What must be reported to the counterintelligence and security agency?

Contents show

Cleared contractors must also report actual, probable, or possible espionage, sabotage, terrorism, or subversion promptly to the Federal Bureau of Investigation (FBI) and DCSA (NISPOM 1-301).

What does Defense counterintelligence and security agency do?

The Defense Counterintelligence and Security Agency provides industrial security engagement and counterintelligence support to secure the trustworthiness of the U.S. government’s workforce, contract support, technologies, services, and supply chains.

Who should you report insider threat to?

Who should you report an insider threat to? If you are not affiliated with the government as an employee, military member or contractor and find yourself in a position where you believe you need to report an insider threat, you would contact your local law enforcement or the Federal Bureau of Investigation (FBI).

What are counterintelligence threats?

“Counter-intelligence (contre-ingérence) means activities concerned with identifying and counteracting threats to the security of DND employees, CF members, and DND and CF property and information, that are posed by hostile intelligence services, organizations or individuals, who are or may be engaged in espionage, …

How do I report a spy?

Report suspicious activity by calling 1-877-4FPS-411 (1-877-437-7411).

Why would I get a letter from Department of Defense Counterintelligence and Security Agency?

Industrial security letters (ISLs) are issued as necessary to inform cleared contractors for whom the Department of Defense is the Cognizant Security Agency, Government contracting activities, and DoD Components, of developments relating to the National Industrial Security Program.

IT\'S INTERESTING:  What does a Secure Boot do?

What does a counterintelligence investigator do?

As a Counterintelligence Special Agent, you’ll conduct investigations, collect and process forensic and physical evidence to identify and detect foreign intelligence and international terrorist threats, and plan the appropriate countermeasures to neutralize them.

Which of the following issues must be referred to counterintelligence and/or law enforcement?

Feedback: While unusual work hours, financial problems, and alcohol abuse may present a concern to be addressed by the Insider Threat Program, criminal activity must be referred to counterintelligence or law enforcement. Definition 1 of 5.

What are some reportable behavioral indicators?

Reportable Behaviors/Indicators of Distress

  • Experiencing a marked decline in academic performance?
  • Demonstrating disruptive, erratic or disturbing behavior?
  • Showing dramatic changes in appearance, behavior, or weight?
  • Making disturbing comments in conversation, e-mail, letters, papers, or social media postings?

What is hostile intelligence collection method?

Number of potential victims. What hostile intelligence collection method is the process of obtaining military, political, commercial, or secret information by spies, secret agents, or illegal monitoring devices? Mr. Foley, a civil service worker on Joint Base Andrews, has access to classified material.

What is another word for counterintelligence?

Hypernym for Counterintelligence:

security intelligence, counterespionage, countersubversion, censorship, counter-sabotage, security review, censoring.

Is taking pictures suspicious activity?

The behaviors it described as inherently suspicious included such innocuous activities as photography, acquisition of expertise, and eliciting information.

What is a suspicious contact?

A Suspicious Contact is an encounter in which someone, regardless of nationality, illicitly attempts to obtain access to sensitive or classified information. This includes preliminary efforts, which may not be distinguishable from the normal development of professional or personal relationships.

What federal agency does background checks?

DCSA conducts background investigations for 95% of the federal government, including 105 departments and agencies. Additionally, DCSA adjudicates 70% of the federal government’s adjudicative determinations.

What is the difference between intelligence and counterintelligence?

Intelligence is the center or foundation in the development of suggested courses of action through gathering all relevant information. Counterintelligence is the exerted efforts made by the intelligence organizations to keep their enemy organizations from gathering information against them.

Is Army counterintelligence law enforcement?

As federal law enforcement officers who are issued badge and credentials, they have apprehension authority and jurisdiction in the investigation of national security crimes committed by Army personnel including treason, spying, espionage, sedition, subversion, sabotage or assassination directed by foreign governments/ …

What is a reportable cyber incident?

Report incidents as defined by NIST Special Publication 800-61 Rev 2, to include. Attempts to gain unauthorized access to a system or its data, Unwanted disruption or denial of service, or. Abuse or misuse of a system or data in violation of policy.

What is the role of reporting in counterintelligence and threat awareness?

If you suspect you may have been targeted, report it immediately. Recognizing and reporting indicators is critical to disrupting CI threats and mitigating risks. Reporting allows us to share and address risks together.

Which of the following is are examples of suspicious indicators related to insider threats?

Five Malicious Insider Threat Indicators and How to Mitigate the Risk

  • Unusual logins.
  • Use or repeated attempted use of unauthorized applications.
  • An increase in escalated privileges.
  • Excessive downloading of data.
  • Unusual employee behavior.
IT\'S INTERESTING:  Are protection dogs dangerous?

Which of the following is considered an insider threat?

An insider threat is a category of risk posed by those who have access to an organization’s physical or digital assets. These insiders can be current employees, former employees, contractors, vendors or business partners who all have — or had — authorized access to an organization’s network and computer systems.

What are red flags that someone has become a malicious insider threat?

Monitor the Red Flags that May Indicate Insider Threats

Working outside scheduled work hours. Logging in from different locations or devices at different times. Copying large amounts of information to removable drives or emailing it to non-company email addresses. Making excessive negative comments about the …

Which of the following is not an indicator of an insider threat?

Alcohol or substance abuse or dependence is not an indicator of potential for insider threat.

What is the final stage of the intelligence process?


The last step, which logically feeds into the first, is the distribution of the finished intelligence to the consumers, the same policymakers whose needs initiated the intelligence requirements. Finished intelligence is hand-carried daily to the President and key national security advisers.

What is the 5 cycle of intelligence?

The stages of the intelligence cycle include the issuance of requirements by decision makers, collection, processing, analysis, and publication (i.e., dissemination) of intelligence.

What is offensive counterintelligence?

Offensive Counterintelligence (Deception) consists of attempting to turn enemy agents into double agents or giving them false or misleading information once they have been identified in hopes that these agents will report the information back to their home nation.

What are counterintelligence activities?

The term ‘counterintelligence’ means information gathered and activities conducted to protect against espionage, other intelligence activities, sabotage, or assassinations conducted by or on behalf of foreign governments or elements thereof, foreign organizations, or foreign persons, or international terrorist …

What triggers a suspicious activity report?

If potential money laundering or violations of the BSA are detected, a report is required. Computer hacking and customers operating an unlicensed money services business also trigger an action. Once potential criminal activity is detected, the SAR must be filed within 30 days.

What are suspicious transactions?

Any transaction or dealing which raises in the mind of a person involved, any concerns or indicators that such a transaction or dealing may be related to money laundering or terrorist financing or other unlawful activity.

What’s the law on taking photos without permission?

There is no law preventing people from taking photographs in public. This includes taking photos of other people’s children. If you are taking photographs from private land, you need to have the land owner’s permission.

Is recording a First Amendment right?

California. A growing consensus of courts have recognized a constitutional right to record government officials engaged in their duties in a public place. This First Amendment right to record generally encompasses both video and audio recording.

IT\'S INTERESTING:  Does free Bitdefender protect against spyware?

What is counterintelligence analysis?

Counterintelligence: CI Analysis

Counterintelligence can be described as activities designed to prevent or thwart spying, intelligence gathering, and sabotage by an enemy or other foreign entity. This guide provides books, articles, reports, websites, and videos on the subject.

What do they check for security clearance?

The security clearance process typically includes a FBI reference check of former employers, coworkers, friends, neighbors, landlords, and schools along with a review of credit, tax, and police records.

Can family members affect security clearance?

Under national security adjudicative guidelines family members or cohabitants living with you who are engaging in criminal activity can pose a risk to your ability to obtain or retain a security clearance.

What is the difference between a background check and a background investigation?

Background investigations are much more in-depth than background checks and are often conducted to look into a person’s past to determine who they really are.

Which comes first intelligence or investigation?

Since intelligence deals with the future it often yields multiple acceptable answers. Hence an investigation focuses on past events while intelligence focuses on future events. They all so differ in that investigations yield only one answer while intelligence produces multiple results.

What are the five functions of counterintelligence?

The five mission objectives outline key activities required to identify, detect, exploit, disrupt, and neutralize FIE and insider threats and to safeguard our national assets, including cyberspace.

Are Army counterintelligence agents federal agents?

Military and civilian personnel trained and appointed to conduct counterintelligence investigations and operations are credentialed and titled as Counterintelligence Special Agents (occasionally referred to simply as “CI” or “Army Intelligence Agents”), and carry badge and credentials identifying their status as …

What are the 5 levels of security clearance?


  • 3.2.1 Controlled Unclassified.
  • 3.2.2 Public Trust Position.
  • 3.2.3 Confidential.
  • 3.2.4 Secret.
  • 3.2.5 Top Secret.
  • 3.2.6 Compartmented.

Which of the following are cybersecurity incidents that must be reported?

There are many types of cybersecurity incidents that could result in intrusions on an organization’s network:

  • Unauthorized attempts to access systems or data.
  • Privilege escalation attack.
  • Insider threat.
  • Phishing attack.
  • Malware attack.
  • Denial-of-service (DoS) attack.
  • Man-in-the-middle (MitM) attack.
  • Password attack.

What is counterintelligence awareness and reporting for DOD?

The Counterintelligence (CI) Awareness Program’s purpose is to make DOD and Industry Security personnel aware of their responsibility to report unusual activities or behaviors and various threats from foreign intelligence entities, other illicit collectors of US defense information, and/or terrorists.

What is a reportable foreign contact?

a. Contact reporting is required if there is continuing association with known foreign nationals that involve bonds of affection, personal obligation, or intimate/sexual contact.

What makes someone a malicious threat?

A: Malicious threats intend to do you harm. Malignant threats are threats that are always present.

What is example of internal threat?

Common methods include ransomware, phishing attacks, and hacking. Internal threats originate within the organization itself and usually are carried out by a current and former employee, a contractor, a business associate, etc. Insider attacks can be malicious or inadvertent.