Owner security

CISA publishes a list of free security tools for protection • The Register

The US Cybersecurity and Infrastructure Agency (CISA) has released a web catalog of free cybersecurity resources in the hope that those who oversee critical infrastructure can use the tools to better secure their systems.

“CISA is very proud to announce the launch of a new catalog of free resources available to critical infrastructure owners and operators who would benefit from tools to strengthen their security and resilience,” said CISA Director , Jen Easterly, in a statement.

“Many organizations, public and private, are target-rich and resource-poor. The resources on this list will help these organizations improve their security posture, which is especially critical in today’s heightened threat environment.”

The “Free Cybersecurity Services and Tools” webpage is intended to serve as a starting point for improving organizational security. Easterly said the products and services listed will expand over time as additional tools from other partners are added.

The register asked CISA to clarify the selection criteria for listing. A CISA spokesperson responded by pointing to the agency’s press release. The register replied to say that didn’t answer the question. We’ll let you know if any clarifications are forthcoming.

A certain lack of review

The catalog’s webpage addresses the issue: “CISA applies neutral principles and criteria for adding items and retains sole and irrevisable discretion over determining which items are included. CISA does not attest to the suitability or effectiveness of these services and tools for a particular use case. . CISA does not endorse any commercial product or service.”

The fact that CISA claims “irrevisable discretion” on its list of tools suggests that the agency is not keen on explaining the presence or absence of a particular app or service. At some point, CISA intends to establish a process by which organizations can submit tools for inclusion in the catalog.

CISA says its list is curated to confirm with its recent notice [PDF] on protection against cyber threats. The Cyber ​​Defense Agency’s Mitigation Handbook focuses on: reducing the risk of incidents by avoiding malicious sites and looking for weaknesses; quickly detect and respond to malicious activity; respond effectively to confirmed incidents; and maximizing resiliency through backups and threat modeling.

And for each of these purposes, there is a section in the CISA tools catalog. In the “Reducing the Likelihood of a Harmful Cyber ​​Incident” section, for example, you can currently find 72 lists that point to CISA security testing resources, open-source tools like PGP, ad-blocking software, set of safe browsing tools from Google, etc. And each of the other three sections offers a similar list of resources focused on specific strategic goals.

CISA’s protective tool shed was built atop the Biden administration’s efforts to bolster US cybersecurity following severe cyberattacks on SolarWinds, Microsoft Exchange and Colonial Pipeline, among others, last year. In his Executive Order to Improve National Cybersecurity last May, President Biden urged private sector entities to “take ambitious steps to increase and align cybersecurity investments with the goal of minimizing future incidents.”

With this catalog of free tools, little investment is required. ®