With cyber threats targeting more critical infrastructure entities, the TSA is now requiring Cybersecurity Architecture Design Reviews to evaluate the capabilities and associated security policies and controls exhibited by the existing O&G OT security technology footprint.
Our OT Security experts can perform a Cybersecurity Architecture Design Review to provide you with a comprehensive assessment focusing on relevant key strategies and aligning to industry OT/ICS best practices and frameworks such as: National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), NIST 800-53, NIST 800-82, CPwE Design and Implementation Guide, and the SANS Five ICS Cybersecurity Critical Controls. With our CADR services, we can help your organization:
Our CADR methodology and process leverages the framework of your choice to evaluate your O&G OT architecture, configurations, policies, security controls, and interconnectivity to internal/external systems. When considering a cybersecurity maturity benchmark, we recommend using a Crawl, Walk, Run approach.
Our process begins with the acquisition of architecture drawings and diagrams, asset inventory lists/spreadsheets, network configurations (VLANs, routing, ACLs), firewall configurations, remote access, site-to-site VPNs, OT security policies and procedures, and OT monitoring tool data/configuration.
From there we will conduct network and system design documentation reviews, interview key staff members across IT, OT, Security and Leadership to gain valuable insights into your organization’s operational and security practices, align our findings with best practices to determine potential areas for improvement, and ultimately provide the CADR Report and briefing, which highlights areas of strength and opportunities to enhance your OT security program.
Every CADR that we provide includes a dedicated deliverable, which describes the work performed, details the risk rating (high, medium, and low) of the identified findings, provides remediation steps, and includes any additional recommendations to improve security. You should expect to receive the following:
Certifications