Chemical Sector Intelligence

I ran across an interesting document at PublicIntelligence.net, a sort of Wikileaks-lite that publishes a wide variety of unclassified but restricted distribution documents; documents marked with FOUO (for official use only) for example. This one purportedly came from the Colorado Information Analysis Center. The “Signs of Terrorism: Chemical Sector” is, basically a standard two-page flyer describing the types of suspicious activity that might suggest the possible preparation for an attack on a chemical facility or an attempt to gain access to weapon precursor chemicals. I would like to think that the CIAC has distributed this flyer to chemical manufacturing and distribution facilities through out the state.

The interesting thing about this document is that it includes abstracts from what were apparently suspicious activity reports submitted to law enforcement agencies in Colorado. The abstracts have been sanitized to avoid giving facility identifiable information (though one example should be readily recognizable by anyone who follows the national news). The illustrative SARS summaries are pretty well selected and are relatively recent.

I only have two minor negative comments about the incidents used to illustrate the indicators. First the incident used to explicate the ‘Elicitation’ indicator could be fleshed out some to show why it was a suspicious inquiry rather than a rather typical first call from a potential new customer. Next the second incident used for ‘Supplies’ could have been better used for ‘Impersonation’ which has no example provided.

Intelligence Reports

These five SAR summaries are great examples of the kind of intelligence information that could be provided to chemical facilities across the country; high-risk chemical facilities in the CFATS program in particular. I would expect that a little additional information would be used to flesh out the information. Even if subsequent investigations showed that the incidents were totally innocent (and most will turn out that way, such is the life of an intel analyst) the information could serve as an exemplar of the type information that facilities should be routinely reporting.

Even innocent incidents have good intelligence value. If for example the first facility ‘investigated’ by the Greenpeace ‘security inspection team’ had turned in a SAR about the visit, followed up by an explanation of what the folks were actually doing, it would have made the next facility security manager’s job that much easier when they showed up there. The investigation of ‘suspicious people taking pictures’ would quickly change into a ‘no problem just those Greenpeace folks’; a situation of no concern to security guards, just plant management. It would help decrease tension by presenting the security staff with a known and understood situation.

Chemical Sector Fusion Center

I doubt that the people at ISCD have the excess manpower or specialists available to produce such intelligence reports. I’m not even sure that they have set up a mechanism for security managers at CFATS facilities to submit such reports to a central agency or whether they would just go to the local Joint Terrorism Task Force or the local police intelligence unit (or just the cop on the beat?). While the JTTF would love to receive these reports, they may not have some one with the chemical expertise to recognize the significance of some of the reports. The disappearance of a gallon of thiobisenthanol (a precursor for a form of mustard agent) might not raise terrorism alarm bells, for example, at the local fusion center.

What is really necessary is the formation of a fusion center with the expertise to collect and evaluate SAR’s related to chemicals and chemical facilities. They could produce the kinds of intelligence reports that would be of special interest to the chemical security community. These would include the types of SARS summaries discussed above, but also intelligence products that would identify specific threats to specific areas of the chemical community. Their work could help to inform the efforts of chemical security inspectors and to provide technical information and support to police and JTTF investigations.

Signs of Terrorism are FOUO?

The Seven Signs of Terrorism (Colorado forgot to mention ‘Dry Run’ and ‘Deploying Assets’) are a well known and publicly available program to get people to get people to report suspicious activity. I suspect that the folks in CIAC marked this document ‘FOUO’ because of the SARS report summary information that was included. This is typical of the over-classification problem that afflicts most intelligence related information.

But let’s get serious here. There is nothing in this flyer that should cause any intelligence collection manager to think twice about the potential disclosure of intelligence assets or collection methods/technology. Putting the ‘FOUO’ markings on this will ensure that some of the people who need to see this (everyone that works at or around a chemical facility) will not get to because of someone took the vague classification overly seriously. Additionally, it will make some paranoid activist (not all activists are paranoid, nor are all paranoids activists) sure that they were included in a SAR because they were taking pictures of chlorine railcars and are thus marked for life.

People need to take a hard look at their markings of documents such as this. Additionally, every organization (like CIAC) should have someone whose job it is to remove excessive markings from documents. It will make information sharing easier and make documents that actually require restricted distribution more likely to receive that protection.