DHS Releases Cyber Security Evaluation Tool (CSET)

Tuesday, September 27, 2011



The Department of Homeland Security's National Cyber Security Division (NCSD) has released a Software tool set to better enable organizations to examine risks to industrial control systems (ICS) and implement more secure protocols for protecting the nation's critical infrastructure.

ICS security concerns include the protection of networks critical to industries across numerous sectors central to national security, including supervisory control and data acquisition (SCADA) systems which provide operations control for infrastructure and production networks including manufacturing facilities, refineries, hydroelectric and nuclear power plants.

CSET is a desktop software package that will allow network administrators to assess currently deployed security strategies against a set of industry best practices and government standards to increase consistency on an organization's cybersecurity posture.

CSET was developed with the aid of the National Institute of Standards and Technology (NIST), the federal physical science research laboratory division of the U.S Department of Commerce.

The tool is available for download, and the program also offers training and support at no cost to organizations engaged in administering networks that control facilities identified as being crucial to both the nation's economy and national security.

U.S. CERT has provided the following information on the CSET software toolkit:


Critical infrastructures are dependent on information technology systems and computer networks for essential operations. Particular emphasis is placed on the reliability and resiliency of the systems that comprise and interconnect these infrastructures. NCSD collaborates with partners from across public, private, and international communities to advance this goal by developing and implementing coordinated security measures to protect against cyber threats.

The Cyber Security Evaluation Tool (CSET) is a Department of Homeland Security (DHS) product that assists organizations in protecting their key national cyber assets. It was developed under the direction of the DHS National Cyber Security Division (NCSD) by cybersecurity experts and with assistance from the National Institute of Standards and Technology. This tool provides users with a systematic and repeatable approach for assessing the security posture of their cyber systems and networks. It includes both high-level and detailed questions related to all industrial control and IT systems.

CSET Assessment Fact Sheetpdf


CSET is a desktop software tool that guides users through a step-by-step process to assess their control system and information technology network security practices against recognized industry standards. The output from CSET is a prioritized list of recommendations for improving the cybersecurity posture of the organization's enterprise and industrial control cyber systems. The tool derives the recommendations from a database of cybersecurity standards, guidelines, and practices. Each recommendation is linked to a set of actions that can be applied to enhance cybersecurity controls.

CSET has been designed for easy installation and use on a stand-alone laptop or workstation. It incorporates a variety of available standards from organizations such as National Institute of Standards and Technology (NIST), North American Electric Reliability Corporation (NERC), International Organization for Standardization (ISO), U.S. Department of Defense (DoD), and others. When the tool user selects one or more of the standards, CSET will open a set of questions to be answered. The answers to these questions will be compared against a selected security assurance level, and a detailed report will be generated to show areas for potential improvement. CSET provides an excellent means to perform a self-assessment of the security posture of your control system environment.

Key Benefits

  • CSET contributes to an organization's risk management and decision-making process
  • Raises awareness and facilitates discussion on cybersecurity within the organization
  • Highlights vulnerabilities in the organization's systems and provides recommendations on ways to address the vulnerability
  • Identifies areas of strength and best practices being followed in the organization
  • Provides a method to systematically compare and monitor improvement in the cyber systems
  • Provides a common industry-wide tool for assessing cyber systems

Download CSET here

CSET@dhs.gov. Please insert “CSET” in the title block of the email and include your name, organization name, complete street address (no P.O. boxes), and phone number in your email request

Alternatively, the Control Systems Security Program also offers onsite training and guidance to asset owners in using CSET during onsite assessments.  These assessments are conducted at no cost to the asset owners. To assist an organization in planning and organizing for an assessment using the CSET, the following actions and items are recommended:

  • Identify the assessment team members and schedule a date.
  • Become familiar with information about the organization’s system and network by reviewing polices and procedures, network topology diagrams, inventory lists of critical assets and components, risk assessments, IT and ICS network policies/practices, and organizational roles and responsibilities.
  • Select a meeting location to accommodate the assessment team during the question and answer portion of the assessment.
  • Work with CSSP for onsite or subject matter support.

To request onsite assistance, please send mail to cset@dhs.gov.

Source:  http://www.us-cert.gov/control_systems/satool.html

Possibly Related Articles:
SCADA NIST Tools Headlines Infrastructure DHS CERT Guidelines National Security CSET Industrial Control Systems
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.