December 9, 2022

Volume XII, Number 343


December 08, 2022

Subscribe to Latest Legal News and Analysis

December 07, 2022

Subscribe to Latest Legal News and Analysis

December 06, 2022

Subscribe to Latest Legal News and Analysis

New Cyber Security Evaluation Tool Released by Us Homeland Security for Organisations to Self-Test Their Security Systems

The United States Department of Homeland Security has developed the Cyber Security Evaluation Tool (CSET) which provides a systematic (and repeatable) process that critical infrastructure asset owners can use to assess and improve their cyber security management systems. This tool has a particular focus on the security of industrial control systems and information networks.

The CSET tool is available on Github and is available for download on a permissive MIT license (a type of open source licence) and can be run on Windows with a standalone installer.

The tool comes with a basic, intermediate and advanced set of questions, the intent being that organisations will use the toolkit to first focus on the basics and then to implement best practice in the intermediate to advanced sections in future.

How it works:

  • a team of control system engineers, cyber security staff and managers are put together to conduct the assessment and use the tool;

  • the relevant Security Assurance Level (SAL) is determined via a range of questions. The higher the SAL, the higher the level of security required by an organisation;

  • a list of questions are then generated depending on the SAL;

  • a form selecting the cyber security standards that may be applicable to the organisation then needs to then be filled in. These standards are grouped by industry and purpose like standard relevant to supply chains, transportation or nuclear security;

  • the team is then required to graphically capture the organisation’s IT network via a diagram drawing tool;

  • CSET then generates a list of questions appropriate for the organisation based on the information provided; and

  • once the team responds to all these questions, CSET produces an analysis dashboard which includes a range of reports that highlight any areas of weakness in an organisation’s security systems.

This tool is a really interesting example of the increasingly common assistance that government’s around the world are providing to organisations in this area (particularly those that are considered ‘critical infrastructure’ related). Critical infrastructure is a key target of hackers and it is sensible that governments are taking this approach.

Jacqueline Patishman contributed to this article. 

Copyright 2022 K & L GatesNational Law Review, Volume XI, Number 195

About this Author

Cameron Abbott, Technology, Attorney, Australia, corporate, KL Gates Law Firm

Mr. Abbott is a corporate lawyer who focuses on technology, telecommunications and broadcasting transactions. He assists corporations and vendors in managing their technology requirements and contracts, particularly large outsourcing and technology procurements issues including licensing terms for SAP and Oracle and major system integration transactions.

Mr. Abbott partners with his clients to ensure market leading solutions are implemented in to their businesses. He concentrates on managing and negotiating complex technology solutions, which...

Warwick Andersen Technology Lawyer KL Gates

Mr. Andersen is a senior corporate lawyer with a focus on commercial, technology and sourcing projects. He has advised on large scale outsourcing projects, technology agreements for both vendors and customers, corporate support, privacy and telecommunications regulatory work. He has acted for government departments, large listed companies, telecommunications companies and technology suppliers.