The FBI's Use of 'Specific' and 'Credible' in Threat Warning
When the FBI and partners share our assessment of threats to an upcoming event, recipients at the local, state, and federal levels carefully examine our words to determine what, if any, action to take in response.
For years, we have used the phrase "no specific and credible threat" in event-focused products. We have come to realize that different recipients interpret this phrase differently, and precision and clarity are needed to capture the nuance and variability of a growing volume and variety of information we must consider in threat warning.
This guidance for use of the terms "specific" and "credible" in threat warning establishes a transparent, clear, and consistent framework that helps authors and reviewers use descriptive, detailed language that accurately characterizes the totality of information to describe a threat situation and establishes consistency in how specificity and credibility are defined and applied for a shared understanding by stakeholders.
Please take the time to familiarize yourself with the below information. We are confident this approach will help us all in our mission to identify threats and opportunities, inform decision-making, and avoid surprise.
Purpose
To establish a transparent and consistent framework for characterizing an imminent or potential threat that transitions us from:
- Overreliance on the vague terminology stating "no specific and credible reporting" to the use of more descriptive, detailed language that accurately characterizes the totality of information to describe the threat situation; and
- Inconsistency in how the terms specificity and credibility are used to set definitions for a shared understanding by stakeholders.
Establishing set definitions
What we mean when we say:
Specificity
The specificity of a threat is determined by evaluating whether it includes details such as who is involved, what the target is, when or where it may occur or manifest, or how it is going to occur.
Credibility
The credibility of a threat is based on an evaluation of the source and context of the reporting and the viability of the method(s) described.
Viability
Viability may be evaluated based on technical feasibility (i.e., practicable, workable) and whether it can be carried out as described.
Evaluating the viability of the threat requires a look at the source and any issues associated with the source to determine intent and capability, including technical feasibility and operational practicality. Evaluation may require technical experts to review reporting to determine the technical viability of any aspect of a threat or any complex or new technological system. A threat’s viability should not be discounted solely on the basis of being new or unprecedented.
Characterizing threat information
Explain what you are addressing.
Are you considering a specific threat or the overall threat environment (context)? Are you evaluating an individual source or information derived from multiple sources or types of sources (open source, human sources, technical sources, etc.)?
Characterize the information clearly.
Include a complete and thorough description of what is known and what is not known.
Provide a rigorous estimate of the threat environment by developing a list of indicators that are observable, valid, reliable, stable, and unique to help the FBI provide actionable warning.
Teams using indicators to inform their decision makers must regularly check for them and communicate changes to those in a position and in time to act.
Include a complete description of the overall threat environment to avoid creating a false sense of security.
Any form of communication (written product, briefing, or public communication) about threats to an event should include a statement about the overall threat environment and distinguish between information on individual plots and the overall threat to the event.