Based on the current CSET Tool Assessment frameworks and standards for Process Control and relevant NIST Special Publications, and my 27 + years in IT/OT with ExxonMobil and academic work with the Idaho National Labs, this presentation will provide Critical Infrastructure faculty, students, and industry an understanding of the use of the Cyber Security Evaluation Tool (CSET®), a free stand-alone desktop application that systematically guides asset owners and operators through evaluating operational and information technology. The Department of Homeland (DHS) Cybersecurity and Infrastructure Security Agency (CISA) offer the CSET® download at no cost. The presentation will expand on the classroom use of a CSET by implementing an AI simulated CSET risk assessment to provide more real-world experience to students. The CSET embedded frameworks and standards will be demonstrated, and participants will learn how to apply the frameworks and standards to new and existing SCADA applications and implementations, including in an IT/OT environment.
Key learner objectives and outcomes for this presentation:
- Provide an overview of what SCADA Systems are, the risks associated with different types of SCADA Systems including the sophisticated threats targeting industrial environments (e.g., Stuxnet, Flame)
- Understand an overview and introduction of the CSET Tool and various frameworks and standards for SCADA and IT/OT Risk Assessments provided within the CSET Tool.
- Demonstrate how to apply risk assessment frameworks and standards to enable the governance and implementation of SCADA and IT/OT cybersecurity plans with a focus on the CSET Tool using AI.
- Examine actionable take-aways for performing a CSET Tool Risk Assessment for SCADA systems in an IT/OT environment.
