As part of our efforts to share timely and actionable cyber threat information with the private sector, the Department of Homeland Security (DHS) has expanded the Enhanced Cybersecurity Services (ECS) program beyond those entities classified as “critical infrastructure” to all interested U.S.-based public and private organizations. ECS solves a difficult challenge for the U.S. government: sometimes, the government has information so sensitive that the information is classified. If information is classified, we cannot share it broadly with the private sector to let companies protect themselves.
The solution is ECS. Through ECS, DHS shares sensitive and classified cyber threat indicators from across government with Commercial Service Providers (CSPs). In turn, these CSPs, use this information to protect their customers from cyber threats. CSPs are thus a managed security service: a company can pay to receive the security service that these CSPs offer.
ECS provides an invaluable layer of defense to augment an organization’s existing capabilities for protecting against unauthorized access and data exfiltration.
Until recently, this program was only available to those companies that DHS certified as “critical infrastructure.” With this expansion, CSPs are able to offer ECS services available to all interested U.S.-based public and private organizations.
Since its launch in 2013, ECS has detected more than 800,000 indicators of malicious cyber activity. It has proven to be a highly effective part of a layered defense, and I recommend it for any organization seeking to implement additional protections against sophisticated threats.
There are currently three approved ECS CSPs: AT&T, CenturyLink, and Verizon. U.S.-based companies interested in participating in ECS can reach out to one of these CSPs and learn more about the program:
DHS does not endorse any one particular service or business.