The Computer Protection Program (CPPM) tracks all cyber incidents, advises on system cleanup, re-authorizes network use, performs forensics on affected systems, and, when necessary, provides information about incidents to law enforcement.
If you receive notice that your system has been infected by a virus, or if you have reason to suspect that your system has been successfully attacked in some other way, it is your responsibility to report it. Please see the Getting Started section for more information on what to do if you feel that you are aware of cyber incident.
If you think you have a cyber security incident or want to report something cyber security related, please contact firstname.lastname@example.org.
If you believe a Berkeley Lab computer has been compromised and you have not yet been able to contact the appropriate technical support, please report it to email@example.com.
It is important to report attacks right away, as a security engineer can often uncover information that will help prevent future attacks. However, killing processes, rebooting, etc., can destroy those clues. Even if the incident seems insignificant, it could be an important clue to a more widespread attack. Do not turn off your computer. Instead, quit using the machine, quarantine it immediately (leave it on but put a sign on the monitor to warn against further use), and report it.
The Cyber Security homepage can be found here.