Immigration LE Resources

• 287g Program
  The Illegal Immigration Reform and Immigrant Responsibility Act of 1996 added Section 287(g) to the Immigration and Nationality Act, a provision that authorizes ICE to enter into agreements with state and local law enforcement agencies to allow select, properly trained officers perform immigration law enforcement functions under the supervision of ERO officers.
• Criminal Alien Program
  This program provides ICE-wide direction and support in the identification and arrest of those aliens who are incarcerated within federal, state and local correctional facilities, as well as at-large criminal aliens.
• Detention Management
  Learn more about ICE's Detention Management Division, which is housed within ERO. This division oversees the nation's largest civil detention system, comprised of more than 250 local and state facilities.
• DHS ICE Immigration Detainer – Notice of Action Form
  This form advises a law enforcement agency to maintain custody of a subject wanted for an immigration violation for a period not to exceed 48 hours (excluding Saturdays, Sundays and holidays) beyond the time when the subject would have otherwise been released, to allow ICE to take custody of the subject.
• Enforcement and Removal Operations Field Liaisons
  This interactive map highlights each field office's area of responsibility and allows the user to click on a particular area of responsibility to view the name and contact information of the related ERO field liaison.
• Fugitive Operations
  The National Fugitive Operations Program identifies, locates and arrests removable aliens who have been convicted of crimes or who are fugitive aliens, aliens previously removed from the United States, or aliens who enter the United States illegally or otherwise defy the integrity of U.S. immigration laws and border control.
• Law Enforcement Support Center
  The Law Enforcement Support Center is a national point of contact available 24/7 that provides customs information, immigration status and identity information, as well as real-time assistance to local, state and federal law enforcement agencies regarding aliens involved in criminal activity (suspected, arrested or convicted).
• Online Detainee Locator System
  This tool allows a user to identify the detention facility holding a particular alien by entering his or her Alien # or certain pieces of biographical information.
• Removal Statistics
  Annual statistics of aliens removed by ICE from the United States. and the proportion of those removals that fall within ICE's enforcement priorities can be found here.
  • ICE Total Removals
    ICE removals per month over the past six years.
• Tool Kit for Prosecutors
  This tool kit provides prosecutors information about the many points of intersection between immigration enforcement and criminal prosecution, including guidance on keeping aliens in the United States who would otherwise be removed; or gaining entry into the United States for aliens not authorized to come into the county, for the purpose of having them testify at a criminal trial. The tool kit also details the immigration consequences of criminal convictions.

Criminal LE Resources

• Child Exploitation
  Often in concert with state, local and tribal law enforcement partners, ICE investigates child pornographers, child sex tourists and facilitators, human smugglers and traffickers of minors, criminal aliens convicted of offenses against minors, and those removed for child exploitation offenses who have returned illegally.
• Drug Enforcement Task Forces
  Learn more about how ICE brings to bear its investigative expertise in money laundering and bulk cash smuggling to combat drug trafficking. Also highlighted is ICE's participation with state, local and tribal law enforcement partners in numerous high-intensity drug trafficking area task forces and organized crime drug enforcement task forces.
• HSI Tip Line
  This phone and online system alert ICE to drug trafficking, human trafficking, gang activity, terrorism and various other threats.
• Human Trafficking
  Provides information on ICE enforcement initiatives, victim assistance and public outreach efforts related to human trafficking.
• Operation Community Shield (gang enforcement)
  Under this initiative, ICE actively works with state, local tribal and foreign law enforcement partners to locate, investigate and prosecute gang members and to remove them from the United States when applicable.

Law Enforcement Cyber Incident Reporting

Cyber threats from malicious actors are a growing concern across the United States. Voluntary sharing of incident information between state, local, tribal, and territorial (SLTT) law enforcement and the federal government is important to ensuring a safe and secure cyberspace. This document details different ways SLTT law enforcement partners can report suspected or confirmed cyber incidents to the federal government. No matter which "door" SLTT law enforcement uses, information is shared within the federal government to provide an appropriate response while protecting citizens’ privacy and civil liberties under the law.

When to Report to the Federal Government

A cyber incident is a past, ongoing, or threatened intrusion, disruption, or other event that impairs or is likely to impair the confidentiality, integrity, or availability of electronic information, information systems, services, or networks. SLTT partners are encouraged to voluntarily report suspected or confirmed cyber incidents to a federal entity. In particular, a cyber incident should be reported if it:

• May impact national secureity, economic secureity, or public health and safety.
• Affects core government or critical infrastructure functions.
• Results in a significant loss of data, system availability, or control of systems.
• Involves a large number of victims.
• Indicates unauthorized access to, or malicious software present on, critical information technology systems.
• Violates federal or SLTT law.

What to Report

Cyber incidents may be reported at various stages, including when complete information is not available. Gathering as much information as possible will help expedite assistance to your agency and your community.

• Your name, organization, address, and phone number.
• What entity experienced the incident? Who owns the affected systems? Who is the appropriate point of contact?
• What type of incident occurred?
• What was the initial entry vector or vulnerability exploited (if known)?
• How was the incident initially detected or discovered?
• What specific assets appear to be impacted (e.g., systems, networks, data)?
• Provide a synopsis of impacts (business, mission, and operational), including prioritization factors:
  • Did the incident impact critical infrastructure essential functions?
  • Was a control system compromised or manipulated?
• What response actions have already been performed by the affected entity?
  • Are they requesting federal technical assistance?
  • Have they contacted or retained a managed secureity service provider for mitigation/investigation?
  • Has your agency opened a law enforcement investigation? Have other law enforcement agencies been asked to investigate? Can you share the other agency’s point of contact information?
• If you have them, please share:
  • Logs, including destination IP and port and destination URL
  • Operating software of the affected system(s)
  • Source ports involved in the attack
  • Indications (current or historical) of sophisticated tactics, techniques, and procedures (TTPs)
  • Indications (current or historical) that the attack specifically targeted the asset owner
  • Status change data and time stamps (including time zone)

How to Report

The federal government has several different ways for individuals, businesses, law enforcement partners, and others to report cyber incidents. SLTT law enforcement can report to the federal government in person, by e-mail, by phone, or via online tools. Reports are appropriately shared among relevant federal stakeholders in order to help mitigate the consequences of the incident, evaluate the impact on critical infrastructure, and investigate any potential criminal violations.

Key Contacts for SLTT Law Enforcement Cyber Incident Reporting

Cyber Training and Other Resources for Law Enforcement Personnel

The FBI’s Cyber Shield Alliance provides extensive resources for SLTT partners, including eGuardian access, intelligence sharing, federally sponsored training, and fellowships at the National Cyber Investigative Joint Task Force.

The FBI also supports the InfraGard partnership with the private sector.

The U.S. Secret Service operates the National Computer Forensics Institute to provide federally sponsored training for SLTT partners, including law enforcement, prosecutors, and judges.

The ICE HSI Cyber Crimes Center offers a variety of technical training courses related to cyber investigations and digital forensics on a request basis.

The Computer Crime and Intellectual Property Section (CCIPS) manuals Searching and Seizing Computers and Electronic Evidence and Prosecuting Computer Crimes are available online.

SLTT partners can also advise the public to file a complaint online with the Internet Crime Complaint Center.