US Cybersecurity and Infrastructure Security Agency launches ransomware assessment tool

by Joseph K. Clark

The Cybersecurity and Infrastructure Security Agency (CISA), the United States counterpart of Britain’s National Cyber Security Centre (NCSC), has added a ransomware readiness assessment (RRA) module to its Cyber Security Evaluation Tool (CSET) package, offering defenders a desktop tool to help them evaluate their preparedness for ransomware attacks.

The RRA is a self-assessment tool “based on a tiered set of practices” to help defenders better assess how appropriately they are equipped to defend against and recover from a ransomware incident. The tool is tailored to various readiness levels to make it helpful to organizations with differing security maturity levels.


Among other things, it helps defenders evaluate their posture concerning ransomware against recognized standards and best practice in a “systematic, disciplined and repeatable” manner, guides asset owners and operators through the process of evaluating operational and information technology network security practice, and provides an analysis dashboard with graphs and tables to show the results.

Applicable to both IT and industrial control system (ICS) networks, the broader CSET package lets US-based users run a “comprehensive evaluation” of their cyber posture using widely recognized government industry standards and recommendations.

CISA said it strongly encouraged all organizations to take advantage of the RRA, accessible via its GitHub page. Obrela Security Industries’ managed security services (MSS) director, George Papamargaritis, commented: “Only those who prepare for ransomware infections and have a well-rehearsed security strategy for how to handle them when they happen to come out most robust. When companies don’t qualify, they fail, and ransomware causes catastrophic damage.

“This new tool from CISA is a great offering to help organizations understand how equipped they are to deal with ransomware. However, carrying out the audit is just the first step. Putting the intelligence into action and building it into an organization’s security strategy is the most important, but also challenging, issue, particularly across critical infrastructure where legacy machines are commonplace but very difficult to update.”

Lewis Jones, the threat intelligence analyst at Talion, said it was a positive step by the CISA and urged the UK government to consider a similar offering.

“We are in the middle of a cyber wild west where criminal gangs are getting richer and richer, and no organization is safe because of a lack of formal guidance or regulations on how to handle ransomware,” he said. “If the government doesn’t intervene and provide this soon, things are going to get worse and potentially even out of control.”

Related Posts

Leave a Comment