Report a cyber incident
The Defence Signals Directorate (DSD) provides government with a greater understanding of cyber threats, and the coordination of whole-of-government operational responses to cyber incidents. The Cyber Security Incident Reporting (CSIR) scheme assists DSD with this role.
The Information Security Manual (ISM) states agencies must report cyber security incidents to DSD. Cyber security incident reports are the basis for identifying and responding to cyber security incidents across government.
Reporting cyber security incidents helps DSD to develop a threat environment picture for government systems, and assist other agencies who may also be at risk. Cyber security incident reports are also used for developing new policies, procedures, techniques and training measures to help prevent future incidents.
The types of cyber security incidents agencies should report to DSD include:
- suspicious or seemingly targeted emails with attachments or links
- any compromise or corruption of information
- unauthorised access or intrusion into an ICT system
- data spills
- theft or loss of electronic devices that have processed or stored Australian government information
- intentional or accidental introduction of viruses to a network
- denial of service attacks
- suspicious or unauthorised network activity.
- download a cyber security incident report form (PDF).
- If you download the cyber security incident report form, it must be handled and stored in accordance with its security classification once completed. This may require access to a classified fax or mail service.
- call DSD, 1300 CYBER1 (1300 292 371)