Achievement unlocked : Completing the Industrial Control Systems Evaluation Training (401)

Introduction

I am thrilled to share my recent achievement : successfully completing the Industrial Control Systems Evaluation (401) training offered by the Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Department of Homeland Security (DHS). This comprehensive training equips professionals with the knowledge and skills necessary to evaluate and secure critical infrastructure systems.

Training Overview

The Industrial Control Systems Evaluation (401) training comprises 13 modules, each addressing essential aspects of industrial control systems (ICS) security :

• Module 1 — ICS Evaluation Components : Understand the key components involved in ICS evaluation.
• Module 2 — Identify Assets : Learn how to identify and assess critical assets within an ICS environment.
• Module 3 — ICS Connectivity : Explore the intricacies of ICS network connectivity.
• Module 4 — Wireless in ICS Environments : Delve into wireless security considerations.
• Module 5 — Network Monitoring : Discover effective network monitoring practices.
• Module 6 — OSINT and OPSEC : Understand open-source intelligence and operational security.
• Module 7 — Adversarial Risk : Evaluate risk from an adversarial perspective.
• Module 8 — ICS Dependencies : Explore dependencies within ICS environments.
• Module 9 — Supply Risk : Assess supply chain risk.
• Module 10 — Risk Management : Develop risk management strategies.
• Cybersecurity Evaluation Tool (CSET®) : Get introduced to the powerful CSET tool.
• CSET® Report & Final Exercise : Apply CSET to evaluate security posture.

The Cyber Security Evaluation Tool (CSET®)

During the training, I had the privilege of using the Cyber Security Evaluation Tool (CSET®). Developed under the guidance of CISA by cybersecurity experts, CSET® is a desktop software tool designed to :

• Provide a systematic and repeatable approach for assessing the security posture of cyber systems and networks.
• Assist organizations in protecting their key national cyber assets.
• Address both high-level and detailed questions related to industrial control and IT systems.

Why CSET® Matters

• Comprehensive Assessment : CSET® covers a wide range of security aspects, ensuring a thorough evaluation.
• Repeatable Process : The tool guides users step-by-step, making assessments consistent and reliable.
• Recognized Standards : CSET® aligns with recognized government and industry standards.

Getting Started with CSET®

• Visit the CSET® GitHub repository to download the latest version.
• Explore the documentation to learn how to use CSET effectively.

Conclusion

As we continue to safeguard critical infrastructure, tools like CSET® play a pivotal role. I am excited to apply the knowledge gained during this training to enhance cybersecurity practices in the field.

Remember, securing our cyber systems is a collective effort. Let’s keep learning, evaluating, and fortifying our defenses!

Source :

• [CSET Github](https://github.com/cisagov/cset)
• [Cyber Security Evaluation Tool : Performing a Self Assessment](https://icscsi.org/library/Documents/Assessment_Tools/CSET%20Assessment%20Tool%20-%20Fact%20Sheet.pdf)
• [NCCIC ICS Cyber Security Evaluation Tool](https://www.cisa.gov/sites/default/files/FactSheets/NCCIC%20ICS_FactSheet_CSET_S508C.pdf)
• [CSET Fact Sheet for Public Safety](https://www.cisa.gov/sites/default/files/2024-03/23_0531_CISA_CSET_Factsheet_Final_508%20%281%29.pdf)
• [Cybersecurity Evaluation Tool](https://www.cisa.gov/sites/default/files/publications/2020-seminars-cset-508.pdf)
• [CISA Virtual Learning Portal](https://ics-training.inl.gov/learn)