In Cybersecurity Incidents

  • What it is

    A cybersecurity incident is a data breach and can leave your agency, its data, and your operations vulnerable. 

  • How it can happen

    Cybersecurity breaches can occur through phishing emails, malware-based attacks, intercepted networks, DoS or DDoS attacks on a server, internal threats, and more.

  • What it looks like

    Signs of an attack can include unusual activity on your network, slow or unresponsive systems, or ransomware messages that might state a payment is required to release your data. When this occurs, government entities must report the incident within an hour. See reporting steps below for state agencies and local government entities.

    Cyber incidents fall under the following categorizations:

    • Severity 1 - Critical business high impact, or no availability
    • Severity 2 - Critical business medium impact, or some, but not all critical systems are available.

How to report a cybersecurity incident:

For state agencies

If your agency experiences a cyber attack, you should report the incident within an hour of recognizing the issue, and take several steps to limit the damage and prevent additional attacks.

  • First, contain the attack. Isolate the device, such as a server, laptop, or desktop computer. This may involve disconnecting affected devices from the network or shutting down systems to prevent the spread.
  • While the attack is being contained, contact the Georgia Technology Authority (GTA) help desk at (877) 482-3233, Option 2, available 24/7. Report the event using the phrase, “Declaring a Cyber-Security Event.” The help desk staff will request an agency point person during the call.
  • You will be given guidance regarding any further action needed or additional resources to coordinate. The agency point person will receive communication until the incident is closed.

For local government entities

Every county, municipal corporation, school district, or other political subdivision of the state should contact their local emergency management agency (EMA) for assistance within an hour of recognizing the issue.

Relevant legislation:

Georgia House Bill (HB) 156

On March 25, 2021, Governor Brian Kemp signed Georgia House Bill (HB) 156 into law. HB 156 facilitates the sharing of information related to cyberattacks on state government entities. Additionally, a reporting mandate states that all governmental agencies and utilities must "report any cyberattacks to the director of emergency management and homeland security." Language from the bill's summary is below:

A bill to be entitled an act to amend titles 38 and 50 of the official code of Georgia annotated, relating to military, emergency management, and veterans affairs and state government, respectively, so as to facilitate the sharing of information and reporting of cyberattacks; to require governmental agencies and utilities to report any cyberattacks to the director of emergency management and homeland security; to provide for definitions; to provide for the director to promulgate certain rules and regulations; to provide for proceedings related to cybersecurity to be held in executive session; to provide for certain information, data, and reports related to cybersecurity and cyberattacks to be exempt from public disclosure and inspection; to provide for related matters; to provide for an effective date; to repeal conflicting laws; and for other purposes.

A PDF version of the bill is below: