offered quarterly or you can request a training specifically for your facility or organization.

Request a ChemLock training for your facility

Additional Resources

Nationwide Suspicious Activity Reporting (SAR) Initiative (NSI)

This initiative provides law enforcement with another tool to help prevent terrorism and other related criminal activity by establishing a national capacity for gathering, documenting, processing, analyzing, and sharing SAR information.

Fusion Center Locations and Contact Information

State and major urban area fusion centers are owned and operated by state and local entities, and are designated by the governor of their state.

FBI Weapons of Mass Destruction (WMD) Directorate

WMD is the FBI's lead for coordinating the integration of FBI policy, investigations, intelligence, and preventive countermeasures related to WMD.

See Something, Say Something

"If You See Something, Say Something®" is a national campaign that raises public awareness of the signs of terrorism and terrorism-related crime, and how to report suspicious activity to state and local law enforcement.

Chemlock logo

ChemLock Security Plan

To help facilities use the ChemLock security goals to develop a security plan or evaluate an existing plan, CISA has a security plan guidance document and template that facilities can download and customize for their facility.

Learn more about the ChemLock Security Plan

Additional Chemical Security Considerations

Individuals conducted inventory audit at a warehouse

ChemLock: Chemical Product Stewardship

Facilities that ship dangerous chemicals should consider implementing a product stewardship program, including a “know-your-customer” program, inventory management, in-transit tracking of chemicals, shipment confirmation, and receipt confirmation, among others.
A "DO NOT CROSS" Police banner located at a crime scene

ChemLock: Chemical Security Considerations for No-Notice Events

Although no-notice events are unpredictable, facilities with dangerous chemicals can take precautions to prepare for and mitigate the impacts from a variety of no-notice events so that dangerous chemicals that can be weaponized remain secure.
Night shot outside a large factory

ChemLock: Chemical Security on a Budget

Everyone who interacts with dangerous chemicals has a role to play in taking action to prevent chemicals from being weaponized by terrorists. Learn more about some simple, effective, and cost-efficient actions to enhance a facility’s security posture.
Two individuals at a chemical facility looking at content on a clipboard

ChemLock: Conducting a Chemical Security Self-Assessment

Periodically reviewing and assessing the security measures in a facility’s security plan is a critical component in maintaining an effective security plan. Learn more about how to systematically review and assess a facility security plan.

Contact Information

For more information or questions, please email ChemLock@cisa.dhs.gov.

Return to top
  • Topics
  • Spotlight
  • Resources & Tools
  • News & Events
  • Careers
  • About
Cybersecurity & Infrastructure Security Agency
  • Facebook
  • X
  • LinkedIn
  • YouTube
  • Instagram
  • RSS
CISA Central 1-844-Say-CISA SayCISA@cisa.dhs.gov
DHS Seal
CISA.gov
An official website of the U.S. Department of Homeland Security
  • About CISA
  • Budget and Performance
  • DHS.gov
  • FOIA Requests
  • No FEAR Act
  • Office of Inspector General
  • Privacy Policy
  • Subscribe
  • The White House
  • USA.gov
  • Website Feedback