Incident Reporting

Incidents which must be reported

  • All employees and users are required to immediately report any suspicious incidents involving the security of Fermilab computers or networks, including apparent attempts at unauthorized access.
  • Incidents which must be reported include computer- or network-related activity, internal or external to Fermilab, that may impact Fermilab’s mission through, for example, the possibility of: loss of data; denial of services; compromise of computer security; unauthorized access to data that Fermilab is required to control by law, regulation, or DOE orders; investigative activity by legal, law enforcement, bureaucratic, or political authorities, or a public relations embarrassment.

Where to report

  • Incidents at any hour should be reported to the FNAL Service Desk at 630-840-2345, or to the system manager if immediately available.
  • System managers are expected to report incidents immediately that do not have a simple explanation based on normal routine operation of the system.
  • If there clearly is no urgency, incidents may be reported by email to

Investigation and Information Disclosure

  • The Fermilab Incident Response Team will investigate all reported incidents. The Incident Response Team may assume full administrative control of affected systems until the incident is resolved, and may call on other technical experts for priority assistance.
  • Employees and users must not disclose information resulting from a computer security incident without authorization. The Incident Response Team, in consultation with the CSBoard and the Public Information Office, will determine specific information to be disclosed to employees, users, other organizations, and the public.