The Department of Homeland Security’s (DHS) Enhanced Cybersecurity Services (ECS) — a voluntary program that shares indicators of malicious cyber activity between and participating Commercial Service Providers (CSPs) and Operational Implementers (OIs) – has concluded a Privacy Impact Assessment (PIA) Update to reflect ECS’ support by Executive Order 13636, Improving Critical Infrastructure Cybersecurity, the expansion of service beyond Critical Infrastructure sectors to all US-based public and private entities, and to introduce the new Netflow Analysis service.
Executive Order 13636, issued on February 12, 2013 directed federal departments and agencies to work together and with the private sector to strengthen the security and resilience of the nation’s critical infrastructure.
Specifically, the order supported the ECS effort and services as expanded to include all 16 US critical infrastructure (CI) sectors.
According to the PIA, “As a result of ongoing, high-profile cyber attacks and the increased sophistication of our adversaries, DHS has continued to expand ECS beyond CI entities to include all US-based public and private entities. The description of the program articulated in the January 2013 PIA remains unchanged by the [Executive Order], and DHS continues to share indicators of malicious activity (known as Government Furnished Information (GFI)) with approved CSPs and OIs. The CSPs use GFI to protect their ECS customers who are US-based public and private entities.”
The initial implementation of ECS involved two cyber threat services: DNS Sinkholing and Email Filtering.
According to DHS, “ECS will offer further protections to US-based public and private sector entities utilizing GFI with a new service called Netflow Analysis,” which “is meant to provide entities with near real‐time actionable alerts based on GFI, which would allow for the mitigation/remediation of incidents that could have otherwise gone unnoticed.”
“This new capability,” DHS explained, “will involve the CSPs working with their customers to receive netflow records from across their enterprise that will show traffic flows and volume.
CSPs will then use GFI to detect instances of malicious activity occurring on their customers’ networks. The Netflow Analysis service will operate in passive mode and will not be able to automatically modify or block malicious traffic.”
Like other ECS services, DHS said, Netflow Analysis can be acquired via CSPs by subscribing customers as a stand‐alone service without requiring the CSP to serve as a customer’s Internet Service Provider.
“Netflow Analysis will be available on a strictly voluntary basis, with CSP/OI partners responsible for implementation,” DHS stated.
DHS previously described the use of GFI for services in a January 16, 2013 ECS PIA.
