In the wake of headline grabbing ransomware attacks on Colonial Pipeline and meat manufacturer JBS S.A this spring, the government is making inroads to prevent future attacks through education.
One of those government entities, the US Cybersecurity and Infrastructure Security Agency (CISA) - part of the Department of Homeland Security - released a new tool this week designed to help organizations better understand how well they're equipped to defend against and recover from such attacks.
Our new CSET Ransomware Readiness Assessment module gives you the keys to lock down your networks and keep malicious cyber actors away. Download our ransomware self-assessment tool: https://t.co/HCcDAEMPYT #Ransomware #Cybersecurity pic.twitter.com/oATxi4eQDF
— Cybersecurity and Infrastructure Security Agency (@CISAgov) June 30, 2021
The tool, the Ransomware Readiness Assessment, or RRA, takes the form of a new module for CISA's Cyber Security Evaluation Tool (CSET).
For those unfamiliar, CSET is a tool, available on GitHub, that organizations can use to carry out assessments of their enterprise and industrial control cyber systems. The tool incorporates standards from other government agencies, including NIST, North American Electric Reliability Corporation (NERC), Transportation Security Administration (TSA), and U.S. Department of Defense (DoD)
According to CISA, the latest release of CSET includes functionality - in the form of basic, intermediate, and advanced questions - for businesses to determine their cybersecurity posture as it pertains to ransomware.
“This is intended to help an organization improve by focusing on the basics first, and then progressing by implementing practices through the intermediate and advanced categories,” CISA says on its GitHub page. Central to the tool is External Dependencies Management, or EDM, a concept that’s from NIST's Cybersecurity Framework.
To use the new tool, users will have to download and install CSET, login, and select Maturity Model on the left-hand side of the application. After clicking next, there should be four options: ACET, CMMC, EDM, and what you’re looking for: Ransomware Readiness Assessment.
The tool comes the same week another entity - on the state level - New York's Department of Financial Services, issued new guidance on mitigating ransomware attacks. If you've been following the trajectory of ransomware attacks over the years, none of the instructions may be new to you, but they're still worth heeding.
In its guidance, NYDFS, like the FBI to an extent, is encouraging organizations do not pay ransoms and keep robust backups in place so they can be restored following an attack.
The rest of the department’s instructions are as follows:
- Train Employees in Cybersecurity Awareness and Anti-Phishing;
- Implement a Vulnerability and Patch Management Program;
- Use Multi-Factor Authentication and Strong Passwords;
- Employ Privileged Access Management to Safeguard Credentials for Privileged Accounts;
- Use Monitoring and Response to Detect and Contain Intruders;
- Segregate and Test Backups to Ensure that Critical Systems Can Be Restored in the Face of an Attack; and
- Have a Ransomware Specific Incident Response Plan that is Tested by Senior Leadership
