CISA plans to launch ReadySetCyber tool in early 2024 to integrate cybersecurity into business decisions

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) provided on Tuesday a sneak peek into the launch of a new way for organizations to understand their cyber risk and receive targeted, straightforward guidance built around the agency’s Cybersecurity Performance Goals (CPGs). Set to debut in early 2024, the new tool called ReadySetCyber will simplify the process of incorporating cybersecurity into an organization’s business decisions, regardless of the level of expertise or the number of personnel on staff. 

“Instead of making cybersecurity a daunting challenge, with the ever-present question of where to invest next, prioritization decisions become a guided, step-by-step process on a user-friendly interface accessible to organizations of all sizes,” Sandy Radesky, associate director for vulnerability management wrote Tuesday in a CISA blog post. “By providing tailored resources and insights in a streamlined format, ReadySetCyber will empower users to align scarce resources with the most impactful cybersecurity measures for their organization.”

She added that CISA’s approach to ReadySetCyber “begins with baselining your organization’s current cybersecurity maturity, based on your input to a dynamic set of questions, then providing actionable strategies, tools, and resources to mitigate risks effectively, along with a direct connection to your regional CISA cybersecurity advisor.” 

“We plan to launch ReadySetCyber in a beta capacity, while iteratively implementing improvements over time, using your valuable feedback as our guide,” according to Radesky. “The questions for ReadySetCyber will be submitted for public comment before the end of the year, setting it up for public use in early 2024. This approach will help ensure we are not providing a one-size-fits-all solution, but rather tailoring our application to suit your unique needs.”

ReadySetCyber is about leveling the playing field and enabling partners to make measurably effective risk-reduction investments. “Our aim is to simplify and streamline access to the right information, ensuring that every organization can make informed decisions to enhance their digital security. With ReadySetCyber, users will be able to provide feedback on their experience, enabling us in return to refine and enhance our application in a collaborative way. We are committed to listening to input and allowing it to shape ReadySetCyber into a capability that genuinely meets the needs of those who use it,” the post added.

Radesky said that the information CISA received from its request for information that closed on Oct. 10 “will greatly help us refine and establish this new capability. We are excited to bring you an application that not only offers a tailored bundle of actions and tools for your organization but a capability that will evolve based on your needs and feedback.”

CISA’s ReadySetCyber Initiative said it was collecting information to provide tailored technical assistance, services, and resources to critical infrastructure organizations and state, local, tribal, and territorial (SLTT) governments based on the characteristics of their respective cybersecurity programs. The agency sought to collect this information from the country’s critical infrastructure and SLTT organizations on a voluntary and fully electronic basis so that each organization can be best supported in receiving tailored cybersecurity recommendations and services.

The overarching goal of CISA’s ReadySetCyber initiative is to help critical infrastructure and SLTT organizations access information and services that are tailored to their specific cybersecurity needs. 

Additionally, CISA expects the move to help increase the adoption of its CPGs as the default approach for assessing organizational progress and identifying cybersecurity gaps. It also seeks to enable enhanced collection of information about organizations’ cybersecurity posture and progress, enabling targeted engagement with sectors, regions, and individual organizations, and deliver improved allocation of capacity-constrained services to specific stakeholders.

Furthermore, the provision of a simplified approach to guiding stakeholders into enrollment for, scalable services and rapidly expanding uptake thereof; and furthering the development of relationships between critical infrastructure and SLTT organizations and CISA’s regional cybersecurity personnel.

Earlier this month, CISA announced a pilot program designed to deliver cybersecurity shared services voluntarily to critical infrastructure entities that are most in need of support. The agency has acted as a managed service provider (MSP) to the federal civilian government for years and observed significant risk reduction along with the benefits of cost-savings and standardization.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.