SAFECOM Publishes Guidance on Cyber Incident Response for Public Safety


Ted Lawson, Cybersecurity and Infrastructure Security Agency (CISA), SAFECOM Cybersecurity Working Group Federal Lead

Related topics:

Public safety communications are at risk from a multitude of cyber threats and vulnerabilities. Due to the urgent nature of the operations, public safety communications are high-value targets for cyber threat actors. To set expectations of cyber incident response and to develop a culture of cyber readiness, SAFECOM has published the “First 48”: What to Expect When a Cyber Incident Occurs document.

Based on a series of conversations with public safety officials who have experienced cyber incidents, the document presents common themes, insights, and best practices in chronological order. Expectations, indicators of suspicious activities, and example incident response essential actions are outlined in textboxes to visually aid the understanding and anticipation of cyber incident response. The document appendices also link to additional public safety cyber resources as the interviewees stressed the importance of planning for and preparing against cyber incidents and vulnerabilities.

As responses to specific incidents vary greatly, the “First 48” provides foundational guidance on cyber incident response expectations. The public safety community is encouraged to holistically review their operational posture to ensure that they remain resilient in instances of other human-caused or natural disruptions. For questions about the “First 48”: What to Expect When a Cyber Incident Occurs, please contact Visit CISA’s Communications and Cyber Resiliency Toolkit for additional public safety communications and cybersecurity resources.