Interagency Threat Assessment and Coordination Group
I N T E L L I G EN EN C E G U I D E F OR F I R S T R E S P O N D ER S
Legal Disclaier Nothing in this handbook shall be construed to impair or otherwise affect the authority granted by law to a department or agency, or the head thereof. Additionally, the handbook is not intended to, and does not, create any right
or benet, substantive or procedural, enforceable at law or in equity, by any party against the United States, its departments, agencies or entities, its
ofcers, employees, or agents, or any other person.
i
Table of ConTenTs
I
II
GENERAL 1
Introducon
5
What is Intelligence? 8
The Intelligence Community
10
The Intelligence Cycle
12
Categories of Finished Intelligence
HOW TO 17
Handling of “Controlled Unclassied Informaon”
21
Security Clearances
25
What Intelligence Can and Cannot Do
ii
III
29
Intelligence Products Typically Available to First Responders
35
Accessing Intelligence Community Products
41
Understanding Threat Informaon
49
Understanding Esmave Language
REFERENCE 55
Intelligence Community Terminology
85
Intelligence Community Acronyms and Abbreviaons
ITaCG:
intelligence guide for first responders
SECTION
I
General
s r e d n o p s e r t s r i f r o f e d i u g e c n e g i l l e t n i
: G C a T I
01 InTroduCTIon
n o i t c u d o r t n i
2
|
s r e d n o p s e r t s r i f r o f e d i u g e c n e g i l l e t n i
InTroduCTIon This Interagency Threat Assessment and Coordinaon Group (ITACG) Intelligence Guide for First Responders is designed to assist state, local, tribal law enforcement, reghng, homeland security, and appropriate private sector personnel in accessing and understanding Federal counterterrorism, homeland security, and weapons of mass destrucon intelligence reporng. Most of the informaon contained in this guide was compiled, derived, and adapted from exisng Intelligence Community and open source references. The ITACG consists of state, local, and tribal rst responders and federal intelligence analysts from the Department of Homeland Security and the Federal Bureau of Invesgaon, working at the Naonal Counterterrorism Center (NCTC) to enhance the sharing of federal counterterrorism, homeland security, and weapons of mass destrucon informaon with state, local, and tribal consumers of intelligence.
3
i n t e l l i g e n c e g u i d e f o r f i r s t r e s p o n d e r s
| i n t r o d u c t i o n
Fig.1 - Current and former members of the ITACG Detail; clockwise from the top: New Jersey State Police, Seale Fire Department, Federal Bureau of Invesgaon, Boston Police Department, Illinois State Po lice, Phoenix Police Department (2007-2008), Six Naons Tuscarora, Las Vegas Police Department, Department of Homeland Security, DC Metropolitan Police (2008-2009)
s r e d n o p s e r t s r i f r o f e d i u g e c n e g i l l e t n i
: G C a T I
05 WhaT Is InTellIGenCe ?
n o i t c u d o r t n i
|
s r e d n o p s e r t s r i f r o f e d i u g e c n e g i l l e t n i
6
WhaT Is
InTellIGenCe?1
“Intelligence is the product resulting from the collection, processing, integration, evaluation, analysis, and interpretation of available information concerning foreign nations, hostile or potentially hostile forces or elements, or areas of actual or potential operations. The term is also applied to the activity which results in the product and to the organizations engaged in such activity.” 22 June 2007 edition of Joint Pub 2-0, Joint Intelligence There
are
sIx
basIC InTellIGenCe sourCes
2
:
Signals Intelligence (SIGINT) is derived from the exploitaon of foreign electronic emissions. SIGINT can be in the form of the actual informaon content of a signal or in the form of its temporal and spectral characteriscs called signal operang parameters. SIGINT includes both the raw data and the analysis product of that data. SIGINT breaks down into four sub disciplines: Electronic Intelligence (ELINT), Communicaons Intelligence (COMINT), Foreign Instrumentaon Signals Intelligence (FISINT), and weapons-related Command and Control Signals (PROFORMA). Imagery Intelligence (IMINT) is a product that is the result of processing and exploing raw imagery (informaon) and creang an analyzed product (intelligence). An image alone is only informaon in the form of pixels, digits, or other forms of graphic representaon and the data behind that portrayal. When studied for content with an understanding of portrayal, imaging processes, and the place, objects and me captured by that process, or through comparison to other images and consideraon in light of other informaon or intelligence, imagery intelligence (IMINT) can be created.
7
Measurement and Signature Intelligence (MASINT) is scienc and technical intelligence informaon obtained by quantave and qualitave analysis of data (metric, angle, spaal, wavelength, me dependence, modulaon, plasma, and hydromagnec) derived from spe cic technical sensors for the purpose of idenfying any disncve features associated with the source, emier, or sender and to facilitate subsequent idencaon and/or measurement of the same. Human-Source Intelligence (HUMINT) is intelligence derived from human beings who may act as both sources and collectors, and where the human is the primary collecon instrument. This includes all forms of intelligence gathered by humans, from direct reconnaissance and obser-
vaon to the use of recruited agents. HUMINT may also encompass interrogaon techniques, including the process of quesoning detainees conducted in compliance with U.S. law and regu laon, internaonal law, execuve orders, and other operaonally specic guidelines. HUMINT can provide a wide range of informaon which includes but is not limited to adversary plans and intenons, deliberaons and decisions, research and development goals and strategies, doctrine, leadership, polical or military relaonships, weapons systems, physical and cultural infrastructure, and medical condions. HUMINT can oen collect informaon that is dicult or somemes impossible to collect by other, more technical, means. Open-Source Intelligence (OSINT) is unclassied informaon of potenal intelligence value that is available to the general public. Geospaal Intelligence (GEOINT) is the intelligence derived from the exploitaon of imagery and geospaal informaon to describe, assess, and visually depict physical features and geo graphically referenced acvies on the Earth.
i n t e l l i g e n c e g u i d e f o r f i r s t r e s p o n d e r s
| i n t r o d u c t i o n
e c n e g i l l e t n i s i t a h w
|
s r e d n o p s e r t s r i f r o f e d i u g e c n e g i l l e t n i
8
The
InTellIGenCe
CommunITy
3
“The United States intelligence effort shall provide the President, the National Security Council, and the Homeland Security Council with the necessary information on which to base decisions concerning the development and conduct of foreign, defense and economic policy, and the protection of United States national interests from foreign security threats. All departments and agencies shall cooperate fully to fulfill this goal.” Executive Order 12333 The Intelligence Community (IC) is a federaon of execuve branch agencies and organizaons that work separately and together to conduct intelligence acvies necessary for the conduct of foreign relaons and the protecon of the naonal security of the United States. These acvies include: • Collecon of informaon needed by the president, the Naonal Security Coun -
• •
• • •
cil, the Secretaries of State and Defense, and other Execuve Branch ocials for the performance of their dues and responsibilies; Producon and disseminaon of intelligence; Collecon of informaon concerning, and the conduct of acvies to protect against, intelligence acvies directed against the U.S., internaonal terrorist and internaonal narcocs acvies, and other hosle acvies directed against the U.S. by foreign powers, organizaons, persons, and their agents. Special acvies; Administrave and support acvies within the U.S. and abroad necessary for the performance of authorized acvies; and Such other intelligence acvies as the President may direct from me to me.
9
The Intelligence Community (IC) refers to those agencies and organizaons involved in intelligence acvies: 4 • Air Force Intelligence • Army Intelligence • Central Intelligence Agency (CIA) • Coast Guard (USCG) • Defense Intelligence Agency (DIA) • Department of Energy (DoE) Oce of Intelligence • Department of Homeland Security (DHS), Oce of Intelligence
and Analysis • Department of State Bureau of Intelligence and Research (INR) • Department of the Treasury (DoT), Treasury Oce of Terrorism
and Financial Intelligence • Oce of the Director of Naonal Intelligence (ODNI) • Drug Enforcement Administraon (DEA), Oce of Naonal
Security Intelligence • Federal Bureau of Invesgaon (FBI), Naonal Security Branch • Marine Corps Intelligence • Naonal Geospaal-Intelligence Agency (NGA) • Naonal Reconnaissance Oce (NRO) • Naonal Security Agency (NSA) • Naval Intelligence
i n t e l l i g e n c e g u i d e f o r f i r s t r e s p o n d e r s
| w h a t i s i n t e l l i g e n c e
e c n e g i l l e t n i s i t a h w
|
s r e d n o p s e r t s r i f r o f e d i u g e c n e g i l l e t n i
10
The
InTellIGenCe
CyCle
5
The intelligence cycle is the process of developing raw informaon into nished intelligence for policymakers, military commanders, and other consumers to use in decision-making and acons. Five steps constute the intelligence cycle: 1. Planning and Direcon: Establishing the intelligence requirements of the policymakers – the President, the Naonal Security Council, military commanders, and other ocials in major departments and governmental agencies. 2. Collecon: Gathering of raw data from which nished intelligence is pro duced. There are six basic intelligence sources, or collecon disciplines: a. b. c. d. e. f.
Signals Intelligence (SIGINT) Imagery Intelligence (IMINT) Measurement and Signature Intelligence (MASINT) Human-Source Intelligence (HUMINT) Open-Source Intelligence (OSINT) Geospaal Intelligence (GEOINT)
3. Processing and Exploitaon: Conversion of large amounts of data to a form suitable for the producon of nished intelligence; includes transla ons, decrypon, and interpretaon of informaon stored on lm and mag nec media through the use of highly rened photographic and electronic processes.
11
4. Analysis and Producon: Integraon, evaluaon, and analysis of all avail able data and the preparaon of a variety of intelligence products, including mely, single-source, event-oriented reports and longer term, all-source, nished intelligence studies. 5. Disseminaon: Delivering the products to consumers who request them. Some intelligence informaon is sent directly to consumers, usually by electronic means, because it is self-explanatory. More oen, analysts check informaon to see how it relates to other informaon they have received. They evaluate the informaon and make comments. When informaon has been reviewed and correlated with informaon available from other sources, it is called nished intelligence.
i n t e l l i g e n c e g u i d e f o r f i r s t r e s p o n d e r s
| w h a t i s i n t e l l i g e n c e
e c n e g i l l e t n i s i t a h w
|
s r e d n o p s e r t s r i f r o f e d i u g e c n e g i l l e t n i
12
CaTeGorIes of fInIshed InTellIGenCe 6 There are ve categories of nished intelligence available to the consumer of intelligence: 1. Current intelligence addresses day-to-day events, seeking to apprise consumers of new developments and related background, to assess their signicance, to warn of their near-term consequences, and to signal potenally dangerous situaons in the near future. Current intelligence is presented in daily, weekly, and some monthly publicaons, and frequently in ad hoc wrien memorandums and oral briengs to senior ocials. 2. Esmave intelligence looks forward to assess potenal developments that could aect U.S. naonal security. Like all kinds of intelligence, esmave intelligence starts with the available facts, but then explores the unknown, even the unknowable. Esmave intelligence helps policymakers to think strategically about long-term threats by discussing the implicaons of a range of possible outcomes and alternave scenarios. Naonal Intelligence Esmates, which are esmave reports produced by the Naonal Intelligence Council, are the Director of Naonal Intelligence’s (DNI) most authoritave wrien assessments of naonal security issues.
13
3. Warning intelligence sounds an alarm or gives noce to policymakers. It connotes urgency and implies the potenal need for policy acon in response. Warning includes idenfying or forecasng events that could cause the engagement of U.S. military forces, or those that would have a sudden and deleterious eect on U.S. foreign policy concerns (for example, coups, third-party wars, refugee situaons). Warning analysis involves exploring alternave futures and low probability/high impact scenarios. The Naonal Intelligence Ocer (NIO) for Warning serves as the DNI’s and the IC’s principal adviser on warning. All agencies and intelligence stas have designated warning components, and some have specic warning responsibilies. 4. Research intelligence is presented in monographs and in-depth studies by virtually all agencies. Research underpins both current and esmave intelligence.
i n t e l l i g e n c e g u i d e f o r f i r s t r e s p o n d e r s
| w h a t i s i n t e l l i g e n c e
e c n e g i l l e t n i s i t a h w
|
s r e d n o p s e r t s r i f r o f e d i u g e c n e g i l l e t n i
14
5. Scienc and technical intelligence includes informaon on technical developments and characteriscs, performance, and capabilies of foreign technologies including weapon systems or subsystems. This informaon is derived from analysis of all-source data, including technical measurements. Generally, such technical analysis and reporng responds to specic naonal requirements derived from the weapons acquision process, arms control negoaons, or military operaons. It covers the enre spectrum of sciences, technologies, weapon systems, and integrated operaons. This type of intelligence is provided to consumers via in-depth studies, detailed system handbooks, execuve summaries, focused assessments and briefs, and automated databases.
ITaCG:: ITaCG
intelligence guide for first responders
SECTION
II
hoW To
s r e d n o p s e r t s r i f r o f e d i u g e c n e g i l l e t n i
: G C a T I
17 handlInG of “ConTrolled unClassIfIed InformaTIon”
n o i t a m r o f n i
18
” y
l n o e s u l a i c i f f o r o f
handlInG
“CONTROLLED
“
uNCLASSIFIED INFORmATION”
|
Controlled Unclassied Informaon (CUI) is a categorical designaon that refers to unclassied informaon that does not meet the standards for Naonal Security Classicaon under Execuve Order 12958, as amended, but is pernent to the naonal interests of the United States or to the important interests of enes outside the Federal Government, and under law or policy requires protecon from unauthorized disclosure, special handling safeguards, or prescribed limits on exchange or disseminaon. CUI includes many caveats, such as “FOR OFFICIAL USE ONLY” (FOUO).
g n i l d n a h s r e d n o p s e r t s r i f r o f e d i u g e c n e g i l l e t n i
7
Informaon labeled FOUO should be safeguarded, and withheld from public release 8 unl approved for release by the originang agency.
FOUO is not a classicaon, but a disseminaon control marking. It is used to idenfy unclassied informaon of a sensive nature, not otherwise categorized by statute or regulaon, the unauthorized disclosure of which could adversely impact a person’s privacy or welfare, the conduct of Federal programs, or other programs or operaons essenal to the naonal interest.
19
Disseminaon of FOUO is restricted to persons with “need-to-know.” Need-to-know is dened as the determinaon made by an authorized holder of informaon that a prospecve recipient requires access to specic informaon in order to perform or assist in the lawful and authorized governmental funcon, i.e., access is required for the performance of ocial dues. Typical FOUO requirements include: 1.
FOUO informaon will not be disseminated in any manner – orally, visually, or electronically – to unauthorized personnel.
2.
The holder of the informaon will comply with access and disseminaon restricons.
3.
Ensure the recipient of FOUO has valid need-to-know, and that precauons are taken to prevent unauthorized individuals from overhearing the conver saon, observing the materials, or otherwise obtaining the informaon.
Many government agencies use the FOUO caveat, but other caveats, such as, LAW ENFORCEMENT SENSITIVE (LES), and OFFICIAL USE ONLY (OUO), are also used. In many instances the requirement for safeguarding this informaon is equivalent; however, these agencies may have addional requirements concerning the safe guarding of sensive informaon.
i n t e l l i g e n c e g u i d e f o r f i r s t r e s p o n d e r s
| h a n d l i n g
“
f o r o f f i c i a l u s e o n l y
”
i n f o r m a t i o n
s r e d n o p s e r t s r i f r o f e d i u g e c n e g i l l e t n i
: G C a T I
21 seCurITy ClearanCes
s e c n a r a e l c y t i r u c e s
22
|
s r e d n o p s e r t s r i f r o f e d i u g e c n e g i l l e t n i
seCurITy
ClearanCes 9
Most informaon needed by state, local, and tribal rst responders can be shared at an unclassied level. In those instances where it is necessary to share classied informaon, it can usually be accomplished at the Secret level. State and local ocials who require access to classied material must apply for a security clearance through FBI or DHS. The process involves compleng a Quesonnaire for Naonal Security Posions, subming ngerprints, and undergoing a background invesgaon. Records checks for Secret and Top Secret security clearance are mandated by Presidenal Execuve Order (EO). The EO requires these procedures in order for a security clearance to be granted and they cannot be waived. 1. Secret Clearances: A Secret security clearance may be granted to those persons who “need-to-know” naonal security informaon, classied at the Condenal or Secret level. A Secret security clearance takes the least amount of me to process.
23
2.
Top Secret Clearances: A Top Secret clearance may be granted to those persons who “need-to-know” naonal security informaon, classied up to the Top Secret level, and who need unescorted access to sensive facilies, when necessary. a. In addion to all the requirements at the Secret level, a background invesgaon, covering a 10-year me period, is required. b. Once favorably adjudicated for a Top Secret security clearance, the candidate will be required to sign a Non-Disclosure Agreement.
For addional informaon, visit hp://www.i.gov/clearance/securityclearance.htm or contact your local FBI Field Oce.
i n t e l l i g e n c e g u i d e f o r f i r s t r e s p o n d e r s
| s e c u r i t y c l e a r a n c e s
PIC OF SCALE
s r e d n o p s e r t s r i f r o f e d i u g e c n e g i l l e t n i
: G C a T I
25 WhaT InTellIGenCe Can and CannoT do
o d t o n n a c d n a n a c e c n e g i l l e t n i t a h w
|
s r e d n o p s e r t s r i f r o f e d i u g e c n e g i l l e t n i
26
WhaT InTellIGenCe
Can (and CannoT)
do
10
Intelligence informaon can be an extremely powerful tool. It is most useful when the consumer has a clear understanding of what intelligence can and cannot do. While laws, policies, capabilies, and standards are constantly changing, these general guidelines can help consumers make the most of this resource.
Can do: Intelligence informaon can
1. WhaT InTellIGenCe provide valuable services, such as:
• Providing decision advantage, by improving the decision-making of consumers and partners while hindering that of our enemies. • Warning of potenal threats. • Insight into key current events. • Situaonal awareness. • Long-term strategic assessments on issues of ongoing interest. • Assistance in preparaon for senior-level meengs that include naonal security-related subjects. • Pre-travel security overviews and support. • Reports on specic topics, either as part of ongoing reporng or upon request for short-term needs. • Compiling U.S. Government knowledge on persons of interest.
27
CannoT
do: Realisc expectaons 2. WhaT InTellIGenCe will help the consumer ll their intelligence needs. Some things that intel ligence cannot do include:
• Predict the future. Intelligence can provide assessments of likely scenarios or developments, but there is no way to predict what will happen with certainty. • Violate U.S. law. The acvies of the IC must be conducted consistent with all applicable laws and execuve orders, to include the Naonal Security Act of 1947, as amended, the Foreign Intelligence Surveillance Act, the Intelligence Reform and Terrorism Prevenon Act (IRTPA), the Privacy Act of 1974, the Detainee Treatment Act, Homeland Security Act of 2002, as amended, Execuve Order 12333, and the Military Commission Act.
All acvies of the IC are subject to extensive and rigorous oversight both within the Execuve Branch and by the Legislave Branch, as required by the Naonal Security Act of 1947, as amended.
i n t e l l i g e n c e g u i d e f o r f i r s t r e s p o n d e r s
| w h a t i n t e l l i g e n c e c a n a n d c a n n o t d o
o d t o n n a c d n a n a c e c n e g i l l e t n i t a h w
|
s r e d n o p s e r t s r i f r o f e d i u g e c n e g i l l e t n i
28
s r e d n o p s e r t s r i f r o f e d i u g e c n e g i l l e t n i
: G C a T I
29 InTellIGenCe P roduCTs TyPICally avaIlable To fIrsT r esPonders
s r e d n o p s e r t s r i f o t e l b a l i a v a y l l a c i p y t s t c u d o r p e c n e g i l l e t n i
|
s r e d n o p s e r t s r i f r o f e d i u g e c n e g i l l e t n i
30
ProduCTs TyPICally avaIlable To fIrsT resPonders 11 InTellIGenCe
The following types of products can be found on a variety of classied and unclassied systems, including FBI’s Law Enforcement Online (LEO), and DHS’s Homeland Secure Informaon Network-Intelligence (HSIN-I) via the Internet, and NCTC Online-SECRET (NOL-S) via secret level systems, such as FBI Network (FBINet), Homeland Secure Data Network (HSDN), Joint Deployable Intelligence Support System (JDISS), and Secure In ternet Protocol Routed Network (SIPRNet). 1. Sitational Awareness and Threat Reporting: These are breaking news events to chief execuves and command centers with state, local, and tribal law enforcement agencies via HSIN-I, LEO, text messaging, or e-mail. These reports are oen produced jointly by DHS and FBI. 2. Inforation Report: These are specially formaed messages transmit ted electronically, which enable the mely disseminaon of unevaluated intelligence within the Intelligence Community and law enforcement. The informaon conveyed in these products may be non-specic or fragmentary and simply constute suspicious acvity, but sll be of intelligence value. These products include:
a. IIR (Intelligence Informaon Report) b. HIR (Homeland Informaon Report)
31
i n t e l l i g e n c e g u i d e f o r f i r s t r e s p o n d e r s
|
3. Intelligence Assessent (IA): Finished intelligence products resulng from the intelligence analysis process. Assessments may address taccal, strategic, or technical intelligence requirements. 4. Threat Assessent (TA) or Special Assessent (SA): Provides in-depth analysis related to a specic event or body of threat reporng. 5. Intelligence Blletin (IB): Finished intelligence products used to dissemi nate informaon of interest, such as signicant developments and trends, to the intelligence and law enforcement communies in an arcle format. An IB does not address threat warning informaon. 6. Joint Intelligence Assessent (IA) or Intelligence Blletin (IB): Assessments or bullens which are wrien jointly by two or more IC agen cies (dual or mulple seals). These products may address the same types of requirements as Intelligence Assessments or Intelligence Bullens. These joint products may be formaed dierently than single seal versions, de pending on the format agreed to by parcipang agencies.
i n t e l l i g e n c e p r o d u c t s t y p i c a l l y a v a i l a b l e t o f i r s t r e s p o n d e r s
s r e d n o p s e r t s r i f o t e l b a l i a v a y l l a c i p y t s t c u d o r p e c n e g i l l e t n i
|
s r e d n o p s e r t s r i f r o f e d i u g e c n e g i l l e t n i
32
7. Other Reports: These include intelligence summaries and briefs produced daily, which cover current counterterrorism, homeland security, and WMDrelated informaon. Examples include:
a. Roll Call Release: The Roll Call Release is a collaborave FOUO-only product developed by DHS, FBI, and the ITACG. The product is wrien specically for state, local, and tribal rst responders, and focuses on terrorist taccs, techniques, procedures; terrorism trends; and indicators of suspicious acv ity. The product is wrien on an ad hoc basis, is focused on one subject, and ts on one page. These products are posted on HSIN-I and LEO. b. Terrorism Summary (TERRSUM): The TERRSUM is a SECRET collateral digest of terrorism-related intelligence of interest to Federal and non-Federal law enforcement, security and military personnel. Produced Monday through Friday, the TERRSUM includes terrorism-related intelligence available to NCTC and other Intelligence Community elements. The product is posted on NOL-S.
notes
_____________________________________________________ _____________________________________________________ _____________________________________________________ _____________________________________________________ _____________________________________________________ _____________________________________________________ _____________________________________________________ _____________________________________________________ _____________________________________________________ _____________________________________________________ _____________________________________________________ _____________________________________________________ _____________________________________________________ _____________________________________________________ _____________________________________________________
i n t e l l i g e n c e g u i d e f o r f i r s t r e s p o n d e r s
| n o t e s
s t c u d o r p y t i n u m m o c e c n e g i l l e t n i g n i s s e c c a
|
s r e d n o p s e r t s r i f r o f e d i u g e c n e g i l l e t n i
s r e d n o p s e r t s r i f r o f e d i u g e c n e g i l l e t n i
: G C a T I
35 aCCessInG InTellIGenCe CommunITy ProduCTs
s t c u d o r p y t i n u m m o c e c n e g i l l e t n i g n i s s e c c a
|
s r e d n o p s e r t s r i f r o f e d i u g e c n e g i l l e t n i
36
aCCessInG
InTellIGenCe
CommunITy ProduCTs
12
Classied and unclassied intelligence can be accessed by rst responders through mulple systems and websites. In some cases an account is required, while other mes all that is needed is access to a specic computer network. Many of these sources of informaon only require that an individual perform homeland security or law enforcement acvies on behalf of a state, local, or tribal government; a few require security clearances and access to secure systems.
1. unClassIfIed InTellIGenCe ProduCTs a. Homeland Security Informaon Network – Intelligence (HSIN-I): HSIN-I is an ocial government informaon sharing and electronic communicaons portal. It provides DHS, FBI, NCTC, other federal and non-federal intelligence products at the FOUO level. Accounts are available to federal, state, local, and tribal personnel performing homeland security or law enforcement dues. HSIN-I can be accessed from any computer system with an Internet connecon. Access is by invitaon only. i. Website: hps://hsin-intel.dhs.gov ii. Access: Contact the helpdesk at 1-877-624-3771 or e-mail
[email protected] for sponsor contact informaon. Sponsors for state, local, and tribal can be contacted through the State and Local Fusion Centers.
37
b. Law Enforcement Online (LEO) : LEO can be accessed from any computer system with an Internet connecon. It is an ocial government informaon sharing and electronic communicaons portal. LEO provides FBI, joint FBI-DHS, NCTC, and non-federally produced intelligence products at the FOUO level. Accounts are available to federal, state, local, and tribal personnel performing homeland security or law enforcement dues and personnel from foreign law enforcement agencies. i. Website: hp://www.leo.gov ii. Access: Go to hp://www.leo.gov, click on the “LEO Membership Criteria” and then click on the “LEO User Applicaon”, or contact LEO Helpdesk at 1-888-334-4536, or e-mail
[email protected]. c. Intelink-U : Intelink-U is the Intelligence Community’s “Sensive but Unclassied” (SBU) informaon sharing network. Content is provided by the Intelligence Community, other government agencies, foreign partners, academia, and open sources. Accounts are available to individuals with federal, state, local, and tribal homeland security and law enforcement responsibilies. i. Website: hps://www.intelink.gov ii. Access: Go to hps://www.intelink.gov, click on “Sign In”, and proceed to “New Account Registraon”. d. Regional Informaon Sharing Systems Network (RISSNET): RISSNET facilitates informaon sharing within the law enforcement community to combat mul-jurisdiconal criminal acvies and conspiracies. It is composed of six mul-state intelligence centers (RISS Intelligence Centers). Membership comprises federal, state, local, and tribal law enforcement agencies. Access is requested through the regional RISS Intelligence Centers.
i n t e l l i g e n c e g u i d e f o r f i r s t r e s p o n d e r s
| a c c e s s i n g i n t e l l i g e n c e c o m m u n i t y p r o d u c t s
s t c u d o r p y t i n u m m o c e c n e g i l l e t n i g n i s s e c c a
|
s r e d n o p s e r t s r i f r o f e d i u g e c n e g i l l e t n i
38
i. Website: hp://www.riss.net ii. Contact informaon available at hp://www.riss.net/Centers.aspx. e. DHS Technical Resources for Incident Prevenon (TRIPwire): TRIPwire is a secure informaon sharing network for law enforcement, bomb squads, and other rst responders. Content consists of current terrorist bombing taccs, techniques, and procedures. i. Website: hps://www.tripwire-dhs.net ii. Access: Apply online at hps://www.tripwire-dhs.net. f. Federal Protecve Service Portal (FPS Portal): The FPS Portal is a compi laon of FOUO products for law enforcement and rst responders. i. Website: hps://fps.esportals.net ii. Access: For membership contact
[email protected] or 877-624-3771. g. Open Source Center (OSC): OSC contains open source reporng, analysis, and translaons of foreign policy and naonal security issues. Accounts are available to individuals with federal, state, and local homeland security and counterterrorism responsibilies. i. Website: hp://www.opensource.gov ii. Access: Apply online at hp://www.opensource.gov.
39
2. seCreT InTellIGenCe ProduCTs a. NCTC Online-SECRET (NOL-S): NOL-S can be accessed from any SECRET U.S. Government informaon system (HSDN, FBINet, JDISS, or SIPRNet). i. Website: hps://nol.nctc.sgov.gov ii. Access: Authorized access to HSDN, FBINet, JDISS, or SIPRNet is the only requirement. b. Oce of Intelligence and Analysis (OI&A) Webpage, DHS: The OI&A homepage can be accessed from any SECRET U.S. Government informaon system (HSDN, FBINet, JDISS, or SIPRNet). i. Website: hp://dhs.csp.sgov.gov ii. Access: Authorized access to HSDN, FBINet, JDISS, or SIPRNet is the only requirement. c. FBINet: The FBI intranet can only be accessed from an FBINet computer. i. Website: hp://intranet.inet.i ii. Access: Authorized access to an FBINet system. d. FBI Intelink/SIPRNet: Can be accessed from any SECRET U.S. Government informaon system (HSDN, FBINet, JDISS, or SIPRNET). i. Website: hp://www.i.sgov.gov ii. Access: Authorized access to HSDN, FBINet, JDISS, or SIPRNET is the only requirement.
i n t e l l i g e n c e g u i d e f o r f i r s t r e s p o n d e r s
| a c c e s s i n g i n t e l l i g e n c e c o m m u n i t y p r o d u c t s
s r e d n o p s e r t s r i f r o f e d i u g e c n e g i l l e t n i
: G C a T I
41 undersTandInG ThreaT InformaTIon
n o i t a m r o f n i t a e r h t g n i d n a t s r e d n u
42
undersTandInG InformaTIon
ThreaT
13
|
s r e d n o p s e r t s r i f r o f e d i u g e c n e g i l l e t n i
A raw intelligence report, alert, warning, or nocaon is a message that provides mely disseminaon of unevaluated intelligence within the U.S. intelligence, federal law enforcement, and state, local, tribal and private sector communies. This is informaon that individuals or organizaons need in order to make decisions. The informaon may be nonspecic or fragmentary and simply constute suspicious acvity but sll be of intelligence value.
1. CrITerIa: The Intelligence Community uses the following criteria to understand threat informaon: a. Access: Addresses the ability of the source to obtain the informaon. Some common levels of source access are: i. Direct Access: The intelligence source has direct knowledge of the intelligence fact reported or appears to be in the direct contact with those personally involved or knowledgeable. ii. Indirect Access: Some distance between the source and origin of the informaon. The intelligence source is reporng informaon obtained at one or more steps removed from those with rst-hand knowledge.
43
iii. Excellent Access: High-level access to informaon due to the source’s involvement in the event; source may have learned the informaon from the decision maker or from a source document. iv. Good Access: Suggests credible but no direct access to the informaon. Perhaps the source obtained the informaon from a sub-source with excellent access or from a sub-source with a proven reporng record.
b. Chain of Acquision: Addresses source relaonships and potenal changes in the informaon as it passes from one person to another. The longer the chain of acquision (the more people who obtained and relayed the infor maon) the more likely the informaon changed, aecng the accuracy of the informaon. c.
Credibility: Refers to the extent to which something is believable. This term is commonly used with reference to sources of evidence, to evidence itself, and to hypotheses based on evidence. The term reliability is somemes used as a synonym for credibility, but this causes dicules. Reliability is just one aribute of the credibility of certain forms of evidence. The credibility of sources of evidence is both context and me dependent. A person or a sensor may be more credible regarding certain events and at certain mes but not so credible regarding other events or at other mes.
i n t e l l i g e n c e g u i d e f o r f i r s t r e s p o n d e r s
| u n d e r s t a n d i n g t h r e a t i n f o r m a t i o n
n o i t a m r o f n i t a e r h t g n i d n a t s r e d n u
|
s r e d n o p s e r t s r i f r o f e d i u g e c n e g i l l e t n i
44
d. Reliability: A criteria of credibility applied to the primary source provides a likelihood that the most recent reporng can be assessed to be an accurate representaon of the events reported based on the past performance of the source. An analyst’s judgment on the intelligence source for a parcular report. i. Reliable: Established reporng record judged to be accurate. i. “Source has reported reliably in the past” ii. “Source has reported reliably over 1-10+ years” ii. Uncertain: Limited reporng record and/or some uncertainty as to the reli ability of the source or sources: “Reporng reliability cannot be conrmed.” iii. Unknown: Previously unreported source.
45
2. sourCe
CaTeGorIes: The Intelligence Community assesses the source of the informaon to assist in understanding threat informaon. The following terms are commonly used in describing sources:
a. Contact: Unilateral contacts who provide informaon voluntarily and in condence, but for whom a formal relaonship has not been established: “A contact with (direct/indirect/good/excellent ) access who spoke in condence. This is the rst reporng from source, reliability cannot be determined.“ b. Collaborave Source: Newly established sources with whom a formal rela onship has recently been established. The reliability statement is based on a combinaon of the quanty and quality of the source’s reporng: “A collaborave source with (direct/indirect/good/excellent ) access (some/much/ all ) of who’s reporng has been corroborated over the past two years.” c. Established Source: Sources with which a relaonship has been estab lished and, if revealed, would possibly endanger his/her status, reputa on, or security. The reliability statement is based on a combinaon of the quanty and quality of the source’s reporng: “An established source with (direct/indirect/good/excellent ) access (some/much/all ) of who’s reporng has been corroborated over the past two years.”
i n t e l l i g e n c e g u i d e f o r f i r s t r e s p o n d e r s
| u n d e r s t a n d i n g t h r e a t i n f o r m a t i o n
n o i t a m r o f n i t a e r h t g n i d n a t s r e d n u
|
s r e d n o p s e r t s r i f r o f e d i u g e c n e g i l l e t n i
46
d. Walk-in/Call-in/Write-in: A previously unknown individual who makes contact with an ocial U.S. person, installaon, or website and volunteers his/her informaon, with or without requesng some form of assistance in return. Examples: i.
“A write-in to an ocial U.S. Government website. The informaon was conveyed in wring, via email or other form of correspondence.” ii. “A write-in to an ocial government agency. The informaon was conveyed in wring, via email or other form of correspondence.” iii. “A walk-in to an ocial government agency. The informaon was conveyed in a face-to-face manner.” iv. “A call-in to an ocial government agency. The informaon was conveyed telephonically.” e. Sensive Source: A source, which if compromised, might reduce the abil ity to use the source in support of future collecon acvies: “A sensive source with excellent access.”
47
3.
addITIonal sourCe sTaTemenT examPles :
a. “Source obtained the informaon from a reliable sub-source with direct access.” b. “Source obtained the informaon from a sub-source whose reporng record has not been established.” c. “Source was aware that his informaon would reach the U.S. Government and may have intended his remarks to inuence as well as to inform.” d. “The veracity of this source’s informaon is seriously doubted but is being reported here because of the nature of the threat discussed.” e. “The informaon was provided by the source who spoke in condence and without the knowledge of his government’s superiors. The informaon may not be discussed with any foreign government ocials, especially those of the source’s government.” f. “The informaon provided in this report may have been intended to inuence as well as to inform.”
i n t e l l i g e n c e g u i d e f o r f i r s t r e s p o n d e r s
| u n d e r s t a n d i n g t h r e a t i n f o r m a t i o n
s r e d n o p s e r t s r i f r o f e d i u g e c n e g i l l e t n i
: G C a T I
49 undersTandInG esTImaTIve lanGuaGe
e g a u g n a l e v i t a m i t s e g n i d n a t s r e d n u
|
s r e d n o p s e r t s r i f r o f e d i u g e c n e g i l l e t n i
50
undersTandInG esTImaTIve
lanGuaGe 14 When the Intelligence Community uses words such as “we judge” or “we assess”— terms that are used synonymously—as well as “we esmate,” “likely” or “indicate,” the Intelligence Community is trying to convey an analycal assessment or judgment. These assessments, which are based on incomplete or at mes fragmentary informaon, are not a fact, proof, or knowledge. Some analycal judgments are based directly on collected informaon; others rest on assessments that serve as building blocks. In either type of judgment, the Intelligence Community does not have “evidence” that shows something to be a fact or that denively links two items or issues. Intelligence judgments pertaining to likelihood are intended to reect the Community’s sense of the probability of a development or event.
51
The Intelligence Community does not intend the term “unlikely” to imply that an event will not happen. It uses “probably” and “likely” to indicate that there is a greater than even chance. The Intelligence Community uses words such as “we cannot dismiss,” “we cannot rule out,” and “we cannot discount” to reect an unlikely—or even remote—event whose consequences are such that it warrants menoning. Words such as “may be” and “suggest” are used to reect situaons in which the Intelligence Community is unable to assess the likelihood generally because relevant informaon is nonexistent, sketchy, or fragmented. In addion to using words within a judgment to convey degrees of likelihood, the Intelligence Community also ascribes “high,” “moderate,” or “low” condence levels based on the scope and quality of informaon supporng its judgments.
1. “hIGh ConfIdenCe” generally indicates that the Intelligence Community’s judgments are based on high-quality informaon and/or that the nature of the issue makes it possible to render a solid judgment.
2. “moderaTe ConfIdenCe” generally means that the informaon is interpreted in various ways, that the Intelligence Community has alternave views, or that the informaon is credible and plausible but not corroborated suciently to warrant a higher level of condence.
3. “loW ConfIdenCe” generally means that the informaon is scant, quesonable or very fragmented and it is dicult to make solid analyc inferences, or that the Intelligence Community has signicant concerns or problems with the sources.
i n t e l l i g e n c e g u i d e f o r f i r s t r e s p o n d e r s
| u n d e r s t a n d i n g e s t i m a t i v e l a n g u a g e
s e t o n
|
s r e d n o p s e r t s r i f r o f e d i u g e c n e g i l l e t n i
notes
______________________________________________________ ______________________________________________________ __________________________________________________________________ _________________________________________________________________ ____________________________________________________________ ____________________________________________________________ ____________________________________________________________ ___________________________________________________________ ____________________________________________________________ ____________________________________________________________ ____________________________________________________________ ___________________________________________________________ ____________________________________________________________ ____________________________________________________________ ____________________________________________________________
ITaCG:
intelligence guide for first responders
SECTION
III
r eferenCe
54
s r e d n o p s e r t s r i f r o f e d i u g e c n e g i l l e t n i
: G C a T I
55 InTellIGenCe CommunITy TermInoloGy
y g o l o n i m r e t y t i n u m m o c e c n e g i l l e t n i
|
s r e d n o p s e r t s r i f r o f e d i u g e c n e g i l l e t n i
56
InTellIGenCe CommunITy
TermInoloGy 15 The following terminology is not exhausve, but contains the terms which are likely to be encountered by rst responders reading intelligence material. While there may be other denions for these terms, the denions used in this guide were selected to be the most relevant to our intended audience.
57
a Aconable: (1) Informaon that is directly useful to customers for immediate exploi taon without having to go through the full intelligence producon process; it may address strategic or taccal needs, close support of US negoang teams, or acon elements dealing with such maers as internaonal terrorism or narcocs. (2) Intelligence and informaon with sucient specicity and detail that explicit responses to prevent a crime or terrorist aack can be implemented. Access: The means, ability, or permission to approach, enter, or use a resource. All-Source Intelligence: Intelligence informaon derived from any or all of the intelligence disciplines, including SIGINT, HUMINT, IMINT, MASINT, OSINT, and GEOINT. Analysis: The process by which people transform informaon into intelligence; sys temac examinaon in order to idenfy signicant facts, make judgments, and draw conclusions.
b Basic Intelligence: Fundamental intelligence concerning the general situaon, resources, capabilies, and vulnerabilies of foreign countries and areas that may be used as reference material in the planning of operaons at any level and in evaluang subsequent informaon relang to the same subject. Behaviors: Observable acons one uses to achieve results.
i n t e l l i g e n c e g u i d e f o r f i r s t r e s p o n d e r s
| i n t e l l i g e n c e c o m m u n i t y t e r m i n o l o g y
y g o l o n i m r e t y t i n u m m o c e c n e g i l l e t n i
|
s r e d n o p s e r t s r i f r o f e d i u g e c n e g i l l e t n i
58
C Case Ocer: A professional employee of an intelligence organizaon who is respon sible for providing direcon for an agent operaon. Clandesne Acvity: An acvity that is usually extensive, goal-oriented, planned, and executed to conceal the existence of the operaon. Only parcipants and the agency sponsoring the acvity are intended to know about the operaon. “Storefront” operaons, “sngs,” and certain concentrated undercover invesgaons can be classied as clandesne acvies. Classicaon: The determinaon that ocial informaon requires, in the interest of naonal security, a specic degree of protecon against unauthorized disclosure, coupled with a designaon signifying that such a determinaon has been made; the designaon is normally termed a security classicaon and includes Condenal, Secret, and Top Secret. Collaon (of informaon): A review of collected and evaluated informaon to deter mine its substanve applicability to a case or problem at issue and placement of useful informaon into a form or system that permits easy and rapid access and retrieval. Collecon (of informaon): The idencaon, locaon, and recording/storing of informaon—typically from an original source and using both human and technological means—for input into the intelligence cycle for the purpose of meeng a dened taccal or strategic intelligence goal. Collecon Plan: The preliminary step toward compleng an assessment of intelligence requirements to determine what type of informaon needs to be collected, alterna ves for how to collect the informaon, and a meline for collecng the informaon.
59
Communicaons Intelligence (COMINT): The capture of informaon, either encrypted or in “plaintext,” exchanged between intelligence targets or transmied by a known or suspected intelligence target for the purposes of tracking communicaons paerns and protocols (trac analysis), establishing links between intercommunicang pares or groups, and/or analysis of the substanve meaning of the communicaon. Conclusion: A denive statement about a suspect, acon, or state of nature based on the analysis of informaon. Condenal: Informaon which if made public could be expected to cause damage to naonal security. Consumer: The user of nished intelligence. Coordinaon: The process of interrelang work funcons, responsibilies, dues, resources, and iniaves directed toward goal aainment. Counterintelligence: Informaon gathered and acvies conducted to idenfy, deceive, exploit, disrupt, or protect against espionage, other intelligence acvies, sabotage, or assassinaons conducted for or on behalf of foreign powers, organizaons, or persons, or their agents, or internaonal terrorist organizaons or acvies. Counterterrorism: Oensive measures taken to prevent, deter, and respond to a terrorist act, or the documented threat of such an act. Covert: Planned and executed to conceal the collecon of informaon and/or the identy of any ocer or agent parcipang in the acvity. Intelligence operaons conducted in secrecy.
i n t e l l i g e n c e g u i d e f o r f i r s t r e s p o n d e r s
| i n t e l l i g e n c e c o m m u n i t y t e r m i n o l o g y
y g o l o n i m r e t y t i n u m m o c e c n e g i l l e t n i
|
s r e d n o p s e r t s r i f r o f e d i u g e c n e g i l l e t n i
60
Crical Infrastructure Informaon: Informaon not customarily in the public domain and related to the security of crical infrastructure or protected systems— (1) actual, potenal, or threatened interference with, aack on, compromise of, or incapacitaon of crical infrastructure or protected systems by either physical or computer-based aack or other similar conduct (including the misuse of or unauthorized access to all types of communicaons and data transmission systems) that violates Federal, State, or local law, harms interstate commerce of the United States, or threatens public health or safety; (2) the ability of any crical infrastructure or protected system to resist such interference, compromise, or incapacitaon, including any planned or past assessment, projecon, or esmate of the vulnerability of crical infrastructure or a protected system, including security tesng, risk evaluaon thereto, risk management planning, or risk audit; or (3) any planned or past operaonal problem or soluon regarding crical infrastructure or protected systems, including repair, recovery, re construcon, insurance, or connuity, to the extent it is related to such interference, compromise, or incapacitaon.” Homeland Security Act of 2002, as amended. Cryptanalysis: The process of deciphering encrypted communicaons of an intelligence target. Cryptography: The creaon of a communicaons code/encrypon system for communicaon transmission with the intent of precluding the consumpon and interpretaon of one’s own messages. Cryptology: The study of communicaons encrypon methods that deal with the de velopment of “codes” and the “scrambling” of communicaons in order to prevent the intercepon of the communicaons by an unauthorized or unintended party. Current Intelligence: Intelligence of all types and forms of immediate interest to the users of intelligence; it may be disseminated without complete evaluaon, interpreta on, analysis, or integraon.
61
d Deconicon: The process or system used to determine whether mulple law en forcement agencies are invesgang the same person or crime and which provides nocaon to each agency involved of the shared interest in the case, as well as providing contact informaon. This is an informaon and intelligence sharing process that seeks to minimize conicts between agencies and maximize the eecveness of an invesgaon. Deducve Logic: The reasoning process of taking informaon and arriving at conclusions from within that informaon. Deployment: The short-term assignment of personnel to address specic naonal security-related problems or demands. Disseminaon (of Intelligence): The process of eecvely distribung analyzed intelli gence ulizing certain protocols in the most appropriate format to those in need of the informaon to facilitate their accomplishment of organizaonal goals. Downgrade: The process of eding or otherwise altering intelligence materials, informaon, reports, or other products to conceal and protect intelligence sources, methods, capabilies, analycal procedures, or privileged informaon in order to permit wider distribuon. (see Sanizaon)
i n t e l l i g e n c e g u i d e f o r f i r s t r e s p o n d e r s
| i n t e l l i g e n c e c o m m u n i t y t e r m i n o l o g y
y g o l o n i m r e t y t i n u m m o c e c n e g i l l e t n i
|
s r e d n o p s e r t s r i f r o f e d i u g e c n e g i l l e t n i
62
e Essenal Elements of Informaon (EEI) : Items of intelligence informaon essenal for mely decisions and for enhancement of operaons that relate to foreign powers, forces, targets, or the physical environments. (see Priority Intelligence Requirement (PIR)) Esmate: (1) An analysis of a situaon, development, or trend that idenes its major elements, interprets the signicance, and appraises the future possibilies and the prospecve results of the various acons that might be taken. (2) An appraisal of the capabilies, vulnerabilies, and potenal courses of acon of a foreign naon or combinaon of naons in consequence of a specic naonal plan, policy, decision, or contemplated course of acon. (3) An analysis of an actual or contemplated clandesne operaon in relaon to the situaon in which it is or would be conducted in order to idenfy and appraise such factors as available and needed assets, potenal obstacles, accomplishments, and consequences. Esmave Intelligence: A category of intelligence that aempts to project prob able future foreign courses of acon and developments and their implicaons for U.S. interests; it may or may not be coordinated and may be naonal or departmental intelligence. Evaluaon: An appraisal of the worth of an intelligence acvity, informaon, or product in terms of its contribuon to a specic goal. All informaon collected for the intel ligence cycle is reviewed for its quality with an assessment of the validity and reliability of the informaon.
63
Exploitaon: The process of obtaining intelligence informaon from any source and taking advantage of it for intelligence purposes.
f
i n t e l l i g e n c e g u i d e f o r f i r s t r e s p o n d e r s
|
Field Intelligence Group (FIG): The centralized intelligence component in a Federal Bureau of Invesgaon eld oce that is responsible for the management, execuon, and coordinaon of intelligence funcons within the eld oce region. Finished Intelligence: (1) The product resulng from the collecon, processing, integraon, analysis, evaluaon, and interpretaon of available informaon concerning foreign countries or areas. (2) The nal result of the producon step of the intelligence cycle; the intelligence product. Foreign Intelligence Surveillance Act (FISA): The FISA of 1978 prescribes procedures for the physical and electronic surveillance and collecon of “foreign intelligence informaon” between or among “foreign powers” on territory under United States control. FISA is codied in 50 U.S.C. §§1801-1811, 1821-29, 1841-46, and 1861-62. The Act was amended by the USA PATRIOT Act of 2001, primarily to include terrorism by groups that are not specically backed by a foreign government. For Ocial Use Only (FOUO) : A disseminaon control marking used to idenfy unclassied informaon of a sensive nature, not otherwise categorized by statute or regulaon, the unauthorized disclosure of which could adversely impact a person’s privacy or welfare, the conduct of Federal programs, or other programs or operaons essenal to the naonal interest.
i n t e l l i g e n c e c o m m u n i t y t e r m i n o l o g y
y g o l o n i m r e t y t i n u m m o c e c n e g i l l e t n i
|
s r e d n o p s e r t s r i f r o f e d i u g e c n e g i l l e t n i
64
Freedom of Informaon Act (FOIA): The Freedom of Informaon Act, 5 U.S.C. 552, enacted in 1966, statutorily provides that any person has a right, enforceable in court, to access federal agency records, except to the extent that such records (or porons thereof) are protected from disclosure by one of nine exempons or three exclusions. Fusion Center: The place where law enforcement, public safety, and private sector partners can come together with a common purpose and improve the ability to safe guard our homeland and prevent criminal acvity. A collaborave eort of two or more agencies that provide resources, experse, and/or informaon to the center with the goal of maximizing the ability to detect, prevent, apprehend, and respond to criminal and terrorism acvity.
G Geospaal: Describes any data containing coordinates dening a locaon on the earth’s surface. Geospaal Intelligence: Describes the combinaon of spaal soware and analy cal methods with terrestrial and geographic datasets (imagery and geodec, terrain elevaon, hydrographic, topographic, and aeronaucal data). The analysis and visual representaon of security related acvies on the earth. Granularity: Considers the specic details and pieces of informaon, including nuances and situaonal inferences, which constute the elements on which intelligence is developed through analysis.
65
h Highside: Jargon for top secret government computer systems. Homeland Security Advisory System: Designed to guide DHS protecve measures when specic informaon to a parcular sector or geographic region is received. It combines threat informaon with vulnerability assessments and provides communica ons to public safety ocials and the public. The system includes: • Homeland Security Threat Advisories contain aconable informaon about an incident involving, or a threat targeng, crical naonal networks, infrastructures, or key assets. • Homeland Security Informaon Bullens communicate informaon of interest to the naon’s crical infrastructures that do not meet the meliness, specicity, or signicance thresholds of warning messages. • Color-coded Threat Level System is used to communicate with public safety ocials and the public at-large through a threat-based, color-coded system so that protecve measures can be implemented to reduce the likelihood or impact of an aack. There are ve levels: Low, Guarded, Elevated , High, and Severe. Hypothesis (from Criminal Intelligence Analysis): An interim conclusion regarding persons, events, and/or commodies based on the accumulaon and analysis of intelligence informaon that is to be proven or disproved by further invesgaon and analysis.
i n t e l l i g e n c e g u i d e f o r f i r s t r e s p o n d e r s
| i n t e l l i g e n c e c o m m u n i t y t e r m i n o l o g y
y g o l o n i m r e t y t i n u m m o c e c n e g i l l e t n i
|
s r e d n o p s e r t s r i f r o f e d i u g e c n e g i l l e t n i
66
I Imagery Intelligence (IMINT): includes representaons of objects reproduced elec tronically or by opcal means on lm, electronic display devices, or other media. Imag ery can be derived from visual photography, radar sensors, infrared sensors, lasers, and electro-opcs. Indicaons and Warning (I&W): Those intelligence acvies intended to detect and report me-sensive intelligence informaon on developments that could involve a threat to U.S. or Allied military, polical, or economic interests, or to U.S. cizens abroad. Indicator: Generally dened and observable acons that, based on an analysis of past known behaviors and characteriscs, collecvely suggest that a person may be com ming, preparing to commit, or has commied an unlawful act. Inducve Logic: The reasoning process of taking diverse pieces of specic informaon and inferring a broader meaning of the informaon through the course of hypothesis development. Inference Development: The creaon of a probabilisc conclusion, esmate, or pre dicon related to an intelligence target based upon the use of inducve or deducve logic in the analysis of raw informaon related to the target. Informant: An individual not aliated with a law enforcement agency who provides informaon about criminal behavior to a law enforcement agency. An informant may be a community member, a businessperson, or a criminal informant who seeks to protect himself/herself from prosecuon and/or provide the informaon in exchange for payment.
67
Informaon: Pieces of raw, unanalyzed data that idenfy persons, evidence, or events or illustrate processes that indicate the incidence of a criminal event or witnesses or evidence of a criminal event. Informaon Sharing Environment: As stated in the Informaon Sharing Environment Implementaon Plan, “informaon sharing environment” and “ISE” mean an approach that facilitates the sharing of terrorism informaon. [IRTPA 1016(a)(2)] The ISE is to provide and facilitate the means for sharing terrorism informaon among all appropri ate Federal, State, local, and tribal enes, and the private sector through the use of policy guidelines and technologies. [Extracted from IRTPA 1016(b)(2)] To the greatest extent praccable, the ISE is to provide the funconal equivalent of or otherwise sup port a decentralized, distributed, and coordinated environment. Informaon Sharing System: An integrated and secure methodology, whether computerized or manual, designed to eciently and eecvely distribute crical infor maon about oenders, crimes, and/or events in order to enhance prevenon and apprehension acvies by law enforcement. Intelligence Analyst: A professional posion in which the incumbent is responsible for taking the varied facts, documentaon of circumstances, evidence, interviews, and any other material related to a crime and organizing them into a logical and related framework for the purposes of developing a criminal case, explaining a criminal phenomenon, describing crime and crime trends and/or preparing materials for court and prosecuon, or arriving at an assessment of a crime problem or crime group. Intelligence Acvity: A generic term used to encompass any or all of the eorts and endeavors undertaken by intelligence organizaons, including collecon, analysis, producon, disseminaon, and covert or clandesne acvies.
i n t e l l i g e n c e g u i d e f o r f i r s t r e s p o n d e r s
| i n t e l l i g e n c e c o m m u n i t y t e r m i n o l o g y
y g o l o n i m r e t y t i n u m m o c e c n e g i l l e t n i
|
s r e d n o p s e r t s r i f r o f e d i u g e c n e g i l l e t n i
68
Intelligence Agency: A component organizaon of the Intelligence Community. Intelligence Community: A federaon of Execuve Branch agencies and organizaons that work separately and together to conduct intelligence acvies necessary for the conduct of foreign relaons and the protecon of the naonal security of the U.S.. These organizaons are (in alphabecal order): Air Force Intelligence, Army Intel ligence, Central Intelligence Agency, Coast Guard Intelligence, Defense Intelligence Agency, Department of Energy, Department of Homeland Security, Department of State, Department of the Treasury, Director of Naonal Intelligence, Drug Enforcement Administraon, Federal Bureau of Invesgaon, Marine Corps Intelligence, Naonal Geospaal-Intelligence Agency, Naonal Reconnaissance Oce, Naonal Security Agency, and Navy Intelligence. Intelligence Cycle: The steps by which informaon is converted into intelligence and made available to users. The cycle has been described as including ve steps: planning and direcon; collecon; processing and exploitaon; analysis and producon; and disseminaon. Intelligence Informaon: Unevaluated material that may be used in the producon of intelligence. Intelligence Assessment: Refers to longer, oen detailed intelligence products; en compasses most analycal studies dealing with subjects of policy signicance. Intelligence Bullen: Refers to shorter, oen less detailed intelligence products which focus on a parcular incident.
69
Intelligence Esmate: An analysis of a situaon, development, or trend that idenes its major elements, interprets the signicance, and appraises the future possibilies and the prospecve results of the various acons that might be taken. Intelligence-Led Policing: The dynamic use of intelligence to guide operaonal law enforcement acvies to targets, commodies, or threats for both taccal responses and strategic decision making for resource allocaon and/or strategic responses. Intelligence Mission: The role that the intelligence funcon of an agency fullls in support of the overall mission of the agency; it species in general language what the funcon is intended to accomplish. Intelligence Needs: Intelligence requirements not being addressed in current intel ligence acvies. Intelligence Ocer: A professional employee of an intelligence organizaon. Intelligence Products: Reports or documents that contain assessments, forecasts, as sociaons, links, and other outputs from the analyc process. Intelligence Requirement: Any subject, general or specic, upon which there is a need for the collecon of intelligence informaon or the producon of intelligence.
i n t e l l i g e n c e g u i d e f o r f i r s t r e s p o n d e r s
| i n t e l l i g e n c e c o m m u n i t y t e r m i n o l o g y
y g o l o n i m r e t y t i n u m m o c e c n e g i l l e t n i
70
J Joint Regional Informaon Exchange System (JRIES): A subscriber-supported ana lycal and resource system for local, state, and federal law enforcement, with an inter face to the U.S. Department of Defense, that provides secure sensive but unclassied real-me informaon with databases, e-mail, media studies, threat reporng, analyc tools, and mapping and imagery tools.
|
s r e d n o p s e r t s r i f
K
r o f e d i u g e c n e g i l l e t n i
Known or Suspected Terrorist Terrorist: Pursuant to Homeland Security Presidenal Direcve 6 (HSPD-6), a known or suspected terrorist is an individual “known or appropriately suspected to be or have been engaged in conduct constung, in preparaon for, in aid of, or related to terrorism.”
l Law Enforcement Sensive (LES): Unclassied informaon originated by the FBI that may be used in criminal prosecuon and requires protecon against unauthorized disclosure to protect sources and methods, invesgave acvity, evidence, and the integrity of pretrial invesgave reports. Low Side: Jargon for non non-top -top secret computer system; can be used to refer to unclassi ed or secret-level systems.
71
m Measurement and Signature Intelligence (MASINT): Technically derived intelli gence data other than imagery and SIGINT. The data results in intelligence that locates, idenes, or describes disncve characteriscs of targets. It employs a broad group of disciplines including nuclear, opcal, radio frequency, acouscs, seismic, and materials sciences. Methods: These are the methodologies (e.g., electronic surveillance or undercover operaons) of how crical informaon is obtained and recorded.
n Naonal Counterterrorism Center (NCTC): NCTC serves as the primary organizaon in the United States Government for integrang and analyzing all intelligence pertain ing to terrorism possessed or acquired by the United States Government (except purely domesc terrorism); serves as the central and shared knowledge bank on terrorism informaon; provides all-source intelligence support to government-wide counterter rorism acvies; establishes the informaon technology (IT) systems and architectures within the NCTC and between the NCTC and other agencies that enable access to, as well as integraon, disseminaon, and use of, terrorism informaon. Naonal Security: Measures adopted by the government of a naon in order to as sure the safety of its cizens, guard against aack, and prevent disclosure of sensive or classied informaon which might threaten or embarrass said naon.
i n t e l l i g e n c e g u i d e f o r f i r s t r e s p o n d e r s
| i n t e l l i g e n c e c o m m u n i t y t e r m i n o l o g y
y g o l o n i m r e t y t i n u m m o c e c n e g i l l e t n i
|
s r e d n o p s e r t s r i f r o f e d i u g e c n e g i l l e t n i
72
Naonal Security Intelligence: The collecon and analysis of informaon concerned with the relaonship and equilibrium of the United States with foreign powers, or ganizaons, and persons with regard to polical and economic factors, as well as the maintenance of the United States’ sovereign principles. Network: A structure of interconnecng components designed to communicate with each other and perform a funcon or funcons as a unit in a specied manner. No Fly: An individual not allowed on commercial ights due to terrorism concerns. No-Fly List: A list created and maintained by the U.S. Government to keep known or suspected terrorists o commercial ights.
o Open Source: Informaon of potenal intelligence value that is available to the gen eral public. Open-Source Intelligence (OSINT): Publicly available informaon appearing in print or electronic form including radio, television, newspapers, journals, the Internet, com mercial databases, and videos, graphics, and drawings. Operaonal Intelligence: Informaon is evaluated and systemacally organized on an acve or potenal target, such as groups of or individual criminals, relevant premises, contact points, and methods of communicaon. This process is developmental in nature wherein there are sucient arculated reasons to suspect criminal acvity. Intelligence acvies explore the basis of those reasons and newly developed informa on in order to develop a case for arrest or indictment.
73
Operaons Security: A systemac, proven process by which a government, organiza on, or individual can idenfy, control, and protect generally unclassied informaon about an operaon/acvity and, thus, deny or migate an adversary’s/competor’s ability to compromise or interrupt said operaon/acvity.
P
i n t e l l i g e n c e g u i d e f o r f i r s t r e s p o n d e r s
|
Personally Idenable Informaon: Any informaon that permits the identy of an individual to be directly or indirectly inferred, including other informaon that is linked or linkable to an individual. “Individual” includes, but is not limited to, U.S. cizens, legal permanent residents, and visitors to the U.S. “Informaon” includes any informaon about an individual maintained by an agency, including, but not limited to, educaon, nancial transacons, medical history, and criminal or employment history and informaon which can be used to disnguish or trace an individual’s identy, such as their name, social security number, date and place of birth, mother’s maiden name, biometric records, etc., including any other personal informaon which is linked or linkable to an individual. [See Execuve Oce of the President, Oce of Management and Budget, July 12, 2006, M-06-19]. Plus 1: (1) One addional of something. (2) An individual’s name plus an addional data element (e.g., date of birth, SSN, passport number). Typically used in reference to informaon, beyond an individual’s name, required to conrm an individual’s identy. Policy: The principles and values that guide the performance of a duty. A policy is not a statement of what must be done in a parcular situaon. Rather, it is a statement of guiding principles that should be followed in acvies which are directed toward the aainment of goals.
i n t e l l i g e n c e c o m m u n i t y t e r m i n o l o g y
y g o l o n i m r e t y t i n u m m o c e c n e g i l l e t n i
|
s r e d n o p s e r t s r i f r o f e d i u g e c n e g i l l e t n i
74
Predicon: The projecon of future acons or changes in trends based on an analysis of informaon depicng historical trends from which a forecast is based. Priority Intelligence Requirement: A priorized informaonal need that is crical to mission success. Privacy (Informaon): The assurance that legal and constuonal restricons on the collecon, maintenance, use, and disclosure of personally idenable informaon will be adhered to by criminal jusce agencies, with use of such informaon to be strictly limited to circumstances where legal process permits use of the personally idenable informaon. Privacy (Personal): The assurance that legal and constuonal restricons on the collecon, maintenance, use, and disclosure of behaviors of an individual, including his/her communicaons, associaons, and transacons, will be adhered to by criminal jusce agencies, with use of such informaon to be strictly limited to circumstances where legal process authorizes surveillance and invesgaon. Privacy Act: The Privacy Act of 1974, 5 U.S.C. § 552a, establishes a code of fair infor maon pracces that governs the collecon, maintenance, use, and disseminaon of personally idenable informaon about individuals that is maintained in systems of records by federal agencies. A system of records is a group of records under the control of an agency from which informaon is retrieved by the name of the individual or by some idener assigned to the individual. The Privacy Act requires that agencies give the public noce of their systems of records by publicaon in the Federal Register. The Privacy Act prohibits the disclosure of informaon from a system of records absent the wrien consent of the subject individual, unless the disclosure is pursuant to one of twelve statutory excepons. The Act also provides individuals with a means by which to seek access to and amendment of their records, and sets forth various agency re cord-keeping requirements.
75
Private Sector Partners: As used in the ISE Implementaon Plan, “private sector partners” includes vendors, owners, and operators of products and infrastructures parcipang in the ISE.
Q Qualitave (Methods): Research methods that collect and analyze informaon which is described in narrave or rhetorical form, with conclusions drawn based on the cu mulave interpreted meaning of that informaon. Quantave (Methods): Research methods that collect and analyze informaon which can be counted or placed on a scale of measurement that can be stascally analyzed.
r Raw Data: Bits of data collected which individually convey lile or no useful informaon and must be collated, aggregated, or interpreted to provide meaningful informaon. Raw Intelligence: A colloquial term meaning collected intelligence informaon that has not yet been converted into nished intelligence. Regional Informaon Sharing Systems (RISS): Composed of six regional intelligence centers that provide secure communicaons, informaon sharing resources, and invesgave support to combat muljurisdiconal crime and terrorist threats to local, state, tribal, and federal member law enforcement agencies in all 50 states, the District of Columbia, U.S. territories, Australia, Canada, and England.
i n t e l l i g e n c e g u i d e f o r f i r s t r e s p o n d e r s
| i n t e l l i g e n c e c o m m u n i t y t e r m i n o l o g y
y g o l o n i m r e t y t i n u m m o c e c n e g i l l e t n i
|
s r e d n o p s e r t s r i f r o f e d i u g e c n e g i l l e t n i
76
Requirements (Intelligence): The types of intelligence operaonal law enforcement elements need from the intelligence funcon within an agency or other intelligenceproducing organizaons in order for law enforcement ocers to maximize protecon and prevenve eorts as well as idenfy and arrest persons who are criminally liable. Responsibility: Reects how the authority of a unit or individual is used and determines whether goals have been accomplished and the mission fullled in a manner that is consistent with the dened limits of authority.
Risk: Dened as the potenal for undesirable outcomes for a given situaon or problem. Risk Assessment: An analysis of a target, illegal commodity, or vicm to idenfy the probability of being aacked or criminally compromised and to analyze vulnerabilies.
77
s Sanizaon: The process of eding or otherwise altering intelligence materials, informaon, reports, or other products to conceal and protect intelligence sources, methods, capabilies, analycal procedures, or privileged informaon in order to permit wider disseminaon. Secret: Informaon which if made public could be expected to cause serious damage to naonal security. Selectee (TSA): An individual who must undergo addional security screening before being permied to board a commercial aircra. Sensive But Unclassied (SBU) Informaon: Informaon that has not been classied by a federal law enforcement agency which pertains to signicant law enforcement cases under invesgaon and criminal intelligence reports which require disseminaon criteria to only those persons necessary to further the invesgaon or to prevent a crime or terrorist act. Sensive Compartmented Informaon (SCI): Classied informaon concerning or derived from intelligence sources, methods, or analycal processes that is required to be handled within formal access control systems established by the Director of Naonal Intelligence.
Sensive Compartmented Informaon Facility (SCIF): An accredited area, room, group of rooms, buildings, or installaon where SCI may be stored, used, discussed, and/or processed.
i n t e l l i g e n c e g u i d e f o r f i r s t r e s p o n d e r s
| i n t e l l i g e n c e c o m m u n i t y t e r m i n o l o g y
y g o l o n i m r e t y t i n u m m o c e c n e g i l l e t n i
78
Signals Intelligence (SIGINT): Intelligence derived from signal intercepts comprising, individually or in combinaon, all communicaons intelligence (COMINT), electronic intelligence (ELINT), and/or foreign instrumentaon signals intelligence (FISINT) Source: A book, statement, person, etc., supplying informaon. From an intelligence perspecve, these are persons (human intelligence or HUMINT) who collect or possess crical informaon needed for intelligence analysis.
|
s r e d n o p s e r t s r i f
Suspicious Acvity Report (SAR): The reporng of suspicious acvity to an appro priate government agency, dened as behavior that may be indicave of intelligence gathering or preoperaonal planning related to terrorism, criminal espionage, or other illicit intenon.
r o f e d i u g e c n e g i l l e t n i
System of Records: Pursuant to the Privacy Act of 1974, a System of Records is a group of any records under the control of any agency from which informaon is retrieved by the name of the individual or by some idenfying number, symbol, or other idener assigned to the individual. The Privacy Act requires each agency to publish noce of its systems of records in the Federal Register. This noce is generally referred to as a system of records noce (SORN).
T Taccal Intelligence: Evaluated informaon on which immediate enforcement acon can be based; intelligence acvity focused specically on developing an acve case. Target: (1) Any person, organizaon, group, crime or criminal series, or commodity being subject to invesgaon and intelligence analysis. (2) An individual, operaon, or acvity which an adversary has determined possesses informaon that might prove useful in aaining his/her objecve.
79
Target Prole: A prole that is person-specic and contains sucient detail to iniate a target operaon or support an ongoing operaon against an individual or networked group of individuals. Targeng: The idencaon of crimes, crime trends, and crime paerns that have dis cernable characteriscs which make collecon and analysis of intelligence informaon an ecient and eecve method for idenfying, apprehending, and prosecung those who are criminally responsible. Tear-line: Intelligence informaon which has been sanized (removal of sources and methods) in order to distribute this informaon at a lower classicaon. Tear-Line Report: A report containing classied intelligence or informaon that is pre pared in such a manner that data relang to intelligence sources and methods are eas ily removed from the report to protect sources and methods from disclosure. Typically, the informaon below the “tear line” can be released as sensive but unclassied. Terrorism: Premeditated, polically movated violence perpetrated against noncom batant targets by sub-naonal groups or clandesne agents, usually intended to inu ence an audience. Title 22, U.S.C. Secon 265f (d) Terrorist Screening Center (TSC): Established in support of Homeland Security Presidenal Direcve 6 (HSPD-6), dated September 16, 2003, to consolidate the Federal Government’s approach to terrorism screening and provide for the appropriate and lawful use of terrorist informaon in screening processes. The TSC maintains the Feder al Government’s consolidated and integrated terrorist watch list, known as the TSDB.
i n t e l l i g e n c e g u i d e f o r f i r s t r e s p o n d e r s
| i n t e l l i g e n c e c o m m u n i t y t e r m i n o l o g y
y g o l o n i m r e t y t i n u m m o c e c n e g i l l e t n i
|
s r e d n o p s e r t s r i f r o f e d i u g e c n e g i l l e t n i
80
Terrorist Screening Database (TSDB): The database which contains the consolidated and integrated terrorist watch list maintained by the Federal Bureau of Invesgaon’s Terrorist Screening Center (TSC). The No Fly and Selectee List are components of the TSDB. Third-Agency Rule: An agreement wherein a source agency releases informaon under the condion that the receiving agency does not release the informaon to any other agency—that is, a third agency. Threat: (1) The capability of an adversary coupled with his intenons to undertake any acon detrimental to the interests of the United States. (2) A source of unacceptable risk. Threat Assessment: An assessment of a criminal or terrorist presence within a jurisdicon integrated with an assessment of potenal targets of that presence and a statement of probability that the criminal or terrorist will commit an unlawful act. The assessment focuses on the criminal’s or terrorist’s opportunity, capability, and willing ness to fulll the threat. Top Secret: Informaon which if made public could be expected to cause exceponally grave damage to naonal security.
81
u Unauthorized Disclosure: A communicaon or physical transfer to an unauthorized recipient. Unclassied: Informaon not subject to a security classicaon, i.e., informaon not CONFIDENTIAL, SECRET or TOP SECRET. Although Unclassied informaon is not subject to security classicaon, there may be limits on disclosure. (See Secon 8. Handling of “Controlled Unclassied Informaon.”)
v Validity : Asks the queson, “Does the informaon actually represent what we believe it represents?” Variable: Any characterisc on which individuals, groups, items, or incidents dier. Vet: (1) To subject a proposal, work product, or concept to an appraisal by command personnel and/or experts to ascertain the product’s accuracy, consistency with phi losophy, and/or feasibility before proceeding. (2) To subject informaon or sources to careful examinaon or scruny to determine suitability.
i n t e l l i g e n c e g u i d e f o r f i r s t r e s p o n d e r s
| i n t e l l i g e n c e c o m m u n i t y t e r m i n o l o g y
y g o l o n i m r e t y t i n u m m o c e c n e g i l l e t n i
82
Vulnerability: Suscepbility to aack, exploitaon, or injury; an inherent weakness or aw. One of three key aspects of determining risk: vulnerability, threat, and impact. Vulnerability Assessment: An assessment of possible criminal or terrorist group targets within a jurisdicon integrated with an assessment of the target’s weaknesses, likelihood of being aacked, and ability to withstand an aack.
|
s r e d n o p s e r t s r i f r o f e d i u g e c n e g i l l e t n i
W Warning : To nofy in advance of possible harm or vicmizaon as a result of informa on and intelligence gained concerning the probability of a crime or terrorist aack.
x
y
Z
notes
_____________________________________________________ _____________________________________________________ _____________________________________________________ _____________________________________________________ _____________________________________________________ _____________________________________________________ _____________________________________________________ _____________________________________________________ _____________________________________________________ _____________________________________________________ _____________________________________________________ _____________________________________________________ _____________________________________________________ _____________________________________________________ _____________________________________________________
i n t e l l i g e n c e g u i d e f o r f i r s t r e s p o n d e r s
| n o t e s
s r e d n o p s e r t s r i f r o f e d i u g e c n e g i l l e t n i
: G C a T I
85 InTellIGenCe CommunITy aCronyms & abbrevIaTIons
s n o i t a i v e r b b a d n a s m y n o r c a y t i n u m m o c e c n e g i l l e t n i
|
s r e d n o p s e r t s r i f r o f e d i u g e c n e g i l l e t n i
86
InTellIGenCe
aCronyms & abbrevIaTIons 16 CommunITy
The following list is not exhausve, but contains the acronyms and abbreviaons which are likely to be encountered by rst responders reading intelligence material.
87
a AAR: Aer Acon Report ACIC: Army Counterintelligence Center AFIS: Automated Fingerprint Idencaon System AFOSI: Air Force Oce of Special Invesgaons AKA: Also Known As AMCIT: American Cizen AMEMB: American Embassy ANW: Alerts, Nocaons, and Warnings AQ : al-Qa’ida AQIM: al-Qa’ida in the Islamic Maghreb (formerly Salast Group for Preaching and Combat [GSPC]) ATF: Bureau of Alcohol, Tobacco, and Firearms AUC: United Self-Defense Forces of Colombia
b BPA: Border Patrol Agent BW: Biological Warfare
C C: Condenal CBP: U.S. Customs and Border Protecon, DHS CBR: Chemical, Biological and Radiological CBRN: Chemical, Biological, Radiological and Nuclear CBRNE: Chemical, Biological, Radiological, Nuclear and Explosives
i n t e l l i g e n c e g u i d e f o r f i r s t r e s p o n d e r s
| i n t e l l i g e n c e c o m m u n i t y a c r o n y m s a n d a b b r e v i a t i o n s
s n o i t a i v e r b b a d n a s m y n o r c a y t i n u m m o c e c n e g i l l e t n i
88
CBT: Computer-Based Training CBW: Chemical and Biological Warfare CDD: Chemical Dispersion Device CI: Counterintelligence CI Poly: Counterintelligence Polygraph CIA: Central Intelligence Agency CIR: Central Intelligence Report CIR: Counterintelligence Report CIS: Bureau of Cizenship and Immigraon Services, DHS CLASS: Consular Lookout and Support System COI: Community of Interest COMINT: Communicaons Intelligence COMSEC: Communicaons Security CONOPS: Concept of Operaons CONUS: Connental U.S. COOP: Connuity of Operaons CT: Counterterrorism CTC: Counterterrorism Center CUI: Controlled Unclassied Informaon
|
s r e d n o p s e r t s r i f r o f e d i u g e c n e g i l l e t n i
d D/CIA: Director Central Intelligence Agency (formerly DCI) DCI: Director of Central Intelligence (now Director of Naonal Intelligence [DNI]) D&D: Denial and Decepon DEA: Drug Enforcement Administraon DHS: Department of Homeland Security
89
DIA: Defense Intelligence Agency DISES: Defense Intelligence Senior Execuve Service DISL: Defense Intelligence Senior Level DNI: Director of Naonal Intelligence (replaces Director of Central Intelligence (DCI)) DOB: Date of Birth DOD: Department of Defense DOE: Department of Energy DOS: Department of State DPOB: Date and Place of Birth DSS: Diplomac Security Service DT: Domesc Terrorism
e EAAQ : East Africa al Qa’ida EEI: Essenal Element of Informaon (now PIR) EIF: Entry into Force ELINT: Electronic Intelligence EO: Execuve Order EPA: Environmental Protecon Agency ETA: Esmated me of arrival ETA: Basque Fatherland and Liberty EWI: Entry without inspecon
i n t e l l i g e n c e g u i d e f o r f i r s t r e s p o n d e r s
| i n t e l l i g e n c e c o m m u n i t y a c r o n y m s a n d a b b r e v i a t i o n s
s n o i t a i v e r b b a d n a s m y n o r c a y t i n u m m o c e c n e g i l l e t n i
|
s r e d n o p s e r t s r i f r o f e d i u g e c n e g i l l e t n i
90
f FAA: Federal Aviaon Administraon FAM: Federal Air Marshal FARC: Revoluonary Armed Forces of Colombia FBI: Federal Bureau of Invesgaon FBIS: Foreign Broadcast Informaon System (now Open Source Center) FCPO: Fusion Center Program Oce FEMA: Federal Emergency Management Agency FGI: Foreign Government Informaon FIG: Field Intelligence Group, FBI FIR: Field Informaon Report FIS: Foreign Intelligence Service FISA: Foreign Intelligence Surveillance Act FNU: First Name Unknown FPO: Federal Protecve Service Ocer FOIA: Freedom of Informaon Act FOUO: For Ocial Use Only FPS: Federal Protecve Service FPU: Force Protecve Unit
G GEOINT : Geospaal Intelligence GIA: Armed Islamic Group GS: General Schedule GWOT: Global War on Terror
91
h HCS: Human Control System HIR: Homeland Informaon Report HITRAC: Homeland Infrastructure Threat and Risk Analysis Center, DHS HSC: Homeland Security Council HSDN: Homeland Secure Data Network HSIN: Homeland Security Informaon Network (DHS web portal) HSIN-I: Homeland Security Informaon Network-Intelligence (DHS web portal) HS-SLIC: Homeland Security State and Local Intelligence Community of Interest HUMINT: Human Intelligence HUM: Harakat ul-Mujahidin
I I&W: Indicaons and Warning IA: Intelligence Assessment IA: Intelligence Analyst IAEA: Internaonal Atomic Energy Agency IBIS: Interagency Border Inspecon System IC: Intelligence Community ICD: Improvised Chemical Device ICD: Intelligence Community Direcve (replaces Director of Central Intelligence Direcves, or DCIDs) ICCD: Improvised Chemical Dispersion Device ICE: U.S. Immigraon and Customs Enforcement, DHS IDENT: Automated Biometric Fingerprint Idencaon System IED: Improvised Explosive Device
i n t e l l i g e n c e g u i d e f o r f i r s t r e s p o n d e r s
| i n t e l l i g e n c e c o m m u n i t y a c r o n y m s a n d a b b r e v i a t i o n s
s n o i t a i v e r b b a d n a s m y n o r c a y t i n u m m o c e c n e g i l l e t n i
92
IG: Inspector General IICT: Interagency Intelligence Commiee on Terrorism, NCTC IIR: Intelligence Informaon Report IJU: Islamic Jihad Union IMINT: Imagery Intelligence IMU: Islamic Movement of Uzbekistan INA: Immigraon and Naonality Act IND: Improvised Nuclear Device INFOSEC: Informaon Security INR: Bureau of Intelligence and Research, DOS INTERPOL: Internaonal Police IRT: Incident Response Team IRTPA: Intelligence Reform and Terrorism Prevenon Act of 2004 ISC: Informaon Sharing Council ISE: Informaon Sharing Environment IT: Internaonal Terrorism ITACG: Interagency Threat Assessment and Coordinaon Group, NCTC
|
s r e d n o p s e r t s r i f r o f e d i u g e c n e g i l l e t n i
J JCS: Joint Chiefs of Sta JEM: Jaish-e-Mohammed JI: Jemaah Islamiya JITF-CT: Joint Intelligence Task Force-Combang Terrorism, DIA JRIES: Joint Regional Informaon Exchange System JSA: Joint Special Assessment JTF: Joint Task Force JTTF: Joint Terrorism Task Force JWICS: Joint Worldwide Intelligence Communicaon System
93
K
l LAN: Local Area Network LEA: Law Enforcement Agency LEO: Law Enforcement Ocer LEO: Law Enforcement Online (FBI UNCLASS web portal) LES: Law Enforcement Sensive LIFG: Libya Islamic Fighng Group LNU: Last Name Unknown LPR: Lawful Permanent Resident LT: Lashkar-e Tayyiba LTTE: Liberaon Tigers of the Tamil Eelam
m MANPADS: Man-Portable Air Defense System MASINT: Measurement and Signature Intelligence MEK: Mujahedin-e Khalq MI: Military Intelligence MOA: Memorandum of Agreement MOU: Memorandum of Understanding
i n t e l l i g e n c e g u i d e f o r f i r s t r e s p o n d e r s
| i n t e l l i g e n c e c o m m u n i t y a c r o n y m s a n d a b b r e v i a t i o n s
s n o i t a i v e r b b a d n a s m y n o r c a y t i n u m m o c e c n e g i l l e t n i
|
s r e d n o p s e r t s r i f r o f e d i u g e c n e g i l l e t n i
94
n NAILS: Naonal Automated Immigraon Lookout System NIE: Naonal Intelligence Esmate NCIC: Naonal Crime Informaon Center NCIS: Naval Criminal Invesgave Service NCIX: Naonal Counterintelligence Execuve NCPC: Naonal Counter Proliferaon Center NCR: Naonal Capital Region NCTC: Naonal Counterterrorism Center NFI: No Further Informaon NGA: Naonal Geospaal-Intelligence Agency (formerly NIMA) NIC: Naonal Intelligence Council NIE: Naonal Intelligence Esmate NIO: Naonal Intelligence Ocer NIP: Naonal Intelligence Program NIPF: Naonal Intelligence Priories Framework NIMA: Naonal Imagery and Mapping Agency (now NGA) NJTTF: Naonal Joint Terrorism Task Force NLETS: Naonal Law Enforcement Telecommunicaon System NOC: Naonal Operaons Center, DHS NOFORN: Not Releasable to Foreign Naonals NOIWON: Naonal Operaons and Intelligence Watch Ocers Network NOL: NCTC Online NOL-J: NCTC Online-JWICS NOL-S: NCTC Online-SIPRNET (also NCTC Online-Secret) NRO: Naonal Reconnaissance Oce NSA: Naonal Security Agency
95
NSC: Naonal Security Council NSEERS: Naonal Security Entry-Exit Registraon System NSIS: Naonal Strategy for Informaon Sharing NSTL: Naonal Security Threat List NSTR: Nothing Signicant to Report NSTS: Naonal Secure Telephone System NTM: Naonal Technical Means NTR: Nothing to Report
o OCONUS: Outside the Connental United States ODNI: Oce of the Director of Naonal Intelligence OI&A: Oce of Intelligence & Analysis, DHS OPSEC: Operaons Security ORCON: Originator Controlled Disseminaon OSC: Open Source Center (formerly FBIS) OSINT: Open Source Intelligence OSIS: Open Source Informaon System
P PIR: Priority Intelligence Requirement (formerly EEI) PM-ISE: Program Manager-Informaon Sharing Environment POB: Place of Birth POC: Point of Contact POE: Port of Entry
i n t e l l i g e n c e g u i d e f o r f i r s t r e s p o n d e r s
| i n t e l l i g e n c e c o m m u n i t y a c r o n y m s a n d a b b r e v i a t i o n s
s n o i t a i v e r b b a d n a s m y n o r c a y t i n u m m o c e c n e g i l l e t n i
|
s r e d n o p s e r t s r i f r o f e d i u g e c n e g i l l e t n i
96
PM: Producon Management PNR: Passenger Name Record PPN: Passport Number PSA: Protecve Security Advisor, DHS
Q QJBR: al-Qa’ida in Iraq (Tanzim Qa’idat al-Jihad Bilad al-Radayn)
r RDD: Radiaon Dispersal Device RFI: Request for Informaon RFP: Request for Proposal RISS: Regional Informaon Sharing System RISSNET: Regional Informaon Sharing System Network RO: Reporng Ocer RSO: Regional Security Oce or Ocer
s S:
Secret S&T: Science & Technology S&L: State and Local SA: Situaonal Awareness SA: Special Assessment SAP: Special Access Program
97
SAR: Suspicious Acvity Report SBI: Special Background Invesgaon SBU: Sensive But Unclassied SCI: Sensive Compartmented Informaon SCIF: Sensive Compartmented Informaon Facility SEG: Special Events Group SES: Senior Execuve Service SETA: Special Events Threat Assessment SEVIS: Student Exchange Visitor Informaon System SI: Sensive Informaon SI: Special Intelligence SIA: Supervisory Intelligence Analyst SIO: Supervisory Intelligence Ocer SIOC: Strategic Informaon and Operaons Center, FBI SIPRNET: Secret Internet Protocol Routed Network SIS: Senior Intelligence Service SNIS: Senior Naonal Intelligence Service SOP: Standard Operang Procedure SLAM: SIOC Law Enforcement Alert Messaging STE: Secure Telephone SLFC: State and Local Fusion Center SLT: State, Local, and Tribal SLTP: State, Local, Tribal, and Private Sector STU III: Secure Telephone Unit III SSI: Sensive Security Informaon SSO: Special Security Ocer SME: Subject Maer Expert SVTC: Secure Video Teleconference
i n t e l l i g e n c e g u i d e f o r f i r s t r e s p o n d e r s
| i n t e l l i g e n c e c o m m u n i t y a c r o n y m s a n d a b b r e v i a t i o n s
s n o i t a i v e r b b a d n a s m y n o r c a y t i n u m m o c e c n e g i l l e t n i
98
T TA: Threat Analysis TA: Threat Assessment TD: Teletype Disseminaon TDX: Teletype Disseminaon Sensive TDY: Temporary Duty TECS: Treasury Enforcement Communicaons System TIDE: Terrorist Idenes Data Mart Environment TLO: Terrorism Liaison Ocer TS: Top Secret TSA: Transportaon Security Administraon TSANOF: TSA No Fly List TSASEL: TSA Selectee List TSC: Terrorist Screening Center TSDB: Terrorist Screening Database TSO: Transportaon Security Ocer TSOC: Transportaon Security Operaons Center TS/SCI: Top Secret/Sensive Compartmented Informaon TTP: Taccs, Techniques, and Procedures
|
s r e d n o p s e r t s r i f r o f e d i u g e c n e g i l l e t n i
u U: Unclassied UASI: Urban Areas Security Iniave UBL: Usama Bin Ladin U//FOUO: Unclassied//For Ocial Use Only UI: Unidened UNC: Unclassied
99
UNCLASS: Unclassied UNK: Unknown USA: U.S. Aorney USC: U.S. Cizen USCG: U.S. Coast Guard USDI: Undersecretary of Defense for Intelligence USEMB: U.S. Embassy USIC: U.S. Intelligence Community USPER: U.S. Person
v VBIED: Vehicle Borne Improvised Explosive Device VGTOF: Violent Gang & Terrorist Organizaon File VTC: Video Teleconference VWI: Virtual Walk-In VWP: Visa Waiver Program
W WMD: Weapons of Mass Destrucon
x
y
Z
i n t e l l i g e n c e g u i d e f o r f i r s t r e s p o n d e r s
| i n t e l l i g e n c e c o m m u n i t y a c r o n y m s a n d a b b r e v i a t i o n s
100
end noTes 1
hp://www.intelink.ic.gov/wiki/Intelligence
2
hp://www.intelink.ic.gov/wiki/Intelligence_Sources_and_Methods
3
hp://www.intelligence.gov/1who.shtml
4
hp://www.intelink.ic.gov/wiki/Intelligence_community
5
hp://www.intelligence.gov/2-business.shtml
6
hp://www.intelligence.gov/2-business.shtml
7
hp://www.archives.gov/cui/
8
DHS MD 11042.1
9
hp://www.i.gov/clearance/securityclearance.htm
10
2009 Naonal Intelligence – a consumer’s guide; hp://www.intelink.ic.gov/wiki/ Intelligence_Community_Customer_Handbook
11
Mulple Sources
12
Mulple Sources
13
FBI Intelligence Informaon Report (IIR) Handbook, 10/23/2006
14
What We Mean When We Say: An Explanaon of Esmave Language
15
Mulple Sources
16
Mulple Sources
notes
_____________________________________________________ _____________________________________________________ _____________________________________________________ _____________________________________________________ _____________________________________________________ _____________________________________________________ _____________________________________________________ _____________________________________________________ _____________________________________________________ _____________________________________________________ _____________________________________________________ _____________________________________________________ _____________________________________________________ _____________________________________________________ _____________________________________________________
i n t e l l i g e n c e g u i d e f o r f i r s t r e s p o n d e r s
| n o t e s
s e t o n
|
s r e d n o p s e r t s r i f r o f e d i u g e c n e g i l l e t n i
notes
______________________________________________________ ______________________________________________________ __________________________________________________________________ _________________________________________________________________ ____________________________________________________________ ____________________________________________________________ ____________________________________________________________ ___________________________________________________________ ____________________________________________________________ ____________________________________________________________ ____________________________________________________________ ___________________________________________________________ ____________________________________________________________ ____________________________________________________________ ____________________________________________________________
notes
_____________________________________________________ _____________________________________________________ _____________________________________________________ _____________________________________________________ _____________________________________________________ _____________________________________________________ _____________________________________________________ _____________________________________________________ _____________________________________________________ _____________________________________________________ _____________________________________________________ _____________________________________________________ _____________________________________________________ _____________________________________________________ _____________________________________________________
i n t e l l i g e n c e g u i d e f o r f i r s t r e s p o n d e r s
| n o t e s
This docent can also be fond in printable forat at https://hsin-intel.dhs.gov or http://www.leo.gov.