Enhanced Cybersecurity Services (ECS)

The Department of Homeland Security's (DHS) Enhanced Cybersecurity Services (ECS) program is an intrusion prevention capability that is available to U.S.-based entities and State, Local, Tribal, and Territorial (SLTT) organizations. DHS partners with service providers that build and maintain classified systems capable of protecting ECS customer networks against unauthorized access, exploitation, and data exfiltration. ECS follows a managed security service model whereby DHS shares sensitive and classified cyber threat information with accredited ECS commercial service providers. These commercial service providers in turn use that information to detect and block malicious traffic from entering or exiting customer networks. ECS is meant to augment, not replace, an ECS customer's existing cybersecurity capability.

Benefits of ECS

  • ECS is a fast way to protect your organization using government information.
    • As soon as a threat is known to DHS, it is deployed through ECS - and immediately detects and/or blocks that threat on your network.
  • ECS is the only cybersecurity capability on the commercial market that uses sensitive and classified cyber threat information to protect networks.
    • ECS is the only way you can operationalize classified information to immediately protect your network.
  • ECS is a cost effective way to further enhance your network protections.
    • With ECS, your organization will benefit from the protections associated with sensitive/classified CISA- sourced intelligence.
  • If you are a state or local organization, ECS is potentially reduced or free to you.
    • State and Local organizations may be eligible to apply for FEMA Homeland Security Grant Program funds (through their respective state grant administrative agencies), in order to pay for ECS.

Service Offerings

The ECS program currently offers three services:

  • Domain Name Service (DNS) Sinkholing, which blocks access to specified malicious domain names;
  • Email (SMTP) Filtering, which blocks email with specified malicious criteria from entering a network; and
  • Netflow Analysis, which uses passive detection to provide customers with near real-time alerts of malicious activity on their network. 

The ECS program continues to consider additional service offerings that can use government-vetted cyber threat indicators to enhance the protection of U.S.-based organizations.


The ECS program embeds privacy protections into all of its operations. ECS does not monitor any private networks or collect any communications, directly or by proxy. DHS uses the Fair Information Practice Principles (FIPPs) to assess and mitigate impacts on an individual’s privacy. DHS has conducted and published a Privacy Impact Assessment (PIA) for the ECS program. To read more about the FIPPs, the ECS PIA, and related cyber programs, visit DHS's Cybersecurity and Privacy page.

Eligibility & Enrollment

All U.S.-based public and private entities, including state and local governments, are eligible to enroll in ECS. Program participation is voluntary and designed to protect government intelligence, corporate information security, and the privacy of participants. Three providers are accredited to provide ECS:

U.S.-based entities or SLTT organizations interested in participating or learning more about service-level options and agreements should contact an ECS commercial service provider directly.

Contact Information

For general program information, contact ECS_Program@cisa.dhs.gov. For specific information about enrollment, pricing, or service options, please contact the ECS commercial service providers listed above.

Was this webpage helpful?  Yes  |  Somewhat  |  No