An official website of the United States government
Here's how you know
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

News | Jan. 9, 2020

Managing the threat: TMU standing by to assist

By Ally Rogers, DIA Public Affairs

The Threat Management Unit is one of the many programs the Defense Intelligence Agency’s Police manages. The TMU’s mission includes identifying and preventing acts of violence and criminality that could compromise the safety and security of Agency personnel, property and information.

“While we can’t predict who will commit an act of violence against the Agency or DIA employees, we can help deter action based on indicators of potential escalation,” said Lt. Dustin Lang, TMU commander. “We can also ensure others know what to look for and what information to pass along to TMU members so that we can help.”

The TMU offers threat mitigation strategies and risk-reduction plans to DIA and its partners. The scope of the TMU is to evaluate threats, indicators of self-harm or harm to others, as well as the team analyzes suspicious phone calls, emails, social media messages and mail items that arrive at DIA facilities or are received by the workforce.   

Lang explained that items are often discarded or disregarded by receiving offices. However, the TMU’s guidance is to pass questionable materials to the police.

“If anyone gets an email or physical item (that seems suspicious), we want to see it,” he said. “We want to make sure that nothing slips through the cracks and that we have all the necessary information and time to take appropriate action.”

What are suspicious items that TMU would want to see?

According to the “Contemporary Threat Management: A Practical Guide for Identifying, Assessing, and Managing Individuals of Violent Intent,” the list includes direct or conditional threats, delusional or paranoid correspondence, obsessive or overly emphatic messages, or anything that is disjointed, bizarre or unreasonable.

If a DIA employee is uncertain whether something they’ve received – digitally or physically – is suspicious, the nationwide suspicious activity reporting document has details to help determine if it should be reported.

The TMU is also responsible for conducting criminal background screenings of contract employees affiliated with Agency renovations and construction projects.

“This process helps to ensure only the most trusted people will be working in or around DIA facilities,” said DIA Deputy Chief of Police John Richter. “The TMU (also) serves as a DIA liaison between local, state and federal law enforcement authorities. The information shared among these professionals, provide officers with the latest threats that they may encounter, while protecting the Agency. These threats could range from an individual with a warrant to the latest in weapons concealment and media storage technology.”

Members of DIA’s TMU must successfully complete the Federal Law Enforcement Training Center’s Uniformed Police Training Program and Intelligence Analysis Training Program, as well as non-FLETC courses in protective intelligence and criminal analysis. Members also attend threat briefings and case studies, or after action reports, conducted by local, state and other federal law enforcement entities.

“Typically, the AARs follow larger, high profile events, like mass shootings or other events involving acts of mass violence,” said Lang. “It’s important that we attend these sessions to learn and hear from the scene commander, special operators, case agents, victims and survivors. There’s a lot of experience and knowledge to be shared at those AARs.”

The TMU has had numerous successful cases since its inception in 2012. Lang explained one incident: “There was a program office that received a threatening email. The message read, ‘I’m across the street from an embassy. Death to all intelligence officers.’ And there were attached photos, mostly of a silhouette target with tight, shot groups, but also a few of the embassy that appeared to have been taken from the roof of a neighboring building.”

Once the officer notified the TMU, the team worked with the Chief Information Office to conduct a detailed analysis of available databases to track down the email sender’s IP address and used the metadata to determine the sender’s identity. Geolocation data from the photos were used to determine where they were taken, confirming the sender’s assertions that they were in close proximity to an embassy.

It was determined that the sender was in another country. The investigating officer contacted TMU-partners at Interpol. Due to the TMU’s efforts, and with the assistance of Interpol agents, the suspect was apprehended within 24 hours. As this became an international investigation of a U.S. citizen, who committed a crime in another country, the TMU referred the investigation and follow-up adjudicative processes to the Department of State. Lang reported that the sender has not contacted DIA in any form since the arrest.

“We are here to keep our people and property safe, but we need DIA’s help,” said Lang. “The more we know, the more we’re able to prevent and deter threats to DIA and its employees.”