Report a cyber incident
ASD's Australian Cyber Security Centre (ACSC) is responsible for monitoring and responding to sophisticated cyber threats targeting Australian interests. The ACSC’s Cyber Security Incident Reporting (CSIR) scheme assists with this role.
Reporting cyber security incidents to the ACSC ensures that the ACSC can provide timely assistance tailored to specific incidents. This may be in the form of investigations, analysis and/or remediation advice.
When should I report a cyber security incident?
A cyber security incident is a single or series of unwanted or unexpected events that have a significant probability of compromising an organisation’s business operations. Cyber security incidents can impact the confidentiality, integrity or availability of a system and the information that it stores, processes or communicates.
The types of cyber security incidents agencies should report to the ACSC include:
- suspicious system and network activities
- compromise of sensitive information
- unauthorised access or attempts to access a system
- emails with suspicious attachments or links
- denial of service attacks
- suspected tampering of electronic devices.
The following are examples of suspicious system and network activities:
- domain administrator accounts being locked out due to failed authentication attempts
- unusual authentication events on remote access systems such as users being logged in from local workstations and a VPN simultaneously or a number of log-in attempts from geographically disparate or overseas locations within a short timeframe
- service accounts communicating with internet-based infrastructure.
How do I report a cyber security incident?
Cyber security incidents should be reported to the ACSC via an organisation’s Information Technology Security Adviser (ITSA) or equivalent information security manager.
Organisations are encouraged to submit incident reports via the ACSC incident report form or phone 1300 CYBER1 (1300 292 371).
Once an incident report is submitted to the ACSC, it is recorded and triaged. At this time the priority and extent of assistance that is necessary to respond to the cyber security incident is determined.