Updated DHS Cyber Security Tool

Friday, February 24, 2012 @ 02:02 PM gHale

Critical infrastructures are dependent on information technology systems and computer networks for essential operations.

Reliability and resiliency of the systems that interconnect these infrastructures is vital. The National Cyber Security Division (NCSD) collaborates across public, private, and international communities to advance this goal by developing and implementing coordinated security measures to protect against cyber threats.

Threat Alert Reaches New High
DoD Readies for Stuxnet-like Attack
Cyber Report: Bad Guys Winning
Security Best Practices will Cut Downtime
DHS Unveils Cyber Strategy Plan

Cyber Security Evaluation Tool (CSET) version 4.0.1, a Department of Homeland Security (DHS) product that assists organizations in protecting their key national cyber assets, is now ready to help users start protecting their systems.

Developed under the direction of the DHS’ NCSD by cyber security experts and with assistance from the National Institute of Standards and Technology (NIST), this tool provides users with a systematic and repeatable approach for assessing the security posture of their cyber systems and networks. It includes high-level and detailed questions related to all industrial control and IT systems.

CSET is a desktop software tool that guides users through a step-by-step process to assess their control system and information technology network security practices against recognized industry standards.

The output from CSET ends up as a prioritized list of recommendations for improving the cyber security posture of the organization’s enterprise and industrial control cyber systems. The tool derives the recommendations from a database of cyber security standards, guidelines, and practices. Each recommendation links to a set of actions that can apply to enhance cyber security controls.

Designed for easy installation and use on a stand-alone laptop or workstation, CSET incorporates a variety of available standards from organizations such as NIST, North American Electric Reliability Corporation (NERC), International Organization for Standardization (ISO), U.S. Department of Defense (DoD), and others. When the tool user selects one or more of the standards, CSET will open a set of questions to answer.

The answers to these questions will the compare against a selected security assurance level, and a detailed report will show areas for potential improvement. CSET provides a means to perform a self-assessment of the security posture of your control system environment.

Some of the benefits include:
• CSET contributes to an organization’s risk management and decision-making process
• Raises awareness and facilitates discussion on cyber security within the organization
• Highlights vulnerabilities in the organization’s systems and provides recommendations on ways to address the vulnerability
• Identifies areas of strength and best practices followed in the organization
• Provides a method to systematically compare and monitor improvement in the cyber systems
• Provides a common industry-wide tool for assessing cyber systems

CSET is available for download right here.

Leave a Reply

You must be logged in to post a comment.