Return to Y-Directorate's Home Page.

Cybersecurity Incident Reporting Guidance

What to Report?

Any cybersecurity incident should be reported. A cybersecurity incident is the violation of an explicit or implied security policy. Types of activity that are commonly considered as being in violation of a typical security policy include but are not limited to:

• Attempts (either failed or successful) to gain unauthorized access to a system or its data, including PII related incidents
• Unwanted disruption or denial of service
• Unauthorized use of a system for processing or storing data
• Unauthorized destruction or modification of data
• Unauthorized changes to system hardware, firmware, or software characteristics
• Phishing attempts to solicit personal information or execute malicious software from unsuspecting users by employing social engineering techniques
• Malware incidents designed to damage or perform other unwanted actions on a computer system

Who Should You Report To?

Personal Accounts, Systems, and Data
Cybersecurity incidents that only involve personally owned or managed IT assets should be reported to appropriate telecommunications providers (i.e. your internet service provider) or account providers (such as Google, Microsoft, Yahoo, etc…). Incidents of a criminal nature should be reported to your local or state law enforcement agency’s cybercrime organizations. Additionally, they may be reported to the US-CERT or to the FBI Internet Crime Complaint Center.

Coast Guard Auxiliary Accounts, Systems, and Data
Cybersecurity incidents that involve CGAUX National IT Systems and Accounts shall be reported to the Cybersecurity Directorate using the Cybersecurity Incident Reporting System link below on this page. The Cybersecurity Directorate will coordinate the response with any necessary partner organizations. Those incidents or suspected incidents should be reported immediately upon discovery (do not delay to investigate yourself). Incidents where there is a possible compromise of Auxiliary personally identifiable information or operational information should also be reported to the CI Division immediately. Incidents that do not involve National Auxiliary IT systems data or accounts, but do involve other forms of CGAUX data may also be reported.

U.S. Coast Guard Accounts, Systems, and Data
Cybersecurity incidents that involve USCG accounts, systems or data must be reported to Coast Guard Cyber Command immediately using appropriate channels. The Cybersecurity Directorate be reached to assist with notifications, if necessary.

---

The CGAUX Cybersecurity Incident Reporting System provides a secure web-enabled means of reporting computer security incidents to the Cybersecurity Directorate. This system assists analysts in providing timely handling of your security incidents as well as the ability to conduct improved analysis. If you would like to report a computer security incident, please complete the following form. Please provide as much information as you can to answer the following questions to allow us to understand your incident.