How to Use the CyberINS Tool

Introduction

INSCT’s cyber tool for identifying incidents of national significance (Cyber NSID) is a rule-based cyber reporting system that identifies events of national security significance. Cyber NSID assesses United States Computer Emergency Readiness Team (US-CERT) incident reports to generate both 1) a database of significant cyber activity; and 2) assessments of severe events.

To view these instructions as a PDF, click here.

To View Incidents

View Incidents

 

  1. Select the appropriate data source from the Source drop-down menu. There are two datasets listed: US-CERT and US-CERT II. The most up-to-date information, reflecting the new DHS classification system, can be found in US-CERT II.
  2. Incidents can be sorted by Score, Gross Score, Date, or Keyword search.
  3. Users may jump to a specific page of incidents by selecting the desired page number from the Page drop-down menu.

Scoring Rules

Users can familiarize themselves with our scoring rules for determining a cyber-incident of national significance.

http://cyberins.insct.org/rules/view-rules/

Definitions

User

Users are visitors to this website. The following functions do not require a user login.

Editor

Editors are website adminstrators from the INSCT team who can log into the content management system.

For Administrators

Manually Add an Incident

This page includes a form to input a new incident. After filling out each field with the relevant incident information, the editor can click Save to submit his/her work.

http://cyberins.insct.org/incidents/edit-incident/

Edit or Delete an incidentEdit or Delete an Incident

In the View Incidents page, after expanding the incident detailed information, the editor can see an “Edit & Delete” button. By clicking it, the editor can edit or delete this incident on the page, which is the same as the page in the preview section.

Import Incidents

http://cyberins.insct.org/incidents/import-incidents/

In the current version, this tool supports two sources, US-CERT and US-CERT II. The editor can follow the steps below to import incidents.
1.    Select the source.
2.    Select a given overall-rating, or N/A.
3.    Copy the incident from excels or CSV files, and paste on the text box below.
4.    Click “Save.”
A message will appear in red text at the top of the page to confirm that the data has been imported and saved.

Add a New Rule

http://cyberins.insct.org/rules/edit-rule/

This page includes a form to input a new rule. Some of the fields provide hints. After filling the form, the editor can click “Save” to submit his/her work.

Edit or Delete a rule

In the “view rule” page, editor can see “Edit & Delete” buttons. By clicking them, it will redirect to the rule form, the same as what in the previous section.

Edit or Create new pages

The editor can create a new page to add to the site menu:

  1. By clicking the “Dashboard” on the top, go to dashboard.
  2. If the editor wants to edit a page, click “All Pages,” and select the desired page. Otherwise, click “Add New.” Select the “template” as “Full-width Page Template, No Side bar”, and click ”Update.”
  3. Go to “Appearance” > “Menus,” to insert the newly published page into the site menu.