SAFECOM Develops Cyber Risk Assessment Guide for Public Safety


Ted Lawson, Cybersecurity and Infrastructure Security Agency (CISA), SAFECOM Cybersecurity Working Group Federal Lead

Risk assessments are one of the most straightforward and effective processes to help organizations understand and prioritize their cybersecurity needs. As public safety communications continue to integrate new technologies, the cyberattack surface becomes broader and more complex. To help public safety strengthen overall operational and cyber resiliency, SAFECOM has developed the Guide to Getting Started with a Cyber Risk Assessment. The document highlights six recommended assessment steps, which include:

  1. Identify and document network asset vulnerabilities
  2. Identify and use sources of cyber threat intelligence
  3. Identify and document internal and external threats
  4. Identify potential mission impacts
  5. Use threats, vulnerabilities, likelihoods, and impacts to determine risk
  6. Identify and prioritize risk responses

In addition, the document provides tables accompanying the relevant assessment steps which users can customize with contact information. Links to resources that are categorized by each assessment step are also included to further help organizations prepare and conduct a cyber risk assessment. While this guide provides an example of a cyber risk assessment structure, it is not a comprehensive list of all available resources and methods.

For questions about the Guide to Getting Started with a Cyber Risk Assessment, please contact or visit the Public Safety Communications and Cyber Resiliency Toolkit for additional public safety communications and cybersecurity resiliency resources.