A small office of the Homeland Security Department has released a draft cybersecurity checklist intended to help enterprises focus on the real-world consequences of security breaches. The U.S. Cyber Consequences Unit was created by DHS to provide analysis of economic and strategic consequences of cyberattacks on critical infrastructure and to evaluate the cost-effectiveness of countermeasures. As part of this work, director and chief economist Scott Borg and research director John Baumgarner began on-site visits to evaluate systems in critical industry sectors. The new USCCU list shifts the focus from perimeter security to monitoring and maintaining internal systems. The problem with perimeter security is that there is always some way to circumvent it, Borg said. The checklist contains 478 questions grouped into six categories: hardware, software, networks, automation, humans and suppliers.