US Cybersecurity and Infrastructure Security Agency launches ransomware assessment tool

The Cybersecurity and Infrastructure Security Agency (CISA), the United States’ counterpart of Britain’s National Cyber Security Centre (NCSC), has added a ransomware readiness assessment (RRA) module to its Cyber Security Evaluation Tool (CSET) package, offering defenders a desktop tool to help them evaluate their preparedness for ransomware attacks.

The RRA is a self-assessment tool “based on a tiered set of practices” to help defenders better assess how appropriately they are equipped to defend against and recover from a ransomware incident. The tool is tailored to various levels of readiness to make it useful to organisations with differing levels of security maturity.

Among other things, it helps defenders evaluate their posture with respect to ransomware against recognised standards and best practice in a “systematic, disciplined and repeatable” manner, guides asset owners and operators through the process of evaluation operational and information technology network security practice, and provides an analysis dashboard with graphs and tables to show the results.

Applicable to both IT and industrial control system (ICS) networks, the wider CSET package lets US-based users run a “comprehensive evaluation” of their cyber posture using widely recognised government industry standards and recommendations.

CISA said it was strongly encouraging all organisations to take advantage of the RRA, which is accessible via its GitHub page.

Obrela Security Industries’ managed security services (MSS) director, George Papamargaritis, commented: “Only those who prepare for ransomware infections, and have a well-rehearsed security strategy for how to handle them when they happen, come out strongest. When companies don’t prepare, they fail and ransomware causes catastrophic damage.

“This new tool from CISA is a great offering to help organisations understand how equipped they are to deal with ransomware. However, carrying out the audit is just the first step. Putting the intelligence into action and building it into an organisation’s security strategy is the most important, but also challenging, issue, particularly across critical infrastructure where legacy machines are commonplace but very difficult to update.”

Lewis Jones, threat intelligence analyst at Talion, said it was a positive step by the CISA and urged the UK government to consider a similar offering.

“We are in the middle of a cyber wild west where criminal gangs are getting richer and richer, and no organisation is safe because of a lack of formal guidance or regulations on how to handle ransomware,” he said. “If the government doesn’t intervene and provide this soon, things are going to get worse and potentially even out of control.”