Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
36 views2 pages

Cyber Incident Reporting: A Unified Message For Reporting To The Federal Government

Cyber reporting requirements

Uploaded by

davidsevenson
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
36 views2 pages

Cyber Incident Reporting: A Unified Message For Reporting To The Federal Government

Cyber reporting requirements

Uploaded by

davidsevenson
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Cyber Incident Reporting

A Unified Message for Reporting to the Federal Government

Cyber incidents can have serious consequences. The theft of private, financial, or other sensitive data and cyber attacks that damage
computer systems are capable of causing lasting harm to anyone engaged in personal or commercial online transactions. Such risks
are increasingly faced by businesses, consumers, and all other users of the Internet.
A private sector entity that is a victim of a cyber incident can receive assistance from government agencies, which are prepared to
investigate the incident, mitigate its consequences, and help prevent future incidents. For example, federal law enforcement agencies
have highly trained investigators who specialize in responding to cyber incidents for the express purpose of disrupting threat actors
who caused the incident and preventing harm to other potential victims. In addition to law enforcement, other federal responders
provide technical assistance to protect assets, mitigate vulnerabilities, and offer on-scene response personnel to aid in incident
recovery. When supporting affected entities, the various agencies of the Federal Government work in tandem to leverage their
collective response expertise, apply their knowledge of cyber threats, preserve key evidence, and use their combined authorities and
capabilities both to minimize asset vulnerability and bring malicious actors to justice. This fact sheet explains when, what, and how to
report to the Federal Government in the event of a cyber incident.

When to Report to the Federal Government


A cyber incident is an event that could jeopardize the confidentiality, integrity, or availability of digital information or information
systems. Cyber incidents resulting in significant damage are of particular concern to the Federal Government. Accordingly, victims
are encouraged to report all cyber incidents that may:
• result in a significant loss of data, system availability, or control of systems;
• impact a large number of victims;
• indicate unauthorized access to, or malicious software present on, critical information technology systems;
• affect critical infrastructure or core government functions; or
• impact national security, economic security, or public health and safety.

What to Report
A cyber incident may be reported at various stages, even when complete information may not be available. Helpful information could
include who you are, who experienced the incident, what sort of incident occurred, how and when the incident was initially detected,
what response actions have already been taken, and who has been notified.

How to Report Cyber Incidents to the Federal Government


Private sector entities experiencing cyber incidents are encouraged to report a cyber incident to the local field offices of federal law
enforcement agencies, their sector specific agency, and any of the federal agencies listed in the table on page two. The federal agency
receiving the initial report will coordinate with other relevant federal stakeholders in responding to the incident. If the affected entity
is obligated by law or contract to report a cyber incident, the entity should comply with that obligation in addition to voluntarily
reporting the incident to an appropriate federal point of contact.

Types of Federal Incident Response


Upon receiving a report of a cyber incident, the Federal Government will promptly focus its efforts on two activities: Threat Response
and Asset Response. Threat response includes attributing, pursuing, and disrupting malicious cyber actors and malicious cyber
activity. It includes conducting criminal investigations and other actions to counter the malicious cyber activity. Asset response
includes protecting assets and mitigating vulnerabilities in the face of malicious cyber activity. It includes reducing the impact to
systems and/or data; strengthening, recovering and restoring services; identifying other entities at risk; and assessing potential risk to
the broader community.
Irrespective of the type of incident or its corresponding response, Federal agencies work together to help affected entities understand
the incident, link related incidents, and share information to rapidly resolve the situation in a manner that protects privacy and civil
liberties.

Key Federal Points of Contact


Threat Response Asset Response
Federal Bureau of Investigation (FBI) National Cybersecurity and Communications Integration
FBI Field Office Cyber Task Forces: Center (NCCIC)
http://www.fbi.gov/contact-us/field NCCIC: (888) 282-0870 or [email protected]
Internet Crime Complaint Center (IC3): United States Computer Emergency Readiness Team:
http://www.ic3.gov http://www.us-cert.gov
Report cybercrime, including computer intrusions or attacks, Report suspected or confirmed cyber incidents, including when
fraud, intellectual property theft, identity theft, theft of trade the affected entity may be interested in government assistance
secrets, criminal hacking, terrorist activity, espionage, in removing the adversary, restoring operations, and
sabotage, or other foreign intelligence activity to FBI Field recommending ways to further improve security.
Office Cyber Task Forces.
Report individual instances of cybercrime to the IC3, which
accepts Internet crime complaints from both victim and third
parties.

National Cyber Investigative Joint Task Force


NCIJTF CyWatch 24/7 Command Center: (855) 292-3937
or [email protected]
Report cyber intrusions and major cybercrimes that require
assessment for action, investigation, and engagement with
local field offices of federal law enforcement agencies or the
Federal Government.

United States Secret Service


Secret Service Field Offices and Electronic Crimes Task
Forces (ECTFs):
http://www.secretservice.gov/contact/field-offices
Report cybercrime, including computer intrusions or attacks,
transmission of malicious code, password trafficking, or theft of
payment card or other financial payment information

United States Immigration and Customs Enforcement /


Homeland Security Investigations (ICE/HSI)
HSI Tip Line: 866-DHS-2-ICE (866-347-2423) or
https://www.ice.gov/webform/hsi-tip-form
HSI Field Offices: https://www.ice.gov/contact/hsi
HSI Cyber Crimes Center: https://www.ice.gov/cyber-
crimes
Report cyber-enabled crime, including: digital theft of
intellectual property; illicit e-commerce (including hidden
marketplaces); Internet-facilitated proliferation of arms and
strategic technology; child pornography; and cyber-enabled
smuggling and money laundering.

If there is an immediate threat to public health or safety, the public should always call 911.

You might also like