Shortly after the Colonial hack, the Department of Homeland Security’s (DHS) Transportation Security Administration (TSA) announced a series of security directives aimed at requiring owners and operators of TSA-designated critical liquids and natural gas pipelines to assess their cybersecurity exposure and implement several urgently needed protections against cyber intrusion.
CADR: Going Further than a Standard Cybersecurity Assessment
In collaboration with 1898 & Co., Axio has established a CADR assessment process built on reputable assessment methodologies and consistent with the recommended controls in NIST Special Publication 800-82 Guide to Industrial Control Systems Security. This process provides stakeholders with a clear evaluation of alignment to the TSA’s security directives while establishing a baseline on which to build effective defense-in-depth strategies to improve the security posture of the OT environment. But the CADR assessment goes further than traditional assessments: in addition to reviewing current practices and controls, testing is performed to substantiate the effectiveness of these controls. This provides operators a real-world view of how well their cybersecurity strategy is actually performing.
CADR was Designed for Industrial Control Systems and Operational Technology
This process provides stakeholders with a clear evaluation of alignment to the TSA’s security directives while establishing a baseline on which to build effective defense-in-depth strategies to improve the security posture of the OT environment. The 4 components of a CADR assessment are:
- Network architecture review
- System configuration and log review
- Network traffic analysis
- A comprehensive NIST-based controls review
You can read the full brief about the CADR assessment here.
If you’d like to get stated with a CADR assessment, contact [email protected] for a consultation.