Marines

HomeNewsMessagesMessages Display

SUSPICIOUS ACTIVITY REPORTING REQUIREMENTS
Date Signed: 10/25/2018 | MARADMINS Number: 613/18
PRINT
MARADMINS : 613/18
R 251249Z OCT 18
MARADMIN 613/18
MSGID/GENADMIN/CMC WASHINGTON DC PPO PS//
SUBJ/SUSPICIOUS ACTIVITY REPORTING REQUIREMENTS//
REF/A/MSGID: DODI 2000.26/-//
REF/B/MSGID: DODI 2000.12/20030818/-//
REF/C/MSGID: DODI 2000.16/201601117/-//
REF/D/MSGID: MCO 3302.1E/20090308/-//
REF/E/MSGID: MARADMIN 646/13/-//
REF/F/MSGID: MCO 3504.2A/-//
NARR/REF A IS THE DEPARTMENT OF DEFENSE INSTRUCTION ON SUSPICIOUS ACTIVITY REPORTING (SAR). REF B IS DOD AT PROGRAM. REF C IS DOD INSTRUCTION ESTABLISHING AT STANDARDS. REF D IS MARINE CORPS ORDER FOR AT. REF E IS GUIDANCE FOR THE REGISTRATION, TRAINING AND USE OF THE NEW USMC CROSS-ORGANIZATIONAL COMMUNICATION TOOL BASED ON THE NAVY'S EXISTING COMMAND, CONTROL, COMMUNICATION, COMPUTER AND INFORMATION SUITE (C4IS). REF F IS MARINE CORPS ORDER FOR OPERATIONS EVENT/INCIDENT REPORT (OPREP-3) REPORTING.//
POC/JASON TOWLE/CIV/CMC WASHINGTON DC PS/LOC: WASHINGTON DC/TEL: 703-692-4235/DSN: 222-4235/EMAIL/JASON.TOWLE@USMC.MIL//
GENTEXT/REMARKS/1.  Protection programs are critical in the prevention of attacks and protection of the force. Suspicious Activity Reporting (SAR) provides law enforcement with observed behavior that may be indicative of a terrorist or criminal threat. SAR systems enables members of the community to act as the eyes and ears for law enforcement, this in turn enables law enforcement to work with antiterrorism and force protection personnel to ensure the protection of critical assets, which includes personnel. Because of this, it is critical that units and commanders continue to enforce the requirement to report SAR and use programs such as Eagle Eyes (EE), the Marine Corps Suspicious Activity Information Portal (MCSAIP) and eGuardian.
2. Situation.
2.A. The 2017 annual SAR summary identified 320 suspicious activity incidents that had a direct nexus to the Marine Corps. The suspicious activity reports were compiled from the MCSAIP; eGuardian; C4IS; Operations Event/Incident Reports (OPREP-3) and other service/agency reporting when the incident had the potential to impact Marine Corps personnel or facilities. The summary identified that breach/attempted intrusions, expressed/implied threats, and unauthorized or suspicious photography remain the most common incident types and accounted for more than 76 percent of the SAR at USMC facilities during 2017. However, further research revealed not all SAR incidents are being reported correctly.
2.B. This MARADMIN defines and directs the mandatory requirements and timelines to report suspicious activity and the required categories of SAR that must be reported.
3. Mission. Effective the date of publication, commanders will execute the reporting requirements identified in this MARADMIN and ref (a) to identify suspicious activity and protect the force.
4. Execution.
4.A. Commander's Intent. The Marine Corps seamlessly executes SAR requirements to:
4.A.1. Identify and address threats to the USMC at the earliest opportunity.
4.A.2. Implement information-driven and risk-based detection, prevention, deterrence, response, and protection efforts immediately.
4.A.3. Identify individuals involved in terrorism, criminal-related activities, and threats directed against the USMC. 4.A.4. Assist commanders by providing and using criminal intelligence with a terrorist nexus when establishing appropriate force protection conditions.
4.B. Method. Commanders will accomplish this mission through the reporting of suspicious activity utilizing the MCSAIP, eGuardian; 4IS; and OPREP-3 as applicable. Commanders will review internal and external reporting procedures and ensure the provisions of this MARADMIN are properly incorporated.
4.C. End State. The Marine Corps maintains the ability to disrupt multiple actions across the threat spectrum to include: terrorist planning cycles, emerging threats such as unmanned aerial vehicle incursions, homegrown violent extremists' actions and insider threats.
5. Concept of Operations.
5.A. Suspicious activity reporting will be conducted in a way that ensures all suspicious incidents are reported, recorded for future analysis, and shared throughout the Marine Corps protection community. Listed below are descriptions of the USMC SAR tools that are provided to all commands.
5.A.1. Eagle Eyes is the official Marine Corps community awareness SAR program. The program allows anyone to report suspicious activity through the Eagle Eyes website, www.usmceagleeyes.org, or locally designated phone numbers. Individuals can provide detailed information and, when possible, imagery from mobile devices, security cameras, or other imagery capture devices. All EE reports submitted via phone call to the local EE phone number, security personnel, or USMC law enforcement shall be entered into the EE system by the security personnel receiving the report. All reports submitted through the EE website are automatically uploaded into the Marine Corps suspicious activity information portal and analyzed by designated and specially trained personnel.
5.A.2. Marine Corps Suspicious Activity Information Portal (MCSAIP). MCSAIP shall serve as the Marine Corps' official repository of descriptive data on SAR to ensure historical information remains accessible. This will help Marine Corps protection officials detect and analyze suspicious persons and patterns of behavior specific to an area of operations and identify trends across the Marine Corps.
5.A.2.1. Information reported in the MCSAIP is viewable by other Marine Corps commands within the region and any other entity that has a signed information sharing MOU with HQMC, PP and O, PS Division, to help identify suspicious persons or patterns of behavior at multiple locations within a region.
5.A.2.2. Marine Corps Law Enforcement, Mission Assurance, Protection, Intelligence, and Antiterrorism personnel shall use the MCSAIP to report all suspicious incidents as defined in ref (a). At a minimum, the following categories shall be reported in the MCSAIP NLT 6hrs of LE/AT personnel being notified of the event:
5.A.2.2.1. Vehicle and Personnel Breach/Attempted Intrusions. Unauthorized personnel attempting to enter or actually entering perimeter boundaries and interior enclaves.
5.A.2.2.2. Misrepresentation. Presenting false information or misusing insignia, documents, and/or identification to misrepresent one's affiliation as a means of concealing possible illegal activity.
5.A.2.2.3. Theft/Loss/Diversion. Stealing or diverting something associated with a facility/infrastructure or secured protected site (e.g., badges, uniforms, identification, emergency vehicles, technology, or documents (classified or unclassified), which are proprietary to the facility/infrastructure or secured protected site.
5.A.2.2.4. Sabotage/Tampering/Vandalism. Damaging, manipulating, defacing, or destroying part of a facility/infrastructure or secured protected site.
5.A.2.2.5. Expressed/Implied Threats. Communicating a spoken or written threat to commit a crime that will result in death or bodily injury to another person or persons or to damage or compromise a facility/infrastructure or secured protected site.
5.A.2.2.6. Aviation Activity. Learning to operate, or operating an aircraft, or interfering with the operation of an aircraft in a manner that poses a threat of harm to people or property, to included UAS incursions, sightings, overflight, loitering or other activity in or over perimeter boundaries.
5.A.2.2.7. Elicitation. Questioning individuals or otherwise soliciting information at a level beyond mere curiosity about a public or private event or particular facets of a facility's or building's purpose, operations, security procedures, etc.
5.A.2.2.8. Testing/Probing of Security. Deliberate interactions with, or challenges to, installations, personnel, or systems that reveal physical, personnel, or cybersecurity capabilities.
5.A.2.2.9. Recruiting/Financing. Providing direct financial support to operations teams and contacts or building operations teams and contacts; compiling personnel data, banking data, or travel data in a manner that would arouse suspicion of terrorism or other criminality in a reasonable person.
5.A.2.2.10. Unauthorized/Suspicious Photography. Taking pictures or video of persons, facilities, buildings, or infrastructure in an unusual or surreptitious manner that would arouse suspicion of terrorism or other criminality in a reasonable person. Examples include taking pictures or video of infrequently used access points, the superstructure of a bridge, personnel performing security functions (e.g., patrols, badge/vehicle checking), security-related equipment (e.g., perimeter fencing, security cameras), etc.
5.A.2.2.11. Observation/Surveillance. Demonstrating unusual or prolonged interest in facilities, buildings, or infrastructure beyond mere casual (e.g., tourists) or professional (e.g., engineers) interest and in a manner that would arouse suspicion of terrorism or other criminality in a reasonable person. Examples include observation through binoculars, taking notes, attempting to mark off or measure distances, etc.
5.A.2.2.12. Materials Acquisition/Storage. Acquisition and/or storage of unusual quantities of materials such as cell phones, pagers, radio control toy servos or controllers; fuel, chemicals, or toxic materials; and timers or other triggering devices, in a manner that would arouse suspicion of terrorism or other criminality in a reasonable person.
5.A.2.2.13. Acquisition of Expertise. Attempts to obtain or conduct training or otherwise obtain knowledge or skills in security concepts, military weapons or tactics, or other unusual capabilities in a manner that would arouse suspicion of terrorism or other criminality.
5.A.2.2.14. Weapons Collection/Discovery. Collection or discovery of unusual amounts or types of weapons, including explosives, chemicals, and other destructive materials, or evidence, detonations or other residue, wounds, or chemical burns, that would arouse suspicion of terrorism or other criminality.
5.A.3. eGuardian. Marine Corps law enforcement agencies and activities shall use the eGuardian system for reporting, storing, and sharing unclassified SAR of incidents that may be indicative of potential threats or suspicious activity related to Marine Corps personnel, facilities, or forces in transit. eGuardian shall serve as the exclusive DoD law enforcement SAR system as mandated by reference (a). The eGuardian system shall be employed by:
5.A.3.1. Law Enforcement Officers (LEOs), analysts, and technical contractors assigned, attached, or detailed to law enforcement agencies.
5.A.3.2. Personnel designated as Antiterrorism Officers (ATOs) at the geographic combatant commands and military departments/services and installations that directly support operations and planning and indirectly support LE missions and agencies.
5.A.4. Operations Event/Incident Reports (OPREP-3). OPREP-3 utilize command post channels to immediately notify commanders of any significant event or incident. Reference (f) outlines the specific reporting requirements for OPREP-3. All suspicious incidents meeting OPREP-3 reporting requirements and reporting outlined in paragraph
5.A.2.2. shall also be entered into the MCSAIP and the C4IS.
5.A.5. Command, Control, Communications, Computers, and Information Suite. C4IS is the primary system used to share near real-time force protection event information to ensure commands maintain situational awareness of threats and hazards, and communicate threat related information to the widest possible audience.
6. Tasks.
6.A. Headquarters, U.S. Marine Corps, PP and O, Security Division:
6.A.1. Serve as the office of primary responsibility for MCSAIP and C4I.
6.A.2. Provide MCSAIP initial and sustainment training to Marine Corps commands as required.
6.A.3. Ensure compliance with this MARADMIN by designated commands.
6.A.4. Publish updated directives and Standard Operating Procedures (SOPs) as required.
6.A.5. Coordinate with Headquarters, Naval Criminal Investigative Service (NCIS) to support Marine Corps liaison(s) to the NCIS Multiple Threat Alert Center (MTAC).
6.B. COMMARFORS, MCICOM, MCSC and MCRC:
6.B.1. Ensure user accounts are established for MCSAIP NLT 30 days after the published date of this MARADMIN.
6.B.2. In accordance with reference (d) and this MARADMIN, organizations with 24-7 force protection responsibilities such as provost marshals offices', Marine Corps Police Departments and operations centers, will continuously operate the MCSAIP and C4IS in order to immediately receive suspicious activity reports. Organizations without 24-7 force protection responsibilities will monitor C4IS during normal duty hours or when operation centers are activated.
6.B.3. Suspicious activity reports that meet the criteria in para 5.A.2.2. will be reported into MCSAIP NLT 6hrs of LE/AT personnel being notified of the event.
6.B.4. In accordance with reference (e), commanders at all levels are required to appoint personnel having force protection responsibilities as users of the near real-time threat information sharing tool.
7. Admin and Logistics.
7.A. Personal identifiable Information (PII) is not allowed in the MCSAIP. Incidents involving a foreign national, PII of the individual(s) involved shall be forwarded to the USMC MTAC LNOs as soon as possible for further research. PII shall be submitted by e-mailing the information to: mtac_usmc_lnos@ncis.navy.mil.
7.B. The requirement to use the MCSAIP does not eliminate any other reporting requirements such as the DoD mandate to enter all SAR into the eGuardian system as outlined in reference (a), the requirement to report all near real-time threats into the C4IS as outlined in reference (e), or the requirement to submit operations event/incident reports as outlined in reference (f).
8. Coordinating Instructions.
8.A. Not all suspicious activity will result in an OPREP-3, but all suspicious activity shall be reported in the MCSAIP. Commanders will determine which suspicious activity incidents require an OPREP-3 in accordance with ref (f) and this MARADMIN.
8.B. OPREP-3 reporting timelines, to include voice reports, shall be met in accordance with ref (f).
8.C. C4IS reports shall be made as close to the voice and OPREP-3 timelines in ref (f) to achieve near-real time reporting and appropriate situational awareness.
8.D. When making suspicious activity reports, the incident/subject name will begin with the SAR category mandated in para 5.A.2.2. and command, e.g. “Vehicle Breach-CLNC”, “UAS Incursion-MCRD San Diego”, etc.
8.E. To register for a MCSAIP account and gain access to the system, an email request must be sent to mtac_usmc_lnos@ncis.navy.mil and be approved by the HQMC AT Program Manager.
8.F. To register for a C4IS account and gain access to the system, go to the C4IS registration site located at the following address:
NIPR: HTTPS:(forward slash)(forward slash)c4isuite.atfp.cnic.navy.mil.
SIPR: HTTPS:(forward slash)(forward slash)c4isuite.atfp.cnic.navy.smil.mil. Users will select their appropriate region or MARFOR.)
9. Command and Signal.
9.A. Command. This MARADMIN is applicable to the Marine Corps total force.
9.B. Signal. This MARADMIN is effective on the date released and will be codified with the publication of MCO 3302.1f
9.C. Release authorized by Mr. Randy R. Smith, Assistant Deputy Commandant, Plans, Policies and Operations, (Security) Division.//