Report an Incident
The E-ISAC receives physical security, cybersecurity, and operational security event and incident reporting from the electricity sector and bulk power system entities. The E-ISAC is the organization that receives all CIP-008 security incident reporting. Requirement R1.3. reads: “The Responsible Entity must ensure that all reportable Cyber Security Incidents are reported to the E-ISAC either directly or through an intermediary.”
For confidential security collaboration with the E-ISAC, use one or both of the following primary contact methods (24/7):
     -   Phone:  404-446-9780 (Press 2)
     -   Email:
Please encrypt any sensitive information prior to emailing. The E-ISAC public PGP encryption key is available here. If you want to use another encryption package, please call the number above to share the password.
Reliability Coordinator Information System (RCIS): NERC Reliability Coordinators have the option to use this secure messaging system for event and incident reporting. Use of RCIS is limited to Reliability Coordinators and shared with the E-ISAC.
One of the following forms should be used to report your threat or incident: 
  • OE-417 Form;
  • Event Reporting Form found in NERC Reliability Standard EOP-004-2 [Download];
  • Security Guideline Threat and Incident Reporting Form [Download]; or
  • Free Form or your own reporting form as an email to the address.
For more information on incident reporting, visit: 
  • NERC Reliability Standard CIP-008-3: Cyber Security - Incident Reporting and Response Planning View >>
  • NERC Reliability Standard EOP-004-2: Event Reporting View >>
  • U.S. Department of Energy, Office of Electricity Delivery and Energy Reliability, OE-417 View >>
  • Security Guideline for the Electricity Sector: Threat and Incident Report View>>

Additional E-ISAC portal functionality is available on the Portal at