Industrial Control Systems Healthcheck

Reduce security vulnerabilities in SCADA and ICS environments

During an Industrial Control Systems (ICS) Healthcheck, Mandiant experts draw on our knowledge of advanced threat actors, security breaches and ICS domains to evaluate how well your ICS security program and architecture are segmented, protected and monitored.

Industrial Control Systems Healthcheck

Industrial Control System Healthcheck Overview


The ICS Healthcheck helps your organization assess its cyber security posture without the operational risk associated with software-based agents, network scanning and other aggressive and invasive assessment techniques. Incorporating their understanding of operational technology (OT), Mandiant consultants deliver a workshop-based ICS architecture review and provide a detailed technical analysis of and recommendations for your security environment.

Our Approach

The ICS Healthcheck applies an ICS risk analysis and threat modeling methodology followed by technical data analysis.

Risk analysis and threat modeling

  1. Document current network
    Mandiant consultants inventory and review your existing architecture documentation, communications protocols and security polices, standards, and procedures to thoroughly understand of your ICS security environment.
  2. Develop threat model
    Our experts work with your IT, operations and engineering staff to identify the high-likelihood and high-risk attack vectors and targets.
  3. Prioritize controls
    Using the threat model, Mandiant professionals help your team select and prioritize security controls to address recognized anticipated threats.

Technical data analysis

  1. Review network segmentation
    Our consultants deploy a FireEye Network Forensics Platform device on your network and then analyze network packet capture files to determine the types of security risks you face.
  2. Review security device configuration
    Mandiant experts determine how you have configured your network security devices and verify the efficacy of their rule sets.

What you get

  • Threat model diagram
  • ICS Healthcheck report
  • Strategic and technical recommendations

Critical Infrastructure Solution Brief

Non-invasive protection across operational and information technology assets.

Download solution brief

Six Subversive Security Concerns for Industrial Environments

Mitigate six hidden plant floor weaknesses that adversaries exploit to undermine operations. Read our step-by-step checklist.

Download report

Cyber Attacks on the Ukranian Grid: What You Should Know

This report details the use of the BlackEnergy3 distributed denial-of-service attack tool by the Sandworm team, along with best practice defenses.

Read report