Mandiant to probe gaps in rusty unpatchable utility systems

Mandiant has launched a managed gap assessment for industrial control systems (ICS) it says will help administrators deal with temperamental systems.

It was a "light touch" for legacy or leviathan systems that could fall over in the event of tinkering or patching.

Mandiant SCADA bod Dan Scali said the system was geared to monitoring for attacks rather than in a bid to meet often unattainable ICS compliance.

"It's not compliance based, it is about monitoring," Scali told reporters at the MIRCon 2014 event in Washington today.

"We will capture all the information we can to find out if there is anything weird or anomalous happening on the network."

The configuration and age of some ICS systems made it resistant to patching and therefore some compliance regimes, and so should be monitored for signs of compromise.

Scali said hacking attempts against ICS or SCADA systems was less common that run-of-the-mill enterprise popping and differed mainly in attacker intent.

"[The difference] is intent, the motivation to collect ICS data," Scali said. "And in visibility; not many of us have insight into the security posture of ICSes."

A common misconception he said was that SCADA attacks had to be specific against SCADA protocols noting that those targeting enterprise vulnerabilities often applied to utilities.

He said the intent of hacking ICS could be to "destroy" rather than steal, and posited that attackers may have quietly infiltrated critical infrastructure systems and maintained a foothold, perhaps to begin causing damage only in the event of kinetic warfare between states.

"Are these attackers in there already and they're just undetected?"

He said private sector critical utilities from the oil and gas sectors have expressed interest in the managed service. ®

Darren Pauli travelled to Washington DC as a guest of FireEye.