ICS testing best results. Hint: Blend your approach

This report recommends a blended approach to ICS security testing that combines risk-averse on-site discovery and mapping with targeted lab testing of high-value devices to reveal deeper issues. A real-world example is described where lab analysis of a commonly used cellular gateway uncovered credential and messaging weaknesses that could allow one compromised gateway to issue commands and read configurations on others, prompting vendor and integrator notifications.