In its ongoing efforts to counter cybersecurity incidents, the Cybersecurity and Infrastructure Security Agency (CISA) announced this week a new module called the Ransomware Readiness Assessment (RRA) within its CSET tool. The RRA package allows for self-assessment and is based on a tiered set of practices to help organizations better assess how well they are equipped to defend and recover from a ransomware incident.
The CISA has tailored the RRA to varying levels of ransomware threat readiness to make it useful to all organizations regardless of their current cybersecurity maturity. It helps organizations evaluate their cybersecurity posture, with respect to ransomware, against recognized standards and best practice recommendations in a systematic, disciplined, and repeatable manner.
Cyber Security Evaluation Tool (CSET) is a desktop software tool that guides network defenders through a step-by-step process to evaluate their cybersecurity practices on their networks. Applicable to both IT and industrial control system (ICS) networks, CSET enables users to perform a comprehensive evaluation of their cybersecurity posture using many recognized government and industry standards and recommendations.
The CSET tool also guides asset owners and operators through a systematic process to evaluate their operational technology (OT) and IT network security practices against the ransomware threat and provides an analysis dashboard with graphs and tables that present the assessment results in both summary and detailed form. The information gained from assessments also provides stakeholders with the understanding and context necessary to build effective defense-in-depth processes for enhancing cybersecurity.
A key element of CISA’s risk management mission is conducting security assessments in partnership with ICS stakeholders, including critical infrastructure owners and operators, ICS vendors, integrators, sector-specific agencies, other federal departments and agencies, SLTT (state, local, tribal and territorial) governments, and international partners.
CISA works with these and other partners to assess various aspects of critical infrastructure, such as cybersecurity controls, control system architectures, and adherence to best practices supporting the resiliency, availability, and integrity of critical systems), and provides options for consideration to mitigate and manage risk.
CISA assessment products improve situational awareness and provide insight, data, and identification of control systems threats and vulnerabilities. Core assessment products and services include self-assessments using the CSET tool, onsite field assessments, network design architecture reviews, and network traffic analysis and verification.
The U.S. security agency recommends that organizations take advantage of the RRA module, which can be accessed via its GitHub page.
The ransomware module comes in the same week as the CISA initiated a systematized registry that documents bad cybersecurity practices that are exceptionally risky for any organization, and more dangerous for those supporting designated critical infrastructure or national critical functions.
The U.S. agency also released in June guidelines for critical infrastructure owners and operators to review their OT assets and control systems, following ransomware and other cybersecurity attacks that have affected industries across sectors, disrupting operations at industrial units and within the critical infrastructure segments.