(U//FOUO) DHS-FBI Suspicious Activity Reporting Bulletin: Sabotage/Tampering/Vandalism

Suspicious Activity Reporting (SAR): Sabotage/Tampering/Vandalism

1 page
For Official Use Only
August 2, 2013

(U//FOUO) Terrorists may engage in sabotage, tampering, or vandalism as part of an attack or to gain access to restricted areas, steal materials, or provoke and observe security responses. For example, the 1Oth edition of al-Qa’ida in the Arabian Peninsula’s Inspire magazine suggests torching parked vehicles and causing automobile accidents by using lubricating oil or nails driven through wooden boards as simple tactics to cause both casualties and economic damage.

(U//FOUO) The following SAR incidents reported to the Nationwide SAR Initiative (NSI) Shared Space demonstrate types of sabotage, tampering, or vandalism. Although none are thought to be linked to terrorist activity at this time, they are cited as examples for awareness and training purposes:

» (U//FOUO) An individual disabled a security camera at a military recruiting station before stealing US Government license plates from parked vehicles at the facility. No further information regarding this incident is available.
» (U//FOUO) Unknown individuals cut fiber communications lines disabling data flow and 911-call capability for several hours. Later, an unknown individual fired multiple gunshots at a large electrical substation, damaging several transformers. Law enforcement is treating these incidents as possibly related; the investigation is ongoing.

(U) Potential Targets of Sabotage, Tampering, or Vandalism Activity

(U//FOUO) The apparent intentional damage, destruction, manipulation, or dismantling of operational components or equipment-such as the ones listed below-could indicate attempts at sabotage, tampering, or vandalism. Potential targets include:

» (U//FOUO) Security equipment (lighting, cameras, motion detectors, magnetic sensors, locks, and fencing);
» (U//FOUO) Entrance and egress points (fire exits and access-controlled gates);
» (U//FOUO) Official-use and emergency response vehicles;
» (U//FOUO) Communications (landline and cellular) or navigation equipment (global positioning system);
» (U//FOUO) Fire safety systems (i.e., fire alarms and fire suppression systems);
» (U//FOUO) Support structures associated with an infrastructure facility;
» (U//FOUO) Natural gas and fuel oil tanks and pipelines, water storage and distribution, bus depots, fuel filling stations, railroad bridges, tunnels, switches, signal facilities, and electrical power lines; and
» (U//FOUO) Doors or panels to expose sensitive areas or components.

(U//FOUO) Depending on the context-time, location, personal behaviors, and other indicators-suspicious attempts to damage or compromise facilities or other critical infrastructures should be reported to the appropriate authorities.

(U//FOUO) First Amendment activities should not be reported in a SAR or ISE-SAR absent articulable facts and circumstances that support the source agency’s suspicion that the behavior observed is not innocent, but rather reasonably indicative of criminal activity associated with terrorism, including evidence of pre-operational planning related to terrorism. Race, ethnicity, national origin, or religious affiliation should not be considered as factors that create suspicion (although these factors may be used as specific suspect descriptions).

(U) NSI Definition of Sabotage/Tampering/ Vandalism: Damaging, manipulating, or defacing part of a facility/infrastructure or protected site.

(U) Note: The Functional Standard, v. 1.5 defines SAR as “official documentation of observed behavior reasonably indicative of pre-operational planning related to terrorism or other criminal activity.”

(U) Only Information Sharing Environment (ISE)-SARs that meet the ISE-SAR definition are permitted into the NSI Shared Space. The ISE-SAR definition in the Functional Standard, v. 1.5 is a SAR that is reasonably indicative of criminal activity associated with terrorism.