The Emergency Services Sector Cybersecurity Initiative is an ongoing effort to enable the Emergency Services Sector (ESS) to better understand and manage cyber risks and to coordinate the sharing of cyber information and tools between subject matter experts (both inside and outside the federal government) and the ESS disciplines.
Emergency Services Sector Cybersecurity Best Practices
The Emergency Services Sector Cybersecurity Best Practices is a fact sheet to assist ESS organizations and personnel to better protect themselves by implementing some simple, effective, low-cost measures. In addition to general cybersecurity practices, it also addresses best practices for social networking, email, Wi-Fi, and Bluetooth.
Emergency Services Sector-Cyber Risk Assessment
The Emergency Services Sector-Cyber Risk Assessment (ESS-CRA) is the first sector-wide assessment that analyzes strategic cyber risks to ESS infrastructure. The ESS-CRA results will help the sector understand and manage cyber risks, and provide a national-level risk profile that ESS organizations can use to prioritize how they spend resources and where to focus training, education, equipment investments, grant requests, and further study.
Emergency Services Sector Roadmap to Secure Voice and Data Systems
The follow-up to the Emergency Services Sector-Cyber Risk Assessment (ESS-CRA), the Emergency Services Sector Roadmap to Secure Voice and Data Systems, identifies and discusses proposed risk mitigation measures to address the risks identified in the ESS-CRA.
Enhanced Cybersecurity Services
The Enhanced Cybersecurity Services (ECS) program is an intrusion prevention capability that is available to U.S.-based entities and State, Local, Tribal, and Territorial (SLTT) organizations.
Cyber Resilience Review
The Cyber Resilience Review (CRR) is a no-cost, voluntary, non-technical assessment to evaluate an organization's operational resilience and cybersecurity practices. The CRR may be conducted as a self-assessment or as an on-site assessment facilitated by DHS cybersecurity professionals. The CRR assesses enterprise programs and practices across a range of ten domains including risk management, incident management, service continuity, and others. The assessment is designed to measure existing organizational resilience as well as provide a gap analysis for improvement based on recognized best practices.
Executive Order 13636 and Presidential Policy Directive 21
Facing threats to our nation from cyber-attacks that could disrupt our power, water, communications, and other critical systems, the President issued Executive Order (EO) 13636: Improving Critical Infrastructure Cybersecurity and Presidential Policy Directive (PPD) 21: Critical Infrastructure Security and Resilience. These policies reinforce the need for holistic thinking about security and risk management. Implementation of the EO and PPD will drive action toward system and network security and resiliency, while simultaneously enhancing the efficiency and effectiveness of the U.S. government’s efforts to secure critical infrastructure and make it more resilient.
Emergency Services Sector Cybersecurity Framework Implementation Guidance
The National Institute of Standards and Technology (NIST) released the voluntary Framework for Improving Critical Infrastructure Cybersecurity (Framework) in February 2014 to provide a common language that critical infrastructure organizations can use to assess and manage their cybersecurity risk. The Framework enables an organization—regardless of its sector, size, degree of risk, or cybersecurity sophistication—to apply the principles and effective practices of cyber risk management to improve the security and resilience of its critical infrastructure.
The U.S. Department of Homeland Security (DHS), as the Sector Risk Management Agency (SRMA), worked with the Emergency Services Sector Coordinating Council (SCC) and Government Coordinating Council (GCC) to develop the Emergency Services Sector Cybersecurity Framework Implementation Guidance specifically for Emergency Services Sector organizations. This Implementation Guidance provides Emergency Services Sector organizations with:
- Background on the Framework terminology, concepts, and benefits of its use.
- A mapping of existing cybersecurity tools and resources used in the Emergency Services Sector that can support Framework implementation.
- Detailed Framework implementation steps tailored for Emergency Services Sector owners and operators.