CYBERSECURITY ARCHITECTURE DESIGN REVIEW (CADR)

Our OT Security experts can provide a Cybersecurity Architecture Design Review (CADR) to validate that your Oil & Gas (O&G) network architecture effectively isolates critical OT systems from potential threats and vulnerabilities.

Validate Your OT Security Controls to Meet TSA’s Security Directive

With cyber threats targeting more critical infrastructure entities, the TSA is now requiring Cybersecurity Architecture Design Reviews to evaluate the capabilities and associated security policies and controls exhibited by the existing O&G OT security technology footprint.

Our OT Security experts can perform a Cybersecurity Architecture Design Review to provide you with a comprehensive assessment focusing on relevant key strategies and aligning to industry OT/ICS best practices and frameworks such as: National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), NIST 800-53, NIST 800-82, CPwE Design and Implementation Guide, and the SANS Five ICS Cybersecurity Critical Controls. With our CADR services, we can help your organization:

  • Evaluate Your OT Design Architecture
  • Verify and Validate Network Traffic
  • Analyze Network Device Configurations and Logs
  • Ensure Compliance with TSA SD Pipeline-2021-02E

Programmatically Assess Your OT Security Environment

Our CADR methodology and process leverages the framework of your choice to evaluate your O&G OT architecture, configurations, policies, security controls, and interconnectivity to internal/external systems. When considering a cybersecurity maturity benchmark, we recommend using a Crawl, Walk, Run approach.

Our process begins with the acquisition of architecture drawings and diagrams, asset inventory lists/spreadsheets, network configurations (VLANs, routing, ACLs), firewall configurations, remote access, site-to-site VPNs, OT security policies and procedures, and OT monitoring tool data/configuration.

From there we will conduct network and system design documentation reviews, interview key staff members across IT, OT, Security and Leadership to gain valuable insights into your organization’s operational and security practices, align our findings with best practices to determine potential areas for improvement, and ultimately provide the CADR Report and briefing, which highlights areas of strength and opportunities to enhance your OT security program.

Understand Your Existing OT Security Posture

Every CADR that we provide includes a dedicated deliverable, which describes the work performed, details the risk rating (high, medium, and low) of the identified findings, provides remediation steps, and includes any additional recommendations to improve security. You should expect to receive the following:

  • Executive Summary: Designed for management personnel, this overview of the information contained within the Technical Analysis section provides a high-level analysis of the work performed, identified findings, and recommendations to improve your OT security posture.
  • Technical Analysis – This section provides details on your current OT security posture, including specific recommendations to improve the security of the in-scope OT infrastructure, evidence of those observations, and steps to reproduce any testing conducted during the assessment (where applicable)
Maintenance Service Icon

Certifications

Put an ELITE Highly-Trained Team on Your Side