b'0 1 1 0 0 1 1 0 0 1 0 0 1 1 0 0 0 0 1 1 0 0 0 0 1 0 0 1 1 0 1 0 0 0 0 1 1 0 0 1 1 0 1 0 0 0 0 1 1 0 1 0 0 1 1 0 00 1 0 0 1 1 0 0 0 1 0 1 1 0 1 1 0 0 0 1 1 0 1 0 1 1 0 0 1 0 1 1 0 0 1 0 0 1 1 0 0 1 1 0 1 0 0 0 0 1 1 0 0 1 1 0 1 0 01 0 1 0 1 0 0 0 1 0 1 1 0 1 0 1 1 0 1 0 0 0 0 1 1 1 0 0 0 1 1 0 0 1 1 0 1 0 0 1 1 0 0 1 0 1 1 0 0 1 0 0 1 1 0 1 1 0 00 0 0 1 0 0 1 1 0 1 1 0 1 0 0 0 1 1 0 0 0 1 1 0 0 1 1 0 1 0 0 1 1 1 0 0 0 1 1 0 0 1 1 0 1 0 0 1 1 0 1 0 0 0 0 1 1 0 01 0 1 1 0 0 0 1 0 1 1 0 1 1 0 0 0 0 1 0 1 I N T E L L I G E N C E 1 1 0 1 0 1 1 0 0 0 1 0 1 1 0 M A C H I N E 0 1 0 11 0 1 0 1 0 0 0 1 L 0 1 0 1 1 0 1 0 0 0 1 1 0 0 1 1 0 0 D E F E N S E 0 1 1 1 1 0 1 0 0 0 L E A R N I N G 1 1 0 1 00 1 1 0 0 1 1 0 0 0 0 1 1 0 0 1 R E S I L I E N C E 1 0 1 0 0 0 0 1 1 1 0 0 0 1 1 0 0 1 1 0 1 0 1 1 0 1 0 0 0 1 1 0 0 10 1 1 0 0 1 C Y B E R S E C U R I T Y 1 1 0 0 1 1 0 1 0 0 0 0 1 1 0 0 1 S A F E T Y 1 1 0 1 0 0 1 1 0 0 1 1 0 1 00 1 1 0 0 1 1 0 0 1 0 6 0 CYBERSECURITY0 0 1 1 0 1 0 0 0 0 1 1 0 1 0 0 1 1 0 0 0 00 1 1 0 0 0 1 1 0 0 0 0 1 0 0 1 1 0 1 0 0 0 0 1 10 1 0 0 1 1 0 0 0 1 0 1 1 0 1 1 0 0 0 1 1 0 1 0 1 1 0 0 1 0 1 1 0 0 1 0 0 1 1 0 0 1 1 0 1 0 0 0 0 1 1 0 0 1 1 0 11 0 1 0 1 0 0 0 1 0 1 1 0 1 0 1 ARCHITECTURE RISK0 0 1 0 1 1 0 0 1 0 0 1 1 0 1 1 0 01 0 1 0 0 0 0 1 1 1 0 0 0 1 1 0 0 1 1 0 1 0 0 1 10 0 0 1 0 0 1 1 0 1 1 0 1 0 0 0 1 1 0 0 0 1 1 0 0 1 1 0 1 0 0 1 1 1 0 0 0 1 1 0 0 1 1 0 1 0 0 1 1 0 1 0 0 0 0 1 1 0 0EVALUATION AND MITIGATIONINL conducts cyber risk evaluations to understand system and network vulnerabilities and determine risk levels through on-site analysis, recurring system scanning, and vulnerability analysis. INL develops recommendations by analyzing exploitable vulnerabilities to help organizations apply the appropriate mitigation measures. Architecture design review involves expert-levelCritical infrastructure cyber assessments and risk engagement with critical infrastructure cybersecurityanalysis analyzes critical infrastructure assets to identify engineers (CICSEs) and subject matter experts usingsystem threats and vulnerabilities. INL assessments federal and industry standards, guidelines and bestof cyber maturity, OT and IT, regional resiliency, and practices for analysis. This engagement is not intendedmacro- and microsystems help asset owners mitigate to be an audit but rather an in-depth cybersecurityrisk and formulate policy and research priorities.design review of an asset owners OT architectures that directly supports critical and enabling functions. Assessment methodology development enhances tools and methods to improve assessments of system Network architecture validation and verification evaluatesand network vulnerabilities. The tools and methods are against industry best practices like CISAs Recommendeddeveloped using research, known vulnerabilities and Secure Architecture (based on the Purdue model), NIST 800-82cybersecurity analysis to support this analysis.and NIST 800-53. Asset owners subject matter experts and CICSEs identify weaknesses that affect critical functions. CICSEsCybersecurity Risk Management Framework (RMF) validate current architecture against captured network trafficdevelopment uses INL programs, policy development and identify possible unverified trust using discussion-basedtools, and industry best practices to help asset owners interviews and open-source tools (INL-developed and other). build and manage a strong cybersecurity foundation. Cyber Security Evaluation Tool (CSET) is a desktop R E L A T E DCSET software tool that guides asset owners and I N L T O O L S operators through a step-by-step process to evaluate ICS and IT network security practices. For more info, contact: [email protected] Capabilities Catalog'