The Department of Homeland Security's (DHS) Enhanced Cybersecurity Services (ECS) program is a voluntary information sharing program that assists U.S.-based public and private entities as they improve the protection of their systems from unauthorized access, exploitation, or data exfiltration. DHS works with cybersecurity organizations from across the federal government to gain access to a broad range of sensitive and classified cyber threat information. DHS develops cyber threat indicators based on this information and shares them with qualified CSPs, thus enabling them to better protect their customers. ECS augments, but does not replace, entities’ existing cybersecurity capabilities.
The ECS program does not involve government monitoring of private networks or communications. Under the ECS program, information relating to threats and malware activities detected by the CSPs is not directly shared between CSP customers and the government. However, when a CSP customer voluntarily agrees, the CSP may share limited and anonymized information with ECS.
The ECS program was originally expanded in February 2013 by Executive Order 13636 - Improving Critical Infrastructure Cybersecurity, to extend ECS to all 16 critical infrastructure sectors. As a result of increased demand and need for cybersecurity protection across the nation, the program has expanded further and now allows approved Commercial Service Providers (CSPs) to extend their ECS customer base to all U.S.-based public and private entities.
For more information on the ECS program, view the ECS Program Fact Sheet.
U.S.-Based Public and Private Entities
Most entities already utilize publicly available commercial cybersecurity solutions to protect their networks. The ECS program offers an enhanced approach to protecting these entities by providing U.S. Government cyber threat indicators. This approach supports the delivery of enhanced capabilities to eligible U.S.-based public and private entities.
Participation in the program is voluntary and is designed to protect government information, corporate information security, and the privacy of participants while enhancing security. All U.S.-based public and private entities are eligible to participate in the ECS program and receive ECS services from qualified CSPs.
Commercial Service Providers
CSPs receive cyber threat indicators from DHS and use them to offer specified services to their customers in a secure environment in order to ensure the security of government furnished information.
CSPs deliver services to eligible U.S.-based public and private entities through commercial relationships. The ECS program is not involved in establishing the commercial relationships between CSPs and its potential customers. The following CSPs are currently approved to provide ECS services:
- AT&T (email@example.com)
- CenturyLink (firstname.lastname@example.org)
- Lockheed Martin (email@example.com)
- Verizon (firstname.lastname@example.org)
Sector Specific Agencies
Sector Specific Agencies (SSAs) and DHS form a critical partnership within the ECS program. The role of SSAs is to leverage existing relationships with critical infrastructure entities to expand and improve ECS. SSAs are also responsible for helping to characterize risks and threats unique to critical infrastructure entities in their respective sectors. This characterization will enable the federal government to deliver the most effective indicators relevant to ECS Protected Entities. SSAs also serve as a vital conduit to DHS for data leading to requirements that will drive the development of ECS program capabilities.
Privacy and Civil Liberties
DHS embeds privacy protections and provides transparency in all of its cyber activities. DHS uses the Fair Information Practice Principles (FIPPs) to assess and mitigate impacts on an individual’s privacy. DHS has conducted and published a Privacy Impact Assessment (PIA) for the ECS program. To read more about the FIPPs, the ECS PIA, and related cyber programs, visit DHS's Cybersecurity and Privacy page.
For more information, contact ECS_Program@hq.dhs.gov.