Cybersecurity Brief - Template

The Office of Infrastructure Protection
National Protection and Programs Directorate
Department of Homeland Security
Cybersecurity Brief
[Date of presentation]
National Cyber Security Division Mission
 The Department of Homeland
Security (DHS) is responsible for
safeguarding our Nation’s critical
infrastructure from physical and
cyber threats that can affect our
national security, public safety,
and economic prosperity.
 The National Cyber Security
Division (NCSD) leads DHS
efforts to secure cyberspace and
our Nation’s cyber assets and
National Cyber Security Division Tools
 NCSD provides two tools to assess cybersecurity:
– The Cyber Security Evaluation Tool (CSET)
– The Cyber Resilience Review (CRR)
 These assessments are intended for all 18 critical infrastructure sectors,
and for use within State, local, tribal, and territorial governments.
Cyber Security Evaluation Tool
 CSET provides users with a systematic and repeatable approach for
assessing the cybersecurity posture of their industrial control system (ICS)
 CSET is a desktop software tool that enables users to assess their network
and ICS security practices against recognized industry and government
standards, guidelines, and practices.
CSET: A Four Step Process
 STEP 1 – Select Standards: Users are given the
option to select industry and governmentrecognized cybersecurity standards.
 STEP 2 – Determine Security Level: The basis for a
Security Assurance Level is the user’s answers to a
series of questions relating to the potential worstcase consequences of a successful cyber attack.
 STEP 3 – Create Diagram: CSET contains a
graphical user interface that allows users to create a
network architecture diagram using components
deemed critical to the organizations cybersecurity
boundary and posture.
 STEP 4 – Answer Questions: The assessment team
then selects the best answer to each question
generated by CSET specifically for the user. CSET
then generates a list of recognized good practices
and/or security gaps based on the answers.
CSET Final Product
 CSET generates both interactive (on-screen) and printed reports.
 The reports provide a summary of security level gaps or areas that did not
meet the recommendations of the selected standards. The assessment
team may use this information to plan and prioritize mitigation strategies.
Onsite CSET Assessment
 NCSD provides “over-the-shoulder” training guidance to assist asset
owners in using CSET for the first time.
 An example agenda for an onsite assessment from NCSD would include
the following activities:
ICS Awareness Briefing
IT and Enterprise Network Evaluation
ICS Evaluation
Review/Closeout Briefing
CSET Information
 To learn more about the CSET or to request a software copy via CD,
contact [email protected]
 For general program questions contact [email protected] or visit
Cyber Resilience Review
 The CRR serves as a repeatable cyber review of an organization’s ability to
manage cybersecurity.
 The CRR is a facilitated, interview-based assessment conducted in one
day with onsite participants.
 The CRR is not an audit, and does not compel an organization to take
corrective action.
 The CRR is designed to assist in constructive dialogue and cooperative
improvement by building a common perspective on resilience.
CRR Key Goals and Process
 The key goal of the CRR is to ensure that core process-based capabilities
exist and are measureable and meaningful predictors for an organization’s
ability to manage cyber risk to critical infrastructure.
 This is achieved through eliciting responses from the organization’s IT
security, IT operations, and business continuity personnel to assess how
the organization performs in key categories during normal operations and
during times of operational stress.
Performance Categories
 Each CRR participant is
assessed for specific abilities
in defining, managing, and
performing cybersecurity
strategies, operational
practices, and individual
behaviors in each of the
categories to the left:
1. Asset Management
2. Information and Technology
3. Vulnerability Management
4. Incident Management
5. Service Continuity
6. Environmental Control
7. External Dependency
8. Situational Awareness
CRR Results
 The CRR report, delivered in 30-45 days post-evaluation, contains results
to provide the organization with:
– Capabilities and capacities in the form of strengths and weaknesses.
– Options for consideration, which identify opportunities for improvement in
cybersecurity management and for reduction in operational risks related to
 Please address inquiries regarding the CRR to: [email protected] (Cyber
Security Evaluations).
For more information visit:

similar documents