Report an Incident

The MS-ISAC® and EI-ISAC® are happy to assist U.S. State, Local, Tribal, and Territorial (SLTT) entities with cybersecurity incident response. Even if your SLTT organization is not an MS-ISAC or EI-ISAC member, we encourage you to contact us if you experience:

  • Changes to system hardware, firmware, or software without the owner's knowledge, instruction, or consent
  • Compromised passwords
  • Malware, including viruses, trojans, worms, or botnet activity
  • Defacement of a government website
  • Unauthorized access to information
  • Disruption or attempted denial of service (DoS)
  • Unauthorized use of system data or privileges

"Thank you for providing this invaluable service!"

- MS-ISAC Member

"My interaction with the engineering team on deploying the Albert was nothing but 1st class service.  I have complete confidence that the Albert is being monitored very well.” 

- EI-ISAC Member

Direct Assistance From Our CIRT

Our expertly trained Computer Incident Response Team (CIRT) is here to help. If your SLTT organization experiences a cybersecurity incident, our CIRT can provide the following free response services:

  • Emergency conference calls
  • Forensic analysis
  • Log analysis
  • Mitigation recommendations
  • Reverse engineering
  • Verbal report 24 hours following the incident
  • Written report one week following the close of the incident

"I will continue to leverage this expert and valuable service as long as it exists. The MS-ISAC CIRT was once again very efficient and provided a robust root cause analysis in a timely fashion."

- MS-ISAC Member


The Security Operations Center (SOC) is available 24/7 to assist via phone or email:

Arrow 866-787-4722

Arrow [email protected]