Protecting critical infrastructure against growing and evolving cyber threats requires a layered approach. The Department of Homeland Security (DHS) actively collaborates with public and private sector partners every day to respond to and coordinate mitigation efforts against attempted disruptions and adverse impacts to the nation’s critical cyber and communications networks and infrastructure.
As the federal government’s lead agency for coordinating the protection, prevention, mitigation, and recovery from cyber incidents, DHS works regularly with business owners and operators to strengthen their facilities and communities. To accomplish this, the DHS Enhanced Cybersecurity Services (ECS) program was expanded in February 2013 by Executive Order - Improving Critical Infrastructure Cybersecurity.
ECS is a voluntary information sharing program that assists critical infrastructure owners and operators as they improve the protection of their systems from unauthorized access, exploitation, or data exfiltration. DHS works with cybersecurity organizations from across the federal government to gain access to a broad range of sensitive and classified cyber threat information. DHS develops indicators based on this information and shares them with qualified Commercial Service Providers (CSPs), thus enabling them to better protect their customers who are critical infrastructure entities. ECS augments, but does not replace, an entities’ existing cybersecurity capabilities.
The ECS program does not involve government monitoring of private networks or communications. Under the ECS program, information relating to threats and malware activities detected by the CSPs is not directly shared between the critical infrastructure CSP customers and the government. However, when a CSP customer voluntarily agrees, the CSP may share limited and anonymized information with ECS. See the Privacy Impact Assessment below for more details.
Critical Infrastructure Entities
Most critical infrastructure entities already utilize cybersecurity providers to protect their networks. The ECS program offers an enhanced approach to protecting these entities by supplementing existing services and commercial capabilities with U.S. Government cyber threat information. This approach supports the delivery of enhanced capabilities to eligible participants from all sectors.
Participation in the program is voluntary and is designed to protect government information, corporate information security, and the privacy of participants, while enhancing the security of critical infrastructure. Validated entities from all critical infrastructure sectors are eligible to participate in the ECS program and receive ECS services from qualified CSPs. DHS validates entities that express an interest in participating in ECS (“candidate Entities”) using the below criteria to evaluate their eligibility to participate in ECS:
The candidate Entity must be:
1) Determined by a Sector Specific Agency or by the Department of Homeland Security to be an owner or operator of systems or assets that meet the legal definition of United States Critical Infrastructure as defined in Federal law (i.e., 42 U.S.C. § 5195c(e), which defines Critical Infrastructure as, “systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters”), or
2) United States non-federal government entity (e.g. state/ municipal government entities)
To learn more about becoming a validated critical infrastructure entity, please contact the ECS Program Management Office at ECS_Program@HQ.DHS.gov.
Commercial Service Providers
CSPs receive threat information from DHS and use it to offer specified services to their critical infrastructure customers in a secure environment in order to ensure the security of government furnished information.
CSPs deliver services to eligible customers through commercial relationships. The ECS program is not involved in establishing the commercial relationships between CSPs and validated critical infrastructure entities. As of February 2013, the following CSPs are approved to provide ECS services to critical infrastructure entities:
DHS is working with several additional providers who seek to offer enhanced cybersecurity services to entities. To learn about becoming a CSP, please contact ECS_Program@HQ.DHS.gov.
Sector Specific Agencies
Sector Specific Agencies (SSAs) and DHS form a critical partnership within the ECS program. The role of the SSA is to leverage existing relationships with critical infrastructure entities to expand and improve ECS. The SSA is also responsible for helping to characterize risks and threats unique to critical infrastructure entities in their respective sectors. This characterization will enable the federal government to deliver the most effective indicators relevant to ECS protected entities based upon the unique threat environment of their sector. SSAs also serve as a vital conduit to DHS for data leading to requirements that will drive the development of ECS program capabilities.
Privacy and Civil Liberties
DHS embeds and enforces privacy protections and transparency in all its activities and uses the Fair Information Practice Principles (FIPPs) to assess and mitigate any impact on an individual’s privacy. DHS has conducted and published a Privacy Impact Assessment for the ECS program. DHS also ensures that ECS and all of its cybersecurity activities are structured in a way that ensures individual rights are protected.
For more information, contact ECS_Program@HQ.DHS.gov.