The U.S. Department of Homeland Security has issued a message on Federal Government cyber incident reporting. The document explains the importance of contacting the correct government agencies and the benefit to organizations and consumers of reporting cyber incidents promptly.
The DHS explains that two types of assistance are offered to private sector organizations: Asset Response and Threat Response. Asset response is provided by the Department of Homeland Security’s National Cybersecurity and Communications Center (NCCIC). The NCCIC is able to provide assistance with securing assets, mitigating vulnerabilities, and sharing threat intelligence with private and public sector organizations that may be at risk. Assistance can also be provided in removing an adversary and the NCCIC will also assist by recommending further technologies and security controls that can prevent future incidents.
Four government agencies offer assistance with threat response. Threat response is concerned with pursuing the actors responsible for the attack and bringing them to justice, or at least disrupting their attacks to limit the damage caused.
DHC explains in its cyber incident reporting message that cyber incidents are events that could potentially jeopardize the “confidentiality, integrity, or availability of digital information or information systems.” It is especially important to report events that have potential to cause “significant damage”, such as the loss of control of systems, the theft of a significant amount of data, incidents that have an impact on large numbers of individuals, or those that indicate unauthorized access has been gained to critical technology systems.
Cyber incident reporting can take place at any time, even if the organization does not have detailed information on the nature of the attack. DHC recommends first contacting local field offices of federal agencies as well as sector specific agencies.
A summary of the types of incident that should be reported to the Federal Bureau of Investigation (FBI), National Cyber Investigative Joint Task Force (NCIJTF), United States Secret Service (USSS), United States Immigration and Customs Enforcement / Homeland Security Investigations (ICE/HSI), National Cybersecurity and Communications Integration Center (NCCIC) are explained in the document – Which can be viewed on this link: