{"id":3828,"date":"2021-06-25T09:15:01","date_gmt":"2021-06-25T16:15:01","guid":{"rendered":"https:\/\/salesforcedevops.net\/?p=3828"},"modified":"2021-06-25T09:15:09","modified_gmt":"2021-06-25T16:15:09","slug":"how-to-report-a-cybersecurity-incident-in-june-2021","status":"publish","type":"post","link":"https:\/\/cms.salesforcedevops.net\/index.php\/2021\/06\/25\/how-to-report-a-cybersecurity-incident-in-june-2021\/","title":{"rendered":"How To Report A Cybersecurity Incident in 2021"},"content":{"rendered":"\n

With the headlines about Solar Winds<\/a> and Colonial Pipeline<\/a> many IT organizations have taken precautions against a cybersecurity incident. But what happens when those precautions fail and a ransomware demand comes up on your computer? When implementing a cyberattack remediation plan should there be a step for reporting incidents to the US government?<\/p>\n\n\n\n

According to recent outreach by the White House<\/a>, the US Government wants the industry’s help in understanding and countering the cyberwar threat. In this post I help to navigate the federal agencies who cover cybersecurity, tell you who to contact, and then describe what happens when things get really bad.<\/p>\n\n\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\tTable Of Contents\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
  1. Who Do You Call?<\/a>
  2. What Happens Next?<\/a>
  3. Better Federal Cybersecurity Incident Guidance is Needed<\/a>
  4. Industry Action Is Needed<\/a>
  5. Salesforce Architects Must Act on Security Concerns<\/a><\/ol>\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\n\n\n

    Who Do You Call?<\/h2>\n\n\n\n

    I sorted through the myriad of agencies and capabilities in the Biden Administration to give simplified guidelines on reporting a cybercrime. Here are the top two US government agencies who need to know when you are the victim of a cybercrime.<\/p>\n\n\n\n

    1. Cybersecurity & Infrastructure Security Agency (CISA) Incident Report Form<\/a> (https:\/\/us-cert.cisa.gov\/forms\/report<\/a>)

      The recent       Biden Administration Executive Order<\/a> makes it clear that CISA is now the lead agency for basic reporting of cybersecurity incidents. The CISA website<\/a> is also an educational gateway to other Federal agencies involved in security standards, such as the National Institute of Standandards and Technology (NIST)<\/a>.

      Even if you remediate an incident, it should still be reported to CISA so the agency may accurately measure the national scope of the problem.

      <\/li>
    2. Federal Bureau of Investigation (FBI) Field Offices<\/a> (https:\/\/www.fbi.gov\/contact-us\/field-offices<\/a>)

      Contact the FBI Cyber Task Force<\/strong> via a local FBI field office to report cybercrime. This includes computer intrusions or attacks, digital extortion, fraud, intellectual property theft, identity theft, theft of trade, secrets, criminal hacking, terrorist activity, espionage, sabotage, or other foreign intelligence activity.<\/li><\/ol>\n\n\n\n

      What Happens Next?<\/h2>\n\n\n\n

      Let us say your cybersecurity incident is going unbelievably bad very quickly, and you are thinking about paying a ransom or operational technology has become compromised. Who do you call then?<\/p>\n\n\n\n

      The answer is to stick with the local FBI field office as the primary contact into the federal system.<\/p>\n\n\n\n

      The United States Department of Justice (DOJ), which includes the FBI, reorganized cybersecurity in April 2021 and created the Ransomware and Digital Extortion Task Force<\/strong>. This is the group that was responsible for clawing back $2.3 million<\/a> of the ransom paid by Colonial Pipeline by tracking Bitcoin payments to a digital wallet managed by a Northern California technology company.<\/p>\n\n\n\n

      To contact the Ransomware and Digital Extortion Task Force follow step #2 above, start working with a local FBI agent, and then look to the FBI for further escalation of your concerns.<\/p>\n\n\n\n

      Better Federal Cybersecurity Incident Guidance is Needed<\/h2>\n\n\n\n

      The new DOJ task force is emblematic of how troublesome it is to deal with the US federal government. That is, they created a new agency to deal with the fact there are too many agencies in the US government. And the myriad of agencies and responsibilities is part of what makes cybersecurity seem magical and imponderable to students and practitioners alike.<\/p>\n\n\n\n

      While researching this article I found many other US Government agencies with contacts for cybersecurity incidents. Check out this undated Department of Homeland Security bulletin<\/a>, which purports to be \u201dA Unified Message for Reporting to the Federal Government\u201d, but it doesn\u2019t even mention CISA.<\/p>\n\n\n\n

      To make it simple, I synthesized recent events, the Biden cybersecurity EO, and public statements by the DOJ to give you a simplified two-step escalation procedure. However, depending on your situation you may still need to contact a another agency. Here are some of the other contact points I found:<\/p>\n\n\n\n