Is CADR on Your RADAR?

Shortly after the Colonial hack, the Department of Homeland Security’s (DHS) Transportation Security Administration (TSA) announced a series of security directives aimed at requiring owners and operators of TSA-designated critical liquids and natural gas pipelines to assess their cybersecurity exposure and implement several urgently needed protections against cyber intrusion.

CADR: Going Further than a Standard Cybersecurity Assessment

In collaboration with 1898 & Co., Axio has established a CADR assessment process built on reputable assessment methodologies and consistent with the recommended controls in NIST Special Publication 800-82 Guide to Industrial Control Systems Security. This process provides stakeholders with a clear evaluation of alignment to the TSA’s security directives while establishing a baseline on which to build effective defense-in-depth strategies to improve the security posture of the OT environment. But the CADR assessment goes further than traditional assessments: in addition to reviewing current practices and controls, testing is performed to substantiate the effectiveness of these controls. This provides operators a real-world view of how well their cybersecurity strategy is actually performing.

CADR was Designed for Industrial Control Systems and Operational Technology

This process provides stakeholders with a clear evaluation of alignment to the TSA’s security directives while establishing a baseline on which to build effective defense-in-depth strategies to improve the security posture of the OT environment. The 4 components of a CADR assessment are:

• Network architecture review
• System configuration and log review
• Network traffic analysis
• A comprehensive NIST-based controls review

You can read the full brief about the CADR assessment here.

If you’d like to get stated with a CADR assessment, contact [email protected] for a consultation.