Quick Incident Reference Guide for Critical Infrastructure Owners and Operators

Our colleagues at DHS have recently published a new reference guide on threat information sharing.  As part of that lengthier document, ASDWA has extracted certain elements that states should find useful.  You may download the complete reference guide at https://www.dhs.gov/publication/ci-threat-info-sharing-framework.
Report Threats and Incidents…

  • In an emergency, call 9-1-1, report suspicious activity and threats to federal facilities at 1-877-437-7411
  • Contact your local law enforcement agency
  • Report through your organization’s appropriate internal reporting process
  • Directly report non-emergency threats and incidents to your nearest FBI field office at https://www.fbi.gov/contact-us/field
  • Report threats and crime online at https://www.fbi.gov/report-threats-and-crime
  • Report suspicious activity involving chemical, biological, or radiological materials, by calling (toll-free) 1-855-TELL-FBI (1-855-835-5324)
  • Report an online scam or email hoax by filing a complaint online with the Internet Crime Complaint Center at http://www.ic3.gov/complaint/default.aspx or by using the online Tips and Public Leads form at https://tips.fbi.gov/
  • Provide information on select major cases by calling the Major Case Contact Center at 1-800-CALL-FBI (1-800-225-5324)

Report Suspected or Known Cyber Incidents…

  • Contact the National Cybersecurity and Communications Integration Center (NCCIC) at https://www.dhs.gov/about-national-cybersecurity-communications-integration-center, nccic@hq.dhs.gov, or 1-888-282-0870
  • Contact the nearest FBI Field Office: http://www.fbi.gov/contact-us/field
  • See a two-page page summary on Cyber Incident Reporting, including when, what, and how to report cyber incidents to the Federal Government (directed towards law enforcement, but also relevant to critical infrastructure owners and operators): https://dhs.gov/sites/default/files/publications/Law Enforcement Cyber Incident Reporting.pdf

Report Physical Infrastructure Incidents…
·         Email the National Infrastructure Coordinating Center (NICC) at NICC@hq.dhs.gov or call (202) 282-9201
·         Contact your sector’s Information Sharing and Analysis Organization (ISAO) or Information Sharing and Analysis Center (ISAC), and/or Sector-Specific Agency (SSA)
Receive Threat Information Relevant to Your Sector:  There are a variety of ways to receive threat information. Critical infrastructure owners and operators will likely want to connect with more than one of the entities listed below to establish an ongoing information-sharing relationship. The ones best suited for your organization may depend on your needs, capabilities, and interests, but the following are suggested starting points.

  • Contact your local law enforcement agency
  • Contact your nearest FBI Field Office https://www.fbi.gov/contact-us/field (see FBI Field Offices entity description on page 23 for more information)
  • Join the Homeland Security Information Network – Critical Infrastructure (HSIN-CI) https://www.dhs.gov/hsin-ci   Join a Regional Consortium Coordinating Council (RC3) member organization in your area —Membership application and links to Council members: http://RC3US.org
  •  Join InfraGard—Membership application and access to InfraGard’s Secure Web Portal: http://www.infragard.org. Join your sector’s or region’s ISAO or your sector’s ISAC
  • Contact your nearest State or major urban area fusion center and ask for a briefing, or establish an information-sharing relationship
  •  Find your nearest fusion center: http://www.dhs.gov/contact-fusion-centers and connect with the fusion center’s liaison officer for private sector outreach
  • Contact your SSA or Sector Coordinating Council (SCC). For charters and information on the sectors for Sector Coordinating Councils and Government Coordinating Councils, see https://www.dhs.gov/critical-infrastructure-partnership-advisory-council

Access Threat Prevention and Protection Related Training and Exercises…

  • See https://www.dhs.gov/critical-infrastructure-training for a wide array of free training designed to improve the knowledge and skills needed to implement critical infrastructure security and resilience activities, including active shooter and improvised explosive device preparedness
  • Free online Suspicious Activity Reporting (SAR) training for the private sector and other hometown security partners is available at https://nsi.ncirc.gov/training_online.aspx
  • Contact your nearest FBI field office, which has outreach coordinators in each of its 56 field offices. For more information about the FBI’s Community Outreach, visit https://www.fbi.gov/about-us/partnerships_and_outreach/community_outreach and https://www.fbi.gov/about/partnerships/office-of-partner-engagement/active-shooter-incidents
  • Contact your nearest fusion center, nearest DHS Office of Infrastructure Protection’s Protective Security Advisor (PSA), Sector ISAC, or Sector Coordinating Council (SCC) for more opportunities