Cybersecurity Architecture Design & Review (CADR)

Assess and Plan

Because of the importance of keeping our energy systems safe and reliable, a key ongoing requirement of the Transportation Security Administration (TSA) Pipeline Security Directives is that owners and operators of pipelines and LNG facilities must conduct a Cybersecurity Architecture Design Review (CADR) assessment every two years.

This directive highlights the need for regular, rigorous reviews to identify any weaknesses that could put these essential systems at risk.

This specialized review focuses on examining the architecture of industrial control systems (ICS) networks and systems. The review studies how your networks are configured, how data moves through them, and reviewing system logs to identify past or present threats to safe, security, and reliable operations.

What We Do

Our goal with any CADR assessment is to help asset owners and operators identify and address cybersecurity and reliability vulnerabilities within their ICS networks. By doing so, we provide you with actionable insights and recommendations to strengthen your security.

Our approach, inspired by the Validated Architecture Design Review (VADR) service by the Cybersecurity and Infrastructure Security Agency’s (CISA) ICS-CERT assessment team, goes above and beyond by incorporating advanced analyses such as firewall screening, network path analysis, and the option to create detailed network diagrams.

Our Approach

Architecture Design and Implementation Review

We carry out a thorough review of your control system network setup, looking into how your network is organized, including different parts of the network, virtual networks, and how it’s segmented to enhance security. This process includes a detailed examination of how your network devices are configured and secured, using insights from your team and confirmed by gathering and analyzing technical information.

Network Data Traffic and Path Analysis

Our specialists examine network traffic and data patterns to identify any unusual activity or potential security risks. With the help of sophisticated tools, we map out network access and study how data moves through the system to build a strong protection against unauthorized entry.

Firewall Rule Screening

We closely review the rules set up in firewalls and the permissions for network switches to find and fix any weak area. This strengthens your network’s defense against security threats.

System Log Analysis

By looking at records of system activity and event logs, our team uncovers important information about how key parts of your control system operate. This review helps us provide personalized advice designed to boost your cybersecurity defenses.

What You Get

Upon completion, Armexa delivers a comprehensive report and an executive summary presentation that outlines our findings, highlighting the strengths, weaknesses, and opportunities for improvement in your ICS network security and resilience.

Working closely with your IT, operations, engineering, and management teams helps us get a full picture of your cybersecurity situation. This collaboration supports making knowledgeable choices and strategic improvements.

Why Armexa?

With a rich history of conducting CADR/VADR assessments for pipeline operators and a methodology that not only meets but exceeds the standards set by Idaho National Laboratories (INL), our service is uniquely positioned to offer deep insights and advanced defensive strategies customized to your specific control systems network.

Whether mandated by regulation or a step taken for improved security, Armexa’s Cybersecurity Architecture Design Review service is an essential tool for any industrial asset owner or operator.

Contact us to get started today.

Related Content

Enriching Security for a Major US Energy Company | Armexa


Case Study: US Energy Company Enriches Security Posture With OT Security Program Development

Discover how Armexa developed and implemented an enterprise-wide security program across 75 oil and gas facilities.

Discover how we can build digital resiliency into your OT infrastructure