One of CESG’s roles is to minimize the risk and effects of electronic attack to the Government community. As CESG's Computer Emergency Response Team, GovCertUK assists Government departments and organisations in the recovery from a computer security incident. We gather data from all available sources to monitor the general threat level and focus. For these reasons the early reporting of incidents and attempted attacks is highly recommended

To assist in the identification and categorisation of an event please read GovCertUK's Incident Response Guidelines (pdf) for further information and guidance.

Reporting Process

Incidents should be reported by the Departmental Security Officer, or equivalent (or an individual authorized by the DSO). We recommend that you telephone number 01242 709311 for an initial response, which should be followed up with an email to incidents@govcertuk.gov.uk using the incident template (doc).

During office hours (0830 -1700) all correspondence is monitored by the GovCertUK response team. Outside office hours, at weekends and on public holidays all correspondence will be monitored by a non-specialist duty officer, supported by on-call GovCertUK response personnel. When speaking to the duty officer, please be clear that the call is for GovCertUK.

Where possible as much supporting information as possible should be supplied, such as log files, internal/external IP addresses, affected Operating Systems, patch levels and policy etc.

How to submit malware samples to GovCertUK

All samples should be sent by carefully following the procedures below:

NB: Any classified samples from Government departments should be burnt to CD/DVD, appropriately labelled and sent via a tracked delivery service to:
GovCertUK
A2f
CESG
P.O. Box 144
Cheltenham
Gloucestershire
GL51 0EX
UK

Printer friendly pdf version of this page