The U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) has just released version 9.2 of its Cyber Security Evaluation Tool (CSET). CSET is a desktop software tool intended to guide asset owners and operators through a consistent process for evaluating control system networks as part of a comprehensive cybersecurity assessment that uses recognized government and industry standards and recommendations. Some of the upgrades to the latest version of CSET include: a web-based diagram editor, a new analysis for network diagram questions, and incorporation of the International Society of Automation (ISA) / International Electrotechnical Commission (IEC) 62443 standards. As with other DHS cybersecurity assessments, it is free to use, only requiring an investments of an organization’s time. Read more and access CSET 9.2 at CISA.

CSET is one of the tools that can be used by water utilities when evaluating their cybersecurity as part of the Risk and Resilience Assessment required by the America’s Water Infrastructure Act (AWIA) of 2018. It was discussed in WaterISAC’s “Conducting Cyber Risk Assessments under AWIA” webinar series, particularly during the lead-off “Introduction to the Process” event, as well as during a WaterISAC “DHS Cybersecurity Advisor Program” webinar in July 2018, through which many types of free cybersecurity assessments are offered.