Report a cyber incident
The Australian Signals Directorate (ASD) provides government with a greater understanding of cyber threats, and the coordination of whole-of-government operational responses to cyber incidents. The Cyber Security Incident Reporting (CSIR) scheme assists ASD with this role.
The Australian Government Information Security Manual (ISM) states agencies must report cyber security incidents to ASD. Cyber security incident reports are the basis for identifying and responding to cyber security incidents across government.
Reporting cyber security incidents helps ASD to develop a threat environment picture for government systems, and assist other agencies who may also be at risk. Cyber security incident reports are also used for developing new policies, procedures, techniques and training measures to help prevent future incidents.
The types of cyber security incidents agencies should report to ASD include:
- suspicious or seemingly targeted emails with attachments or links
- any compromise or corruption of information
- unauthorised access or intrusion into an ICT system
- data spills
- theft or loss of electronic devices that have processed or stored Australian government information
- intentional or accidental introduction of viruses to a network
- denial of service attacks
- suspicious or unauthorised network activity.
To report a cyber incident:
- Government ICT professionals are encouraged to use the OnSecure website. Australian Government-sponsored customers who do not have one should apply for an OnSecure account.
- Alternatively, government ICT professionals may download a cyber security incident report form (PDF)
- If you download the cyber security incident report form, it must be handled and stored in accordance with its security classification once completed. This may require access to a classified fax or mail service.
- Other organisations should use the Australian Cyber Security Centre incident report form.
- Phone ASD, 1300 CYBER1 (1300 292 371).