This website, along with other cybersecurity offerings, seeks to assist APCO members in identifying and mitigating the risks from cybersecurity incidents. Our primary focus is to provide information that should assist with detecting, analyzing, and responding to incidents.

APCO Resources

APCO Perspectives

  • Cyber Threat Prep

    Cybersecurity in the ECC requires educating personnel about the risks.

  • Cyber and Physical Security in the ECC

    The two types of security are connected, and we can take steps to enhance both.

  • Why Cyber Hygiene Matters

    These are the practices ECCs can use to defend against the threat of cyber criminals.

  • APCO International’s Definitive Guide to Next Generation 9-1-1: Security Section

    The implementation of NG9-1-1 technology provides ECCs with the opportunity to take a holistic approach to cybersecurity protections. ECCs will need to ensure that their technical and operational cybersecurity protocols are sufficient for both an NG9-1-1 and a legacy environment.

  • APCO International’s Definitive Guide to Next Generation 9‑1‑1

    The comprehensive guide takes a forward-looking approach to Next Generation 9-1-1 (NG9-1-1) to address what emergency communications centers (ECCs) and professional staff from telecommunicators to directors need to make informed decisions now and in the future.

  • Why Cybersecurity Matters

    When implementing new systems and networks, ECCs should always consider cybersecurity measures in the initial plans in order to ensure that sensitive data is secured.

  • Cybersecurity Is Everyone’s Responsibility

    It is important that every agency or organization develop guidelines on establishing effective cybersecurity strategies to include training, awareness, and incident response programs.

  • Broadband Implications for the PSAP: Cybersecurity

    Cybersecurity presents one of the most complex challenges for emergency communications centers in a broadband environment. This section of APCO’s P43 Report discusss the current and future threat, cybersecurity concepts, findings and high level recommendations.

Cybersecurity Committee

  • Cyber Insurance Whitepaper for Public Safety Agencies

    Cybersecurity insurance is an option that many public safety agencies should consider. This whitepaper is intended to provide information on why you may need it, what it is, and the factors that affect its cost and availability.

  • ECC Cybersecurity and Incident Handling Resources

    A range of resources and tools to ensure an ECC is prepared to deploy a rapid response plan to a cybersecurity incident. The resources and services can help ECCs assess their cyber resilience, improve their security posture, and respond effectively to cyber threats.

  • Ransomware 101: What Emergency Communications Leadership Needs to Know

    Knowing how to protect your public safety answering point (PSAP)/emergency communications center (ECC) from a ransomware attack is vital.

  • The TFOPA Cybersecurity Strategy How to Implement at Your ECC

    Most ECC boards and directors realize there is a crisis but do not know where to begin to create a strong cyber defense strategy. Luckily, there have been several efforts designed to provide guidance on managing cybersecurity in the ECC, most notably the FCC’s Task Force on Optimal PSAP Architecture (TFOPA).

  • Three High-Value, Low-Cost Strategies to Strengthen ECC Cyber Defense Strategy

    From small, two-seat centers scattered throughout the country in rural areas, to large, multijurisdictional regional dispatch centers in heavily populated metropolitan areas, our nation’s ECCs are under a relentless, ever-increasing onslaught of cyber-attacks.

  • Cybersecurity Attacks: Detection and Mitigation

    An accessible best practices guide to implementing effective cybersecurity policies and procedures within the ECC.

  • Top 5 Cyber-Defense Practices for 9-1-1

    A list of top cyber-defense practices that ECC’s across the US have used to successfully defend against and recover from cyberattacks.

  • Cybersecurity Readiness Checklist

    This checklist order will vary for each ECC and each agency will prioritize the list differently.

  • Who Should Own And Drive Cybersecurity in the ECC

    While everyone has a role to play in a successful cybersecurity strategy there needs to be someone ultimately responsible for driving it and has their finger on the pulse of how well the strategy is being executed, providing guidance where required, changing course when new threats arise, planning for breaches and executing on those plans […]

Federal Resources

US Department of Homeland Security / Cybersecurity and Infrastructure Security Agency

  • CISA, NSA, FBI, and MS-ISAC Publish Phishing Guidance Document

    This joint guide outlines phishing techniques malicious actors commonly use and provides guidance for both ECC network defenders and ECC software manufacturers.

  • People’s Republic of China-Linked Cyber Actors Hide in Router Firmware

    The authoring agencies have observed People’s Republic of China-linked cyber actors leveraging this exploitation of routers to pivot from global subsidiary companies to corporate headquarters networks in the US and Japan. Several specific detection and mitigation methods are provided in this CSA.

  • CISA and FBI Alert for Identification and Disruption of QakBot Infrastructure

    This document provides guidance to critical infrastructure on specific indicators of compromise (IOCs) for QakBot-related activity.

  • CISA Creates Webpage for Apache Log4j Vulnerability

    The Department of Homeland Security Cybersecurity and Infrastructure Security Agency (DHS CISA) recently created a website to track and respond to the active, widespread exploitation of a critical remote code execution vulnerability (CVE-2021-44228) affecting Apache Log4j software library versions 2.0-beta9 to 2.14.1.

  • Department of Homeland Security Cybersecurity Resources

    The Cybersecurity and Infrastructure Security Agency (CISA) leads the nation’s strategic and unified work to strengthen the security, resilience, and workforce of the cyber ecosystem to protect critical services.

  • Stop. Think. Connect

    The Stop.Think.Connect. Campaign is a national public awareness campaign aimed at increasing the understanding of cyber threats and empowering the American public to be safer and more secure online.

  • United States Computer Emergency Readiness Team (US-CERT)

    US-CERT offers mailing lists and feeds for a variety of products including the National Cyber Awareness System and Current Activity updates. The National Cyber Awareness System was created to ensure that you have access to timely information about security topics and threats.

  • CISA Emergency Communications Resources

    CISA ensures public safety and national security and emergency preparedness communities can seamlessly and securely communicate during steady state and emergency operations to keep America safe, secure, and resilient.

  • National Terrorism Advisory System (NTAS)

    In 2011, the Department of Homeland Security (DHS) replaced the color-coded alerts of the Homeland Security Advisory System (HSAS) with the National Terrorism Advisory System (NTAS), designed to more effectively communicate information about terrorist threats by providing timely, detailed information to the American public

  • National Cybersecurity Awareness Month

    National Cybersecurity Awareness Month (NCSAM), in October, raises awareness about the importance of cybersecurity across our nation, ensuring that all Americans have the resources they need to be safer and more secure online.

  • Cybersecurity & Infrastructure Security Agency Catalog

    CISA leads the nation’s strategic and unified work to strengthen the security, resilience, and workforce of the cyber ecosystem to protect critical services and American way of life. The CISA Services Catalog is a single resource that provides users with access to information on services across all of CISA’s mission areas that are available to […]


Communications Security, Reliability, and Interoperability Council (CSRIC)

  • Communications Security, Reliability and Interoperability Council (CSRIC)

    The Communications Security, Reliability and Interoperability Council’s (CSRIC) mission is to provide recommendations to the FCC to ensure, among other things, optimal security and reliability of communications systems, including telecommunications, media, and public safety.

  • CSRIC WG7: Cybersecurity Workforce Development Best Practices Recommendations

    The mission of the Communications Security, Reliability and Interoperability Council (CSRIC) is to provide recommendations to the Federal Communications Commission (FCC) to ensure, among other things, optimal security and reliability of communications systems. Working Group 7 of the CSRIC V is specifically chartered to provide recommendations for the CSRIC’s consideration regarding any actions the FCC […]

  • CSRIC WG6: Best Practices Recommendations for Hardware and Software Critical to the Security of the Core Communications Network

    This CSRIC V Working Group 6: Secure Hardware and Software – Security-by-Design (Working Group 6) was formed and tasked with developing voluntary recommendations and best practices to enhance the security of hardware and software in the core public communications network. In a separate report in September of 2016, the Working Group provided voluntary mechanisms to […]

  • CSRIC WG6: Secure Hardware and Software: Security-by-design

    CSRIC V WG6 was tasked with developing voluntary recommendations and best practices to enhance the security of hardware and software used in communications critical infrastructure. The working group was also tasked with a second deliverable, to develop a voluntary attestation framework that could be used by companies to demonstrate the success of the recommendations/best practices.

  • CSRIC WG5: Cybersecurity Information Sharing: Information Sharing Barriers

    CSRIC V Working Group 5 (WG5) is currently tasked with identifying and assessing perceived technical, legal, financial, consumer/market, operational, and/or organization impediments to cyber threat information sharing and/or the implementation of the prospective use cases

  • CSRIC WG5: Cybersecurity Information Sharing

    Working Group 5 (WG 5), Cybersecurity Information Sharing, was tasked with developing recommendations to the Federal Communications Commission (FCC or the Commission) to encourage sharing of cybersecurity information between companies in the communications sector. This report represents the culmination of multiple work streams highlighting the robust level of information sharing that is already underway within […]

Department of Justice (DOJ) / Federal Bureau of Investigation (FBI)

  • CISA and FBI Alert for Identification and Disruption of QakBot Infrastructure

    This document provides guidance to critical infrastructure on specific indicators of compromise (IOCs) for QakBot-related activity.

  • 2022 Internet Crime Report

    In 2022, the IC3 received 800,944 complaints, which is a 5 percent decrease from 2021. However, the potential total loss has grown from $6.9 billion in 2021 to more than $10.2 billion in 2022.  [MA1]Add to top of this section and remove the other

  • FBI: Cyber Crime

    The FBI is the lead federal agency for investigating cyber attacks and intrusions. Learn more about what you can do to protect yourself from cyber criminals, how you can report cyber crime, and the Bureau’s efforts in combating the evolving cyber threat.

  • Common Scams & Crimes: Internet Fraud

    Frequent instances of Internet fraud include business fraud, credit card fraud, internet auction fraud, investment schemes, Nigerian letter fraud, and non-delivery of merchandise.

  • Scams & Safety on the Internet

    Learn tips for protecting your computer, the risk of peer-to-peer systems, the latest e-scams and warnings, Internet fraud schemes, and more.

  • FBI Internet Crime Complaint Center IC3

    The mission of the Internet Crime Complaint Center is to provide the public with a reliable and convenient reporting mechanism to submit information to the Federal Bureau of Investigation concerning suspected Internet-facilitated criminal activity and to develop effective alliances with law enforcement and industry partners. Information is analyzed and disseminated for investigative and intelligence purposes […]

  • 2020 Internet Crime Report

    The 2020 Internet Crime Report includes information from 791,790 complaints of suspected internet crime—an increase of more than 300,000 complaints from 2019—and reported losses exceeding $4.2 billion. The report includes COVID-19 scam and state-specific statistics.

Laws Related to Cybersecurity

Other Resources