A new two-page document entitled “Law Enforcement Cyber Incident Reporting: A Unified Message for State, Local, Tribal and Territorial (SLTT) Law Enforcement” has been posted on the Secret Service’s website, and succinctly addresses the important issue of how these SLTT law enforcement agencies should report cyber incidents to the federal government, a key challenge given the multiplicity of actors at the federal level.
What is notable about the document is that it reflects the consensus opinion of these federal law enforcement agencies (the seals of DHS, DOJ, the FBI, ICE and the Secret Service are included on the document) as well as many of the major organizations representing SLTT law enforcement (IACP, Major City Chiefs, National Sheriffs’ Association, IALEIA). This “Unified Message” document is similar to a 2012 Unified Message on Suspicious Activity Reporting that was supported by many of the same agencies and organizations. The seal of the Program Manager for the Information Sharing Environment is also included on both documents, consistent with their well-established role in convening federal and SLTT entities to address issues such as this.
The document describes when SLTT agencies should report cyber incidents to the federal level, what they should report, and how they should report it. A chart on the second page identifies “key contacts for cyber incident reporting,” helping to clarify lanes in the road between FBI, ICE, Secret Service and DHS/NPPD on what should be reported to whom. A final section recommends additional resources for SLTT law enforcement personnel.
You can review the full document at this link.