What is a Cybersecurity Incident?

The Fermilab Incident Response Team (FIR) is always available to address any cybersecurity incidents that occur at the lab. We work all hours to ensure that cyber security threats are mitigated. We investigate different types of incidents and use tools to block malicious links, evaluate potentially problematic programs, and enforce security controls.  The primary focus for incident response is to detect the compromises and respond to the incidents as quickly and efficiently as possible.

However, a good cybersecurity posture includes participation from the entire Fermilab community – everyone must contribute to maintain a secure computing environment for all. As such, we ask everyone to actively participate in reporting security incidents as they are faced with them.

We define a cybersecurity incident as any potential issue that could cause a breach of our network. This includes, but is not limited to, the following:

  • Malicious code attacks, such as viruses, Trojans, and exploit kits
  • Probes and network mapping
  • Unauthorized access or intrusions
  • Unauthorized utilization or misuse of services
  • Denial of service (DOS)
  • Espionage
  • Hoaxes
  • Cyberstalking
  • Fraud and identity theft
  • Stolen property
  • Phishing scams
  • Virus/Trojan/malware Infection
  • Physical insecure placements of passwords, usernames, and other confidential information
    • Examples include but not limited to: Passwords on sticky notes attached to monitors or written on white boards

The following are not security incidents, but may be line management issues:

  • Someone peering over your desk, giving you a stink eye
  • Losing office keys
  • Browsing pornography
  • Implementing security fixes or patches on machines


Please report any security incidents:


Call: x2345