Cyber Incident Reporting: A Unified Message for Reporting to the Federal Government

Cyber Incident Reporting:  A Unified Message for Reporting to the Federal Government

Presidential Policy Directive (PPD)/PPD-41, United States Cyber Incident Coordination, outlines the roles federal agencies play during a significant cyber incident. The Department of Homeland Security (DHS) is unique among agencies in that it plays a major role in both asset response and threat response. Asset response focuses on the assets of the victim or potential targets of malicious activity, while threat response includes identifying, pursuing, and disrupting malicious cyber actors and activity.

DHS is the lead agency for asset response during a significant cyber incident. The Department’s National Cybersecurity and Communications Integration Center (NCCIC) assists asset owners in mitigating vulnerabilities, identifies other entities that may be at risk, and shares information across the public and private sectors to protect against similar incidents in the future.  The Department of Justice, through the FBI and the NCIJTF, is the lead agency for threat response during a significant incident, with DHS’s investigative agencies—the Secret Service and ICE/HSI - playing a crucial role in criminal investigations.

This fact sheet, Cyber Incident Reporting:  A Unified Message for Reporting to the Federal Government, explains when, what, and how to report a cyber incident to the federal government.