Industrial control systems, a type of cyber-physical system, control critical infrastructures such as national power distribution (nuclear, electrical, etc), manufacturing, and communication infrastructures. The increased internet-connectivity of devices within these networks create apertures for malicious actors to access and control these critical infrastructures. Teaming with FireEye, we retrieved publicly available information about IP addresses that were recorded port-scanning an ICS system. We extracted a list of features that indicate the IP address may be malicious, and created a confidence level to help clients determine potential maliciousness. Using improved capabilities, companies can have increased visibility into their ICS environment.