The US Coast Guard has published a Policy Letter regarding the criteria and process for the reporting of suspicious activity and breach of security. In the policy letter (link at bottom) the USCG said that it recognized that the cyber domain included
“countless malicious but low-level events that are normally addressed via standard anti-virus programs and similar protocols”. It therefore says that operators “should only report events that are out of the ordinary in terms of sophistication, volume, or other factors which, from the operator’s perspective, raise suspicions”.
USCG said that the purpose of reporting was to promote security. In some cases therefore it might be appropriate for an organization to provide only the most basic information to the NRC and to provide further details directly to the COTP, Federal Bureau of Investigation (FBI), and other organizations with a need to know. The details of any security vulnerabilities revealed by the event need not be discussed during an initial report. The Coast Guard said that it would “work with the reporting source and with other appropriate authorities to assess and respond to the report.” http://www.swedishclub.com/media_upload/files/Member%20Alerts/2017/CG-5P%20Policy%20Letter%2008_16.pdf