FireEye iSIGHT Intelligence compiled extensive data from dozens of ICS security health assessment engagements (ICS Healthcheck) performed by Mandiant, FireEye’s consulting team, to identify the most pervasive and highest priority security risks in industrial facilities. The information was acquired from hands-on assessments carried out over the last few years across a broad range of industries, including manufacturing, mining, automotive, energy, chemical, natural gas, and utilities.
Mandiant ICS Healthchecks and penetration testing engagements include on-site assessments of customers’ IT and ICS systems. The ICS Healthcheck consists of workshops and technical reviews. It captures the results in a final report that ranks discovered findings and vulnerabilities by risk using Mandiant’s Risk Rating method. During an onsite workshop with site technical experts, Mandiant develops a technical understanding of the subject control system(s), builds a network diagram of the control system, analyzes for potential vulnerabilities and threats, and assists with prioritizing recommended countermeasures to defend the environment.
Mandiant also collects and reviews packet captures of network traffic from the ICS environment to validate the network diagram constructed in the workshop and to identify any unexpected or undesirable deviations from the intended design. This traffic is also analyzed for evidence of compromise or misconfiguration of the ICS network/system. Mandiant inspects the deployed security technology for vulnerabilities and other architectural risks, such as inappropriately configured firewalls, dual-homed control system devices, and unnecessary connectivity to the business network or the Internet.