1.7 Establishing an incident- and tip-reporting system

Several methods have been established for businesses, individuals, and government agencies to report incidents or suspicious behavior to DHS. An incident relating to computer systems is the act of violating an explicit or implied security policy. These activities include, but are not limited to:

• Attempts (either failed or successful) to gain unauthorized access to a system or its data

• Unwanted disruption or denial of service

• The unauthorized use of a system for the processing or storage of data

• Changes to system hardware, firmware, or software characteristics without the owner's knowledge, instruction, or consent

The Federal Computer Incident Response Center (FedCIRC) has developed both a short incident-reporting form and a long incident-reporting form to assist agencies in reporting incidents. The short form allows a reporting agency to quickly report an incident when detailed information regarding the incident is not available. The long form can be used by a reporting agency when more information has been gathered about the incident, and the reporter is able to provide a more detailed report.

The choice to either use the short or long form is at the discretion of the reporting agency. All submissions using either form will be considered a new incident; therefore, the form cannot be used to provide additional information for an incident that has previously been reported. If agencies want to provide additional information regarding an existing report, they need to call a hotline at 1-888-282-0870 and provide the watch analyst with the incident report number that was assigned to the report. DHS can then update the incident report record and provide further assistance if required.

Organizations that are not a component of the federal government or reporting an incident that affects a federal agency or department are directed to file incident reports with the National Infrastructure Protection Center (NIPC) and the Computer Emergency Response Team Coordination Center (CERT/CC). The Web sites are www.nipc.gov/incident/ cirr.htm and https://irf.cc.cert.org, respectively. Private individuals are directed to fill out the NIPC incident form.

The FBI has also established a tip-reporting system. While the FBI continues to encourage the public to submit information regarding the September 11, 2001, terrorist attacks, the tip-reporting form can also be used to report any suspected criminal activity to the FBI. The form is located at https://tips.fbi.gov.

The Department of the Treasury has also established a system by which citizens can report activities related to the financing of terrorism. A toll-free telephone number has been set up at 1-866-867-8300. This campaign is designed to collect information on funding mechanisms that support terrorist activities, including underground financial systems, illicit charities, and corrupt financial service providers, and even crimes such as check fraud, identity fraud, and credit card fraud that may be used to support terrorists. The Department of the Treasury and of the DOS are seeking to raise public understanding of just how terrorist financing occurs. Figure 1.2 shows the brochure used to support the rewards program, and Figure 1.3 shows one of the posters used in the campaign to promote the program.