The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has published newer versions of two tools that can help administrators with securing industrial control systems: the Cyber Security Evaluation Tool (CSET), and a whitepaper on recommended practices for improving ICS cybersecurity with defense-in-depth strategies.
While the former has received many update through the years (this newest version is v8.0), the whitepaper is a “modernized” version of a document that has been first released in 2009.
Both tools are offered for free, in the hope that they will be widely used.
Cyber Security Evaluation Tool
The Cyber Security Evaluation Tool is a desktop software tool that guides asset owners and operators through a step-by-step process to evaluate their industrial control system and information technology network security practices.
It does so by asking questions about system components, architectures, operational policies and procedures, and so on. The questions will depend on which government and industry cybersecurity standards the operators want their systems to adhere to.
“When the questionnaires are completed, CSET provides a dashboard of charts showing areas of strength and weakness, as well as a prioritized list of recommendations for increasing the site’s cybersecurity posture. CSET includes solutions, common practices, compensating actions, and component enhancements or additions,” ICS-CERT explains.
The team also offers onsite training and guidance to asset owners (in the US) who might encounter problems while using CSET. This help also comes at no cost. For instructions on how to download and install the tool, go here.
ICS-CERT works to reduce risks within and across all critical infrastructure sectors – chemical, emergency services, energy, critical manufacturing, healthcare, IT, transportation, and so on.
This newest report will be helpful for organizations in each of those sectors, and concentrates on defense-in-depth strategies and a holistic approach to security.
“The concept of Defense in Depth is not new — many organizations already employ many of the Defense-in-Depth measures discussed in this document within their information technology (IT) infrastructures; however, they do not necessarily apply it to their ICS operations,” the experts who penned the report noted.
“In the past, most organizations did not see a need to do so. Legacy ICSs used obscure protocols and were largely considered ‘hack proof’ because of their separation from IT and because of having physical protection measures in place. But with the convergence of IT and ICS architectures, recent high-profile intrusions have highlighted the potential risk to control systems.”
Another problem that the defense-in-depth approach can minimize is the fact that there is a distinct lack of ICS-specific security solutions.
The report includes an overview of the current state of ICS cybersecurity, ICS defense-in-depth strategies, an overview of possible attacks against critical infrastructures, and recommendations for securing ICS. The latter includes adopting a proactive security model, key security countermeasures, and a variety of available services and tools (CSET is among them).