White House Holiday Warning Identifies Options for Reporting Ransomware


The FBI has a prominent portal for entities to report cybersecurity incidents, but Congress is considering legislation that officials fear could change the current dynamic.

Entities experiencing any suspicious cyber activity should report incidents to either the Cybersecurity and Infrastructure Security Agency or the FBI, CISA Director Jen Easterly said in a White House press release highlighting a joint advisory from the agencies in advance of the Thanksgiving holiday break. 

“While we are not currently aware of a specific threat, we know that threat actors don’t take holidays,” Easterly said in the release Monday. “We will continue to provide timely and actionable information to help our industry and government partners stay secure and resilient during the holiday season. We urge all organizations to remain vigilant and report any cyber incidents to CISA or FBI.”

The advisory, also released Monday, cites a track record of threat actors choosing long weekends and holidays to launch attacks. It includes the usual list of basic cybersecurity measures—such as mandating strong passwords, using multi factor authentication, and scrutinizing links before clicking—organizations should take to protect their systems. It also urges organizations to secure and monitor any services for remote work and identifying IT security personnel who would be able to respond in the event of an attack. 

But the FBI, also quoted in the White House press release, did not similarly mention CISA’s reporting mechanism, pointing only to the FBI’s Internet Crime Complaint Center, or Ic3 portal.  

“The FBI is dedicated to combating cyber-crimes targeting the American public and our private sector partners. Cyber criminals have historically viewed holidays as attractive times to strike,” said FBI Cyber Assistant Director Bryan Vorndran. “We will continue to provide cyber threat information and share best safeguard practices. We urge network defenders to prepare and remain alert over the upcoming holiday weekend and report any suspicious activity to www.ic3.gov.”

During a Nov. 16 hearing in the House Committee on Oversight and Reform, Vorndran expressed concerns that legislation which could soon become law as part of the National Defense Authorization Act would cut the FBI out of the loop by requiring private sector entities to report their cybersecurity incidents to CISA.

“We are troubled that all legislation being considered on mandatory cyber incident reporting does not explicitly account for the essential role that federal law enforcement, and notably the Department of Justice and the FBI, plays in receiving cyber incident reporting and actioning the information to assist victims and impose risk and consequences on cybercriminals,” reads Vorndran’s testimony before the committee.

The White House release and the joint advisory also promote stopransomware.gov as a one-stop-shop for federal cybersecurity resources. That website lists the U.S. Secret Service as a third option for reporting incidents.