BNL Home

Computer Security Incidents

What is a Computer Security Incident?

A computer security incident can range from a simple virus to the disclosure of sensitive information. Incidents can be minor, important, or significant. Incidents that must be reported include computer or network related activity, internal or external to the Laboratory, that may impact the Laboratory’s mission.

Examples of such activities include: the possibility of: loss of data; denial of services; compromise of computer security; unauthorized access to data that the Laboratory is required to control by law, regulation, or DOE orders; investigative activity by legal, law enforcement, bureaucratic, or political authorities; or a public relations embarrassment.

Reporting Process

Incidents should be reported to the Cyber Security Incident Response Team (CSIRT) at 631-344-8484, or to the System Manager if immediately available. System managers are expected to report incidents immediately that do not have a simple explanation based on normal routine operation of the system.

If there is clearly no urgency, incidents may be reported by email to: security@bnl.gov

Investigation Process

CSIRT will investigate all reported incidents. The Head of CSIRT may assume full administrative control of affected systems until the incident is resolved, and may call on other technical experts for priority assistance.