CISA
Critical infrastructure
News

U.S. targets ransomware with readiness self-assessment module in CSET tool

July 02, 2021
CSET tool

In its ongoing efforts to counter cybersecurity incidents, the Cybersecurity and Infrastructure Security Agency (CISA) announced this week a new module called the Ransomware Readiness Assessment (RRA) within its CSET tool. The RRA package allows for self-assessment and is based on a tiered set of practices to help organizations better assess how well they are equipped to defend and recover from a ransomware incident.

The CISA has tailored the RRA to varying levels of ransomware threat readiness to make it useful to all organizations regardless of their current cybersecurity maturity. It helps organizations evaluate their cybersecurity posture, with respect to ransomware, against recognized standards and best practice recommendations in a systematic, disciplined, and repeatable manner. 

Cyber Security Evaluation Tool (CSET) is a desktop software tool that guides network defenders through a step-by-step process to evaluate their cybersecurity practices on their networks. Applicable to both IT and industrial control system (ICS) networks, CSET enables users to perform a comprehensive evaluation of their cybersecurity posture using many recognized government and industry standards and recommendations.

The CSET tool also guides asset owners and operators through a systematic process to evaluate their operational technology (OT) and IT network security practices against the ransomware threat and provides an analysis dashboard with graphs and tables that present the assessment results in both summary and detailed form. The information gained from assessments also provides stakeholders with the understanding and context necessary to build effective defense-in-depth processes for enhancing cybersecurity.

A key element of CISA’s risk management mission is conducting security assessments in partnership with ICS stakeholders, including critical infrastructure owners and operators, ICS vendors, integrators, sector-specific agencies, other federal departments and agencies, SLTT (state, local, tribal and territorial) governments, and international partners.

CISA works with these and other partners to assess various aspects of critical infrastructure, such as cybersecurity controls, control system architectures, and adherence to best practices supporting the resiliency, availability, and integrity of critical systems), and provides options for consideration to mitigate and manage risk.

CISA assessment products improve situational awareness and provide insight, data, and identification of control systems threats and vulnerabilities. Core assessment products and services include self-assessments using the CSET tool, onsite field assessments, network design architecture reviews, and network traffic analysis and verification. 

The U.S. security agency recommends that organizations take advantage of the RRA module, which can be accessed via its GitHub page.

The ransomware module comes in the same week as the CISA initiated a systematized registry that documents bad cybersecurity practices that are exceptionally risky for any organization, and more dangerous for those supporting designated critical infrastructure or national critical functions. 

The U.S. agency also released in June guidelines for critical infrastructure owners and operators to review their OT assets and control systems, following ransomware and other cybersecurity attacks that have affected industries across sectors, disrupting operations at industrial units and within the critical infrastructure segments.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
RMC
Risk Mitigation Consulting acquires Securicon, boosting cybersecurity and mission assurance offerings
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
New CGCYBER report warns of cybersecurity risks in marine environment due to network-connected OT systems
New CGCYBER report warns of cybersecurity risks in marine environment due to network-connected OT systems
Ukrainian CERT details malicious plan by Sandworm group to disrupt critical infrastructure facilities
Ukrainian CERT details malicious plan by Sandworm group to disrupt critical infrastructure facilities
DC3, DCSA collaborate to launch vulnerability disclosure program for defense industrial base
DC3, DCSA collaborate to launch vulnerability disclosure program for defense industrial base