ChemLock: Reporting Suspicious Activity and Security Incidents

Related topics:
Chemical Security, Critical Infrastructure Security and Resilience

As one part of a holistic chemical security plan, the ChemLock program encourages facilities with dangerous chemicals to establish a suspicious activity and security incident reporting process. A reporting process can not only aid facility personnel in recording key information so that details of a suspicious activity or security incident can be referred to at a later time, but also inform facility personnel to whom suspicious activity or other security incident should be reported.

Facilities are encouraged to use the information and resources found here as a guide to create their own template for reporting suspicious activity that can be disseminated to facility personnel and to assist them with assessing and exercising their reporting procedures.

Download the fact sheet below to get a suspicious reporting form template that your facility can consider using for your organization.

ChemLock: Reporting Suspicious Activity and Security Incidents Template(DOCX, 46.54 KB )

Reporting an Incident

If a significant security incident is detected while in progress, the facility should immediately call local law enforcement and emergency responders via 9-1-1. Similarly, if the event has concluded but an immediate response is still necessary, the facility should immediately call 9-1-1.

Once an incident has been detected and response measures in the facility's security plan have been initiated, the facility should use a nonemergency number to contact local first responders and other federal, state, and local law enforcement entities, as applicable. Facilities should also report cyber and physical security incidents to CISA Central at central@cisa.gov.

When reporting suspicious activity, remember to include who or what you saw, when you saw it, where it occurred, and why the behavior is suspicious.

CISA Central

What Is Suspicious Behavior?

Suspicious activity is any observed behavior that could indicate potential terrorism or terrorism-related crime.

  • Unusual items or situations (i.e., a vehicle is parked in an odd location, a package is left unattended, etc.).
  • Eliciting information (i.e., inquiries at a level beyond curiosity about a building’s purpose, operations, security procedures and/or personnel, shift changes, etc.).
  • Observation/surveillance (i.e., someone pays unusual attention to facilities or buildings beyond a casual or professional interest, etc.).
  • Inquiries for chemical purchases from unknown buyers (i.e., cash purchase, abnormal quantity, etc.).
  • Insider threat that could use their authorized access, wittingly or unwittingly, to do harm to the facility or company (i.e., theft of proprietary information or technology, damage to company facilities or systems, harm to other employees, etc.).
  • Unusual cyber activity or cyberattacks (i.e., phishing, virus, denial-of-service attack, worm, botnet, etc.).

Do you or your staff need chemical security training to help identify suspicious activity? The ChemLock program offers two no-cost trainings that are offered quarterly or you can request a training specifically for your facility or organization.

Request a ChemLock training for your facility

Additional Resources

Nationwide Suspicious Activity Reporting (SAR) Initiative (NSI)

This initiative provides law enforcement with another tool to help prevent terrorism and other related criminal activity by establishing a national capacity for gathering, documenting, processing, analyzing, and sharing SAR information.

Fusion Center Locations and Contact Information

State and major urban area fusion centers are owned and operated by state and local entities, and are designated by the governor of their state.

FBI Weapons of Mass Destruction (WMD) Directorate

WMD is the FBI's lead for coordinating the integration of FBI policy, investigations, intelligence, and preventive countermeasures related to WMD.

See Something, Say Something

"If You See Something, Say Something®" is a national campaign that raises public awareness of the signs of terrorism and terrorism-related crime, and how to report suspicious activity to state and local law enforcement.

Chemlock logo

ChemLock Security Plan

To help facilities use the ChemLock security goals to develop a security plan or evaluate an existing plan, CISA has a security plan guidance document and template that facilities can download and customize for their facility.

Learn more about the ChemLock Security Plan

Additional Chemical Security Considerations

Individuals conducted inventory audit at a warehouse

ChemLock: Chemical Product Stewardship

Facilities that ship dangerous chemicals should consider implementing a product stewardship program, including a “know-your-customer” program, inventory management, in-transit tracking of chemicals, shipment confirmation, and receipt confirmation, among others.
A "DO NOT CROSS" Police banner located at a crime scene

ChemLock: Chemical Security Considerations for No-Notice Events

Although no-notice events are unpredictable, facilities with dangerous chemicals can take precautions to prepare for and mitigate the impacts from a variety of no-notice events so that dangerous chemicals that can be weaponized remain secure.
Night shot outside a large factory

ChemLock: Chemical Security on a Budget

Everyone who interacts with dangerous chemicals has a role to play in taking action to prevent chemicals from being weaponized by terrorists. Learn more about some simple, effective, and cost-efficient actions to enhance a facility’s security posture.
Two individuals at a chemical facility looking at content on a clipboard

ChemLock: Conducting a Chemical Security Self-Assessment

Periodically reviewing and assessing the security measures in a facility’s security plan is a critical component in maintaining an effective security plan. Learn more about how to systematically review and assess a facility security plan.

Contact Information

For more information or questions, please email ChemLock@cisa.dhs.gov.