The Emergency Services Sector Cybersecurity Initiative is an ongoing effort to enable the Emergency Services Sector (ESS) to better understand and manage cyber risks and to coordinate the sharing of cyber information and tools between subject matter experts (both inside and outside the federal government) and the ESS disciplines.
Emergency Services Sector Cybersecurity Best Practices
The Emergency Services Sector Cybersecurity Best Practices is a fact sheet to assist ESS organizations and personnel to better protect themselves by implementing some simple, effective, low-cost measures. In addition to general cybersecurity practices, it also addresses best practices for social networking, email, Wi-Fi, and Bluetooth.
Emergency Services Sector-Cyber Risk Assessment
The Emergency Services Sector-Cyber Risk Assessment (ESS-CRA) is the first sector-wide assessment that analyzes strategic cyber risks to ESS infrastructure. The ESS-CRA results will help the sector understand and manage cyber risks, and provide a national-level risk profile that ESS organizations can use to prioritize how they spend resources and where to focus training, education, equipment investments, grant requests, and further study.
Emergency Services Sector Roadmap to Secure Voice and Data Systems
The follow-up to the Emergency Services Sector-Cyber Risk Assessment (ESS-CRA), the Emergency Services Sector Roadmap to Secure Voice and Data Systems, identifies and discusses proposed risk mitigation measures to address the risks identified in the ESS-CRA.
Enhanced Cybersecurity Services
Enhanced Cybersecurity Services (ECS) is a voluntary, information-sharing program that helps the Emergency Services Sector improve protection of its systems from unauthorized access, exploitation, or data exfiltration. The ECS information sharing process protects critical infrastructure entities against cyber threats that could otherwise harm their systems.
Cyber Resilience Review
The Cyber Security Evaluation Program conducts no-cost, voluntary Cyber Resilience Reviews (CRR) to evaluate and enhance cybersecurity capacities and capabilities within all 16 critical infrastructure sectors, as well as state, local, tribal, and territorial governments. The CRR seeks to understand cybersecurity critical for an organization’s success by focusing on protection and sustainment practices within ten key domains that contribute to the overall cyber resilience of an organization.
Executive Order 13636 and Presidential Policy Directive 21
Facing threats to our nation from cyber-attacks that could disrupt our power, water, communications, and other critical systems, the President issued Executive Order (EO) 13636: Improving Critical Infrastructure Cybersecurity and Presidential Policy Directive (PPD) 21: Critical Infrastructure Security and Resilience. These policies reinforce the need for holistic thinking about security and risk management. Implementation of the EO and PPD will drive action toward system and network security and resiliency, while simultaneously enhancing the efficiency and effectiveness of the U.S. government’s efforts to secure critical infrastructure and make it more resilient.
Emergency Services Sector Cybersecurity Framework Implementation Guidance
The National Institute of Standards and Technology (NIST) released the voluntary Framework for Improving Critical Infrastructure Cybersecurity (Framework) in February 2014 to provide a common language that critical infrastructure organizations can use to assess and manage their cybersecurity risk. The Framework enables an organization—regardless of its sector, size, degree of risk, or cybersecurity sophistication—to apply the principles and effective practices of cyber risk management to improve the security and resilience of its critical infrastructure.
The U.S. Department of Homeland Security (DHS), as the Sector-Specific Agency (SSA), worked with the Emergency Services Sector Coordinating Council (SCC) and Government Coordinating Council (GCC) to develop the Emergency Services Sector Cybersecurity Framework Implementation Guidance specifically for Emergency Services Sector organizations. This Implementation Guidance provides Emergency Services Sector organizations with:
- Background on the Framework terminology, concepts, and benefits of its use.
- A mapping of existing cybersecurity tools and resources used in the Emergency Services Sector that can support Framework implementation.
- Detailed Framework implementation steps tailored for Emergency Services Sector owners and operators.
For more information, contact the Emergency Services Sector-Specific Agency at firstname.lastname@example.org.