New Cyber Security Evaluation Tool Released by Us Homeland Security for Organisations to Self-Test Their Security Systems
Wednesday, July 14, 2021
DHS Cyber Security Evaluation Tool
Print Mail Download i

The United States Department of Homeland Security has developed the Cyber Security Evaluation Tool (CSET) which provides a systematic (and repeatable) process that critical infrastructure asset owners can use to assess and improve their cyber security management systems. This tool has a particular focus on the security of industrial control systems and information networks.

The CSET tool is available on Github and is available for download on a permissive MIT license (a type of open source licence) and can be run on Windows with a standalone installer.

The tool comes with a basic, intermediate and advanced set of questions, the intent being that organisations will use the toolkit to first focus on the basics and then to implement best practice in the intermediate to advanced sections in future.

How it works:

  • a team of control system engineers, cyber security staff and managers are put together to conduct the assessment and use the tool;

  • the relevant Security Assurance Level (SAL) is determined via a range of questions. The higher the SAL, the higher the level of security required by an organisation;

  • a list of questions are then generated depending on the SAL;

  • a form selecting the cyber security standards that may be applicable to the organisation then needs to then be filled in. These standards are grouped by industry and purpose like standard relevant to supply chains, transportation or nuclear security;

  • the team is then required to graphically capture the organisation’s IT network via a diagram drawing tool;

  • CSET then generates a list of questions appropriate for the organisation based on the information provided; and

  • once the team responds to all these questions, CSET produces an analysis dashboard which includes a range of reports that highlight any areas of weakness in an organisation’s security systems.

This tool is a really interesting example of the increasingly common assistance that government’s around the world are providing to organisations in this area (particularly those that are considered ‘critical infrastructure’ related). Critical infrastructure is a key target of hackers and it is sensible that governments are taking this approach.

Jacqueline Patishman contributed to this article. 

Copyright 2024 K & L Gates

Current Legal Analysis

More from K&L Gates

Kicked Out of the Club: NFA Orders Commodity Pool Operator Not to Reapply for NFA Membership
by: Matthew J. Rogers , Benjamin C. Skillin
SEC Risk Alert Offers Initial Observations on Compliance
by: Michael S. Caccese , Lance C. Dial
Guidance on Use of Artificial Intelligence-Based Tools in Practice Before the United States Patent and Trademark Office
by: Matthew S. Dicke
Global Survey of ESG Regulations for Asset Managers
by: Lance C. Dial , Keri E. Riemer
The UKIPO Updates its Policies to Tackle Ineffective Addresses for Service
by: Simon Casinader
Doing Business in Australia: A Guidebook for Investing in Australia
by: Betsy-Ann Howe
ESG-Australia: Consultation Material for the 5th Edition of the Corporate Governance Council Principles and Recommendations Released
by: Andrew Gaffney , Clive Cachia
Marketing Rule Enforcement Remains Priority: SEC Charges Five Advisers for Marketing Rule Violations
by: Lance C. Dial , Pablo J. Man
Supreme Court Limits Shareholder Suits Based on "Pure Omissions" in Corporate Disclosures
by: Nicole C. Mueller , Jonathan R. Vaitl
The SEC Limits the Internet Adviser Exemption
by: Jennifer Klass , Matthew J. Rogers

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins