Which reporting form do I need?

Report a cyber incident.

Did you have a cyber security breach? Use this form to notify the Commonwealth. Visit FAQs for more related questions and answers on the use of this form.

Report a terrorism-related suspicious activity.

Do you know the signs of a terrorism-related or suspicious activity? Visit What is Suspicious Activity? resources available on the Virginia Fusion Center website.

Legislative Directive

"Every public body shall report all (i) known incidents that threaten the security of the Commonwealth's data or communications or result in exposure of data protected by federal or state laws and (ii) other incidents compromising the security of the public body's information technology systems with the potential to cause major disruption to normal activities of the public body or other public bodies. Such reports shall be made to the Virginia Fusion Intelligence Center within 24 hours from when the incident was discovered. The Virginia Fusion Intelligence Center shall share such reports with the Chief Information Officer, as described in Code of Virginia ยง 2.2-2005, or his designee at the Virginia Information Technologies Agency, promptly upon receipt."

What qualifies as a cybersecurity incident?

An incident should be reported if the following conditions are met and it resulted in: 

ONE

An adverse event to an information system, network, and/or workstation OR

TWO

The exposure, or an increased risk of exposure, of Commonwealth data OR

THREE

A threat of the occurrence of such an event or exposure.

Please note: An adverse event does not include situations such as unintentional visits to Web sites prohibited by Commonwealth/agency policy or law, or excessive use of a provided resource. These types of situations should be handled internally as personnel issues.

Guidance on Reporting Information Security Incidents

We are here to provide information that may be helpful in cybersecurity incident reporting. Cybersecurity incidents will happen and the ability to quickly identify and act in a coordinated manner can lessen the impact of an information security incident. The incident reporting form is an important first step in handling information security incidents in a coordinated response.

Information security incident refers to an adverse event in an information system, network, and/or workstation, or the threat of the occurrence of such an event. 

An event is any observable occurrence in a system, network, and/or workstation. Although natural disasters and other non-security related disasters (power outages) are also called events, these reporting requirements are for IS security related events only. Events can many times indicate an information security incident is happening.

For more information visit the FAQs section.