The United States Department of Homeland Security, the main government agency responsible for responding to a significant cyber incident, released guidelines for reporting cyber incidents to the federal government.
A cyber incident is defined as an event that could jeopardize the confidentiality, integrity or availability of digital information. DHS recommends reporting incidents that could:
- result in a significant loss of data, system availability, or control of systems;
- impact a large number of victims;
- indicate unauthorized access to, or malicious software present on, critical information technology systems;
- affect critical infrastructure or core government functions; or
- impact national security, economic security, or public health and safety
Reports should be made to the local field office of federal law enforcement agencies, or to one of the following agencies
- National Cybersecurity and Communications Integration Center (NCCIC)
- National Cyber Investigative Joint Task Force
- United States Secret Service
- United States Immigration and Customs Enforcement / Homeland Security Investigations (ICE/HSI).