Skip to main content

Cyber Incident Response

Contact the Michigan Cyber Command Center (MC3) at Michigan State Police if you are experiencing a cyber incident: or 877-MI-CYBER.

Michigan Cyber Partners helps organize coordinated preparation and response to cyber incidents at local public entities in Michigan.

Cyber Incident Response Planning

It is not a matter of “if”, but “when”. Given the fact that you are likely to experience some level of cyber incident at your organization, it is worth taking some time to a) think through what you might do in the event of an incident; and b) document your response plan; and c) practice!

Cyber Partners has taken a sample incident response plan in use at multiple governments in Michigan and created a template that you can use to create your own plan. We have also created a companion PowerPoint presentation that you can use in a meeting format to run a planning meeting within your organization.

Cyber Incident Response Exercises

Cyber Partners produced a series of tabletop exercise opportunities for local public entity staff on an ongoing basis. If you would like to be included, please Join Michigan Cyber Partners

If you would like to run your own cyber incident response exercise, CISA provides a collection of tabletop exercise packages.

Mini Tabletop Exercise Ideas

Below are some simple scenarios for you to discuss with your team in 15 minutes. What would you do if they happened in your organization? Try it!

  • One of your accounts gets compromised through a phishing campaign where a user gives up their credentials. What do you do in the 5-10 minutes? On the same business day? Next day or later?
  • Your boss when to a conference and sat in on a session on cybersecurity. The presenter shared information about the prevalence of cyber attacks and was shown a chart that says that 3/4 of attacks in 2022 had initial vector of external access and 1/4 was attributed to user action. The boss asks you to provide a report in one week about your organization's exposure to these risks, prevention measures in place, and your recommendation on next steps. What are they?
  • You get a call from someone identifying themselves as working for the FBI. They say that they have information from a trusted source that your organization may be compromised and further action by a threat actor may be imminent. They provide you with further information, including IP addresses where traffic may have been exfiltrated. They recommend that you look at your firewall logs for those malicious IP address to see if traffic has gone to those addresses. What do you do?

At each Cyber Partners meeting, we share a mini tabletop idea for partners to use in their organization. Join us!

Michigan Cyber Civilian Corps

The Michigan Cyber Civilian Corps (MiC3) is a group of trained, civilian technical experts who individually volunteer to provide rapid response assistance to the State of Michigan in the event of a critical cyber incident. MiC3 incident response is available after requests for assistance have been made to the Michigan Cyber Command Center(MC3). More about the Michigan Cyber Civilian Corps.