An incident is an adverse event to information technology (such as a system, network, or services) that results in damage, loss (of money, access, services, or data integrity or confidentiality), or other negative impacts on the organization. Cybersecurity incidents typically involve an internal or external actor using technology to negatively impact an organization.
Port scans and other probes, emails that appear to be scams or phishing, or other common events are not incidents unless they cause negative impacts.
Common types of incidents include when an organization experiences:
Effective July 1, 2022, Virginia Code § 2.2-5514 requires all state and local public bodies to report all
(i) known incidents that
- threaten the security of the Commonwealth's data or communications or
- result in exposure of data protected by federal or state laws
and
(ii) other incidents compromising the security of the public body's information technology systems with the potential to cause major disruption to normal activities of the public body or other public bodies.
If you have a question about whether an incident meets the above criteria, it is better to err on the side of reporting it.
Under Virginia Code § 2.2-5514, incidents must be reported to the Virginia Fusion Intelligence Center within 24 hours from when the incident was discovered.
Incidents can be reported through the Cyber Incident Form on this website or by calling the Virginia Fusion Center at 804-674-2196 or 877-4VA-TIPS.
Yes. Reports submitted by phone or through the incident reporting form go to the Virginia Fusion Center. Fusion Center information is confidential. See Va. Code § 52-48.
Yes. ALL cybersecurity incidents meeting the criteria of the Virginia Code § 2.2-5514 (effective July 1, 2022) requires all state and local public bodies to report allabove law must be reported, even if no assistance is required or if the incident has already been resolved.
All cybersecurity incidents meeting the criteria of the Virginia Code § 2.2-5514 (effective July 1, 2022) must be reported, even if the 24-hour reporting deadline has passed.
If you select the YES button to request assistance on the form, state cybersecurity personnel will contact you. If you select NO and do not request assistance, state cybersecurity personnel will follow up with you only if additional details are needed.
The following are clues that an information security incident may be in progress, or one may have already occurred. These indicators can have legitimate explanations and be part of day-to-day operations. The key in determining whether a suspected event is a legitimate event or is actually an incident is recognizing when things happen without explanation or in ways that are contrary to your policies and procedures.