Report an Incident
The E-ISAC receives physical security, cybersecurity, and operational security event and incident reporting from the electricity sector and bulk power system entities. The E-ISAC is the organization that receives all CIP-008 security incident reporting. Requirement R1.3. reads: “The Responsible Entity must ensure that all reportable Cyber Security Incidents are reported to the E-ISAC either directly or through an intermediary.”
 
Reporting
For confidential security collaboration with the E-ISAC, use one or both of the following primary contact methods (24/7):
     -   Phone:  404-446-9780 (Press 2)
     -   Email:   operations@eisac.com
 
Please encrypt any sensitive information prior to emailing. The E-ISAC public PGP encryption key is available here. If you want to use another encryption package, please call the number above to share the password.
 
Reliability Coordinator Information System (RCIS): NERC Reliability Coordinators have the option to use this secure messaging system for event and incident reporting. Use of RCIS is limited to Reliability Coordinators and shared with the E-ISAC.
 
One of the following forms should be used to report your threat or incident: 
  • OE-417 Form;
  • Event Reporting Form found in NERC Reliability Standard EOP-004-2 [Download];
  • Security Guideline Threat and Incident Reporting Form [Download]; or
  • Free Form or your own reporting form as an email to the operations@eisac.com address.
For more information on incident reporting, visit: 
  • NERC Reliability Standard CIP-008-3: Cyber Security - Incident Reporting and Response Planning View >>
  • NERC Reliability Standard EOP-004-2: Event Reporting View >>
  • U.S. Department of Energy, Office of Electricity Delivery and Energy Reliability, OE-417 View >>
  • Security Guideline for the Electricity Sector: Threat and Incident Report View>>

Additional E-ISAC portal functionality is available on the Portal at www.eisac.com.

 

 
 
 

 

 
 
​​