homepage
Menu
Open menu
  • Training
    Go one level top Back

    Training

    • Courses

      Build cyber prowess with training from renowned experts

    • Hands-On Simulations

      Hands-on learning exercises keep you at the top of your cyber game

    • Certifications

      Demonstrate cybersecurity expertise with GIAC certifications

    • Ways to Train

      Multiple training options to best fit your schedule and preferred learning style

    • Training Events & Summits

      Expert-led training at locations around the world

    • Free Training Events

      Upcoming workshops, webinars and local events

    • Security Awareness

      Harden enterprise security with end-user and role-based training

    Featured: Solutions for Emerging Risks

    Discover tailored resources that translate emerging threats into actionable strategies

    Risk-Based Solutions

    Can't find what you are looking for?

    Let us help.
    Contact us
  • Learning Paths
    Go one level top Back

    Learning Paths

    • By Focus Area

      Chart your path to job-specific training courses

    • By NICE Framework

      Navigate cybersecurity training through NICE framework roles

    • DoDD 8140 Work Roles

      US DoD 8140 Directive Frameworks

    • By European Skills Framework

      Align your enterprise cyber skills with ECSF profiles

    • By Skills Roadmap

      Find the right training path based on critical skills

    • New to Cyber

      Give your cybersecurity career the right foundation for success

    • Leadership

      Training designed to help security leaders reduce organizational risk

    • Degree and Certificate Programs

      Gain the skills, certifications, and confidence to launch or advance your cybersecurity career.

    Featured

    New to Cyber resources

    Start your career
  • Community Resources
    Go one level top Back

    Community Resources

    Watch & Listen

    • Webinars
    • Live Streams
    • Podcasts

    Read

    • Blog
    • Newsletters
    • White Papers
    • Internet Storm Center

    Download

    • Open Source Tools
    • Posters & Cheat Sheets
    • Policy Templates
    • Summit Presentations
    • SANS Community Benefits

      Connect, learn, and share with other cybersecurity professionals

    • CISO Network

      Engage, challenge, and network with fellow CISOs in this exclusive community of security leaders

  • For Organizations
    Go one level top Back

    For Organizations

    Team Development

    • Why Partner with SANS
    • Group Purchasing
    • Skills & Talent Assessments
    • Private & Custom Training

    Leadership Development

    • Leadership Courses & Accreditation
    • Executive Cybersecurity Exercises
    • CISO Network

    Security Awareness

    • End-User Training
    • Phishing Simulation
    • Specialized Role-Based Training
    • Risk Assessments
    • Public Sector Partnerships

      Explore industry-specific programming and customized training solutions

    • Sponsorship Opportunities

      Sponsor a SANS event or research paper

    Interested in developing a training plan to fit your organization’s needs?

    We're here to help.
    Contact us
  • Talk with an expert
  • Log In
  • Join - it's free
  • Account
    • Account Dashboard
    • Log Out
  1. Home >
  2. Blog >
  3. ICS/OT Cybersecurity & AI: Considerations for Now and the Future (Part I)
DeanParsons_340x340.png
Dean Parsons

ICS/OT Cybersecurity & AI: Considerations for Now and the Future (Part I)

There are clear benefits to the appropriate use of AI, but it requires caution and setting proper expectations.

May 28, 2024

ica_ot-ai_inblog_graph_1.png

So, an artificial intelligence (AI) engine told me, “AI refers to computer systems that can perform tasks requiring human intelligence. AI is divided into Narrow AI, designed for specific tasks, and General AI, which mimics human-like intelligence. Techniques like machine learning and deep learning enable AI to learn from datasets provided to AI engines. AI is applied across multiple industries, driving innovation and societal transformation.”

Yes, AI tools and technologies are here to stay, in many sectors, and we have the opportunity to embrace it, (with caution). For industrial control systems/operational technology (ICS/OT), that does not mean we all go home and let the control system run and secure itself with AI engines. Tactical decisions made by an AI engine to action security defenses inside control system environments, where safety is the main mission, is not likely something that will replace the ICS/OT security and engineering teams right now. The application of AI for the purpose of augmenting existing cybersecurity workflows to defend critical infrastructure is a conversation for right now.

AI Benefits in ICS/OT Cybersecurity

There are clear benefits to the appropriate use of AI, but it requires caution and setting proper expectations. The integration of Al for ICS/OT cybersecurity in facilities can:

  • Enhance threat detection,
  • Inform industrial incident response capabilities,
  • Prioritize vulnerability management, and
  • Contribute to engineering resilience against evolving cyber threats.

A responsible implementation of AI requires AI-specific skilled resources, tools, and the answer to the very first question that should be asked: “What problems can we solve with AI in ICS/OT Cybersecurity?”

Regardless of whether AI is used in ICS/OT cybersecurity or not, the ICS/OT cybersecurity program still requires that 1) safety and engineering operations are prioritized to enable human defenders who 2) understand IT security, 3) understand specific ICS/OT security and how engineering systems operate, and 4) track and understand adversary attack tradecraft for control systems.

Let’s dive deeper into this.

Manage and Plan for a Response to AI in ICS Now

There's an entire section and leadership lab in one of our SANS ICS courses, ICS418: ICS Security Essentials for Managers, where we teach how to use forecasting to get ahead of technology trends for ICS. AI is a perfect example of a trending technology you can use in ICS418. And there are so many more we discover and walk through in class. ICS418 also teaches existing and new leaders how to embed themselves into engineering team meetings and fully understand engineering system requirements. This allows cybersecurity leaders to be informed on how technology, including AI, can positively (or negatively) impact operations.

Let’s briefly look at how we can map AI as a technology trend, a risk, and a benefit to engineering environment protection. First, identify what matters most to the business in a control system industry. The ICS network and engineering systems is the business. So, how can AI improve efficiencies in engineering and ICS cybersecurity in these areas below? *This requires a full understanding of the priorities from your VP of engineering and executive team, first. Some areas to consider include:

  • Safety
  • Profitability
  • Reliability
  • Resilience
  • Compliance
  • Productivity
  • Performance
  • Availability
  • Engineering Intellectual Property Protection
  • Etc.

The exercise below will help you map your potential, current, and desired states using AI as a technology trend to consider, embrace, plan for, and manage its related risks in ICS.

The Current State represents your current understanding and adaptation of AI, or not, towards its use in your ICS/OT cybersecurity or engineering workflows, today.

Potential State 1 represents one potential future scenario: For example, AI is in the early adoption stages for your control system cybersecurity program. There is a potential for minor workflow improvements, but also a challenge obtaining trained ICS security resources and ICS specific technologies, let alone the infrastructure and trained AI-specific resources.           

Potential State 2 represents another potential future scenario: For example, AI is being deployed by vendors or internal employees currently in your environment, but the infrastructure, models, and accuracy are not up to a trusted or accurate level. This leads to increased unnecessary risk to engineering operations, ineffective cyber defenses creating false positives, and poor decisions for engineering system maintenance tasks that could lead to lost time or safety impacts.

Desired State 1 represents an ideal outcome within the next 6-12 months for AI in ICS. It could be that an internal ICS security team is established and trained on ICS security. Simultaneously, AI trends and technology continue to be monitored, fully researched, and aligned with potential engineering system use cases.

Desired State 2 represents an ideal outcome within the following 12-24 months for AI in ICS. It could be that AI is adopted and phased into existing workflows to augment engineering and ICS/OT cybersecurity workflows for improved efficiencies with a dedicated ICS security and engineering resource(s).

Use the chart below to help you plot your current, potential, and desired states and timeframes and provide some basic direction towards your adaptation and risks to AI, today.

ica_ot-ai_inblog_graph_2.png

ICS and AI in the Field: Top Questions & Answers

With my firm ICS Defense Force, I perform ICS/OT security assessments, incident response tasks, and incident response tabletop exercises across multiple critical infrastructure sectors, globally. This practical field experience allows me to meet with security teams, engineering staff, and leadership.

The latest threats and technology trends are always a topic for discussion. AI included. In fact, I’ve recently completed ICS security assessments and threat hunting exercises across oil and gas, water management, and electric power sectors. In all those cases I tested and leveraged AI safely. Here are some of the most common questions and answers I get about ICS/OT cybersecurity and AI in the field.

1. Q: Given the threats to critical infrastructure today, is AI the first thing, or even in the top 5 things, to implement immediately to protect the critical infrastructure systems we all rely on to sustain our modern way of life?

A: No, (but it depends, a little). Most organizations today, based on the SANS 2023 ICS Cybersecurity Survey, are spending cybersecurity funds and effort over the next 18th months on:

a. Obtaining network visibility: ICS/OT-specific network traffic visibility for ICS/OT protocols and commands, and

b. Detection of threats entering the ICS through a common vector(s): Transient device threat detection and threats coming through IT networks into ICS/OT networks, (which accounts for nearly 40% of ICS compromises today). However, with additional resources, infrastructure, setup, and tuning etc., AI could augment and assist with select aspects of implementing some of these prioritized security tasks with moderate efficiency improvements.

2. Q: When is a good time to implement the use of AI to assist in ICS/OT cybersecurity, either passively or actively?

A: If a facility currently has an established ICS security team, and given the current threat landscape to ICS/OT; critical infrastructure, leaders, and practitioners can best prioritize the full implementation of, at the least, the SANS Five ICS Cybersecurity Critical Controls as rapid as possible. Then, consider how to source, deploy, monitor, secure, maintain, and tune AI infrastructure for their ongoing ICS or engineering program.

3. Q: Will AI take my job?

A: Unlikely, but it is likely that those who understand how to (and how not to) apply AI to meet the engineering and ICS/OT specific security needs will be the humans tasked with modern cybersecurity defenses for ICS/OT environments.

4. Q: What question should I ask first when considering how AI can help with ICS/OT Cybersecurity?

A: As facilities and engineering leadership consider how ICS/OT can be used in their control systems, a great first question to ask before implementation is, “What problems can we solve with AI in ICS cybersecurity to reduce impacts to safety and reliability, before, during, or after industrial cyber incidents?”

5. Q: Will the implementation of AI require AI-specific skill sets?

A: Yes. Specific AI infrastructure setup knowledge, including hands-on skills and subject area/sector knowledge is required to do things like, but not limited to, installing, securing, training, and maintaining AI engines and models to be of use.

AI in ICS/OT: Top Challenges and Considerations

Here are some uses, challenges, and considerations when considering the use of AI for ICS/OT cybersecurity and engineering workflows.

Risk to ICS/OT Operations When Using AI

Cybersecurity Risks: Integrating AI into ICS/OT increases the complexity of the systems, potentially exposing new vulnerabilities for cyberattacks, and in some cases, the potential for false positives to disrupt engineering operations. Ensuring the security of AI algorithms, models, dataset locations, and their detection-only capability is essential.

Data Quality and Availability: AI systems require high-quality and comprehensive data sets to function effectively and be accurate and correct! In some industrial environments, collecting this data can be challenging due to older equipment or proprietary systems.

Skills Gap: The specialized knowledge required to implement and manage AI in ICS/OT environments can be a barrier. Training for existing personnel is available (see resources and development points below) and hiring new talent with the right skills would be necessary. It is important to also note, there may be higher priority items inside engineering and ICS security that would provide higher return on investment than undertaking AI at this time. This depends greatly on a facilities’ current ICS specific security maturity.

Reliability and Trust: Like data quality and availability above, relying on AI for critical decisions in industrial environments requires a high level of trust in the technology. Ensuring the reliability of AI decisions is crucial for acceptance and adoption of the technology and its related risks.

ICS/OT Cybersecurity AI Use Cases

Anomaly Detection: AI algorithms can analyze vast amounts of threat data from ICS/OT networks to identify unusual patterns or behaviors that could indicate potential cyber threats or malfunctions. This would be an obvious aid to an existing ICS security team’s workflow.

Threat Detection: AI-powered systems can continuously monitor network traffic and identify known and potential emerging threats based on detected changes, helping to detect cyber-attacks in near real-time. This would be an obvious aid to an existing ICS security team’s workflow. It would be wise to resist a shift to allow AI to actively block (automated response or change) network activity and engineering software functionality that could be flagged as a false positive. That is, the AI engine could cause a legitimate engineering or safety event from being carried out as intended by operators or programmable logic controls, etc., if it got something wrong or was not 100% accurate.

Engineering AI Use Cases

Predictive Maintenance: Large data sets from sensors and machinery can be processed by AI engines to enable proactive maintenance by helping predict when equipment could fail.

Process Optimization: AI can optimize processes by analyzing operational steps to help identify inefficiencies and recommend improvements that may lead to increased productivity, reduced energy consumption, and improved product quality in manufacturing, power generation, and refining processes.

In conclusion, for managers and leaders overseeing ICS/OT industrial control system environments, it's imperative to understand that ICS is the business. ICS defenders would do well to navigate the evolving landscape of AI technology with both optimism and caution. While AI holds immense potential to revolutionize engineering practices and bolster cybersecurity defenses for critical infrastructure, it must be approached with a keen awareness of its potential impacts on safety and operational reliability and with the appropriate (risk-based) priority and resources.

It's crucial to acknowledge AI will not replace human decision-making for ICS/OT cybersecurity defense or engineering at this time. Rather, it could be leveraged by a well-established and trained ICS security team to augment their ICS specific security technology, workflows, assessments, etc., as a supplementary tool. Areas where AI can be safely integrated into engineering industrial control system networks may include passive anomaly and threat detection, suggestive predictive engineering equipment maintenance schedules, and threat hunting hypothesis generation.

By embracing AI judiciously and in conjunction with human expertise (who have IT, ICS/OT security, and engineering knowledge), organizations can harness its transformative power with assigned additional resources, while ensuring the robustness and resilience of their critical infrastructure systems. More to come on ICS and AI. Stay connected, stay tuned.

Additional AI Resources and Professional Development

See the following to help equip your role and team(s) with the right training and resources to mitigate the risks and vulnerabilities to the rapid introduction AI into the world.

  • Webcast: SANS AI Cybersecurity Forum: Insights from the Front Lines
  • Course: ICS418: ICS Security Essentials for Managers helps build critical infrastructure ICS/OT cybersecurity teams and leaders. This course empowers those stepping into an ICS leadership role for the first time, those leading IT security now also tasked with ICS security, and those stepping up to take the charge to manage cybersecurity risk from inside engineering departments.
  • Course: ICS515: ICS Visibility, Detection, and Response teaches how to set up, deploy, and maintain ICS-specific network visibility and incident response from a tactical perspective, that are two of the critical ICS-specific controls among the SANS Five ICS Cybersecurity Critical Controls.
  • Course: AIS247: AI Security Essentials for Business Leaders
  • Course: SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
  • Find a full list of resources here.

NOTE: The title image for this blog was created by AI and it got it wrong… On several occasions AI was asked to include an ice cream sandwich with an industrial control system facility. That’s not an ice cream sandwich, it’s a waffle cone. :)

Be sure to check out Part II of this series, ICS/OT Cybersecurity & AI: Considerations for Now and the Future, here.

About the Author

Dean Parsons is a SANS Certified ICS instructor and ICS protector in the security field for critical infrastructure. Check out Dean’s SANS profile to see when he’s teaching next, or click here to register for an ICS course or take a free ICS course demo.

Dean is the CEO and Principal Consultant of ICS Defense Force and brings over 20 years of technical and management experience to the classroom. He has worked in both IT and ICS Cyber Defense in critical infrastructure sectors such as telecommunications; electricity generation, transmission, distribution; and oil and gas refineries, storage, and distribution. Dean is an ambassador for defending industrial systems and an advocate for the safety, reliability, and cyber protection of critical infrastructure. His mission as an instructor is to empower each of his students. Dean earnestly preaches that “Defense is Do-able!” His career accomplishments include establishing entire ICS security programs for critical infrastructure sectors, successfully containing and eradicating malware and ransomware infections in electricity generation and manufacturing control networks, performing malware analysis triage and ICS digital forensics, building converged IT/OT incident response and threat hunt teams, and conducting ICS assessments in electric substations, oil and gas refineries, manufacturing, and telecommunications networks.

A SANS Certified Instructor, Dean teaches ICS515: ICS Visibility, Detection, and Response and is a co-author of the new SANS Course ICS418: ICS Security Essentials for Managers. Dean is a member of the SANS GIAC Advisory Board and holds many cybersecurity professional certifications including the GICSP, GRID, GSLC, and GCIA, as well as the CISSP®. He is a proud native of Newfoundland and holds a BS in computer science from Memorial University of Newfoundland.

For more insights into leveraging AI to augment existing ICS security workflows, download the SANS Strategy Guide: ICS Is the Business.

Share:
TwitterLinkedInFacebook
Copy url Url was copied to clipboard
Subscribe to SANS Newsletters
Receive curated news, vulnerabilities, & security awareness tips
United States
Canada
United Kingdom
Spain
Belgium
Denmark
Norway
Netherlands
Australia
India
Japan
Singapore
Afghanistan
Aland Islands
Albania
Algeria
American Samoa
Andorra
Angola
Anguilla
Antarctica
Antigua and Barbuda
Argentina
Armenia
Aruba
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belize
Benin
Bermuda
Bhutan
Bolivia
Bonaire, Sint Eustatius, and Saba
Bosnia And Herzegovina
Botswana
Bouvet Island
Brazil
British Indian Ocean Territory
Brunei Darussalam
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Cape Verde
Cayman Islands
Central African Republic
Chad
Chile
China
Christmas Island
Cocos (Keeling) Islands
Colombia
Comoros
Cook Islands
Costa Rica
Cote D'ivoire
Croatia (Local Name: Hrvatska)
Curacao
Cyprus
Czech Republic
Democratic Republic of the Congo
Djibouti
Dominica
Dominican Republic
East Timor
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Eswatini
Ethiopia
Falkland Islands (Malvinas)
Faroe Islands
Fiji
Finland
France
French Guiana
French Polynesia
French Southern Territories
Gabon
Gambia
Georgia
Germany
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guam
Guatemala
Guernsey
Guinea
Guinea-Bissau
Guyana
Haiti
Heard And McDonald Islands
Honduras
Hong Kong
Hungary
Iceland
Indonesia
Iraq
Ireland
Isle of Man
Israel
Italy
Jamaica
Jersey
Jordan
Kazakhstan
Kenya
Kiribati
Korea, Republic Of
Kosovo
Kuwait
Kyrgyzstan
Lao People's Democratic Republic
Latvia
Lebanon
Lesotho
Liberia
Liechtenstein
Lithuania
Luxembourg
Macau
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Martinique
Mauritania
Mauritius
Mayotte
Mexico
Micronesia, Federated States Of
Moldova, Republic Of
Monaco
Mongolia
Montenegro
Montserrat
Morocco
Mozambique
Myanmar
Namibia
Nauru
Nepal
Netherlands Antilles
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
North Macedonia
Northern Mariana Islands
Oman
Pakistan
Palau
Palestine
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Pitcairn
Poland
Portugal
Puerto Rico
Qatar
Reunion
Romania
Russian Federation
Rwanda
Saint Bartholemy
Saint Kitts And Nevis
Saint Lucia
Saint Martin
Saint Vincent And The Grenadines
Samoa
San Marino
Sao Tome And Principe
Saudi Arabia
Senegal
Serbia
Seychelles
Sierra Leone
Sint Maarten
Slovakia
Slovenia
Solomon Islands
South Africa
South Georgia and the South Sandwich Islands
South Sudan
Sri Lanka
St. Helena
St. Pierre And Miquelon
Suriname
Svalbard And Jan Mayen Islands
Sweden
Switzerland
Taiwan
Tajikistan
Tanzania, United Republic Of
Thailand
Togo
Tokelau
Tonga
Trinidad And Tobago
Tunisia
Turkey
Turkmenistan
Turks And Caicos Islands
Tuvalu
Uganda
Ukraine
United Arab Emirates
United States Minor Outlying Islands
Uruguay
Uzbekistan
Vanuatu
Vatican City State
Venezuela
Vietnam
Virgin Islands (British)
Virgin Islands (U.S.)
Wallis And Futuna Islands
Western Sahara
Yemen
Zambia
Zimbabwe

By providing this information, you agree to the processing of your personal data by SANS as described in our Privacy Policy.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Tags:
  • Industrial Control Systems Security

Related Content

Blog
Industrial Control Systems Security
May 19, 2025
Culture Over Checklists: How NextEra Is Rethinking NERC CIP with People at the Center
When people ask me what makes a successful NERC CIP program, my answer is always the same: it’s not just about compliance, it’s about culture. You can meet every regulatory requirement and still be vulnerable. You can pass every audit and still lack resilience. The organizations that stand out—the...
370x370_Jason-D-Christopher.jpg
Jason D. Christopher
read more
Blog
emerging threats summit 340x340.png
Digital Forensics, Incident Response & Threat Hunting, Offensive Operations, Pen Testing, and Red Teaming, Cyber Defense, Industrial Control Systems Security, Cybersecurity Leadership
May 14, 2025
Visual Summary of SANS Emerging Threats Summit 2025
Check out these graphic recordings created in real-time throughout the event for SANS Emerging Threats Summit 2025
No Headshot Available
Alison Kim
read more
Blog
Blog - Cloudy with a Chance of_340 x 340.jpg
Industrial Control Systems Security
May 13, 2025
Cloudy with a Chance of Industrial Cyber Threats, Part 1
Cloud in ICS/OT can enable scalable data storage, remote monitoring, analytics, disaster recovery, & industrial process control capabilities.
DeanParsons_340x340.png
Dean Parsons
read more
  • Company
  • Mission
  • Instructors
  • About
  • FAQ
  • Press
  • Contact Us
  • Careers
  • Policies
  • Training Programs
  • Work Study
  • Academies & Scholarships
  • Public Sector Partnerships
  • Law Enforcement
  • SkillsFuture Singapore
  • Degree Programs
  • Get Involved
  • Join the Community
  • Become an Instructor
  • Become a Sponsor
  • Speak at a Summit
  • Join the CISO Network
  • Award Programs
  • Partner Portal
Subscribe to SANS Newsletters
Receive curated news, vulnerabilities, & security awareness tips
United States
Canada
United Kingdom
Spain
Belgium
Denmark
Norway
Netherlands
Australia
India
Japan
Singapore
Afghanistan
Aland Islands
Albania
Algeria
American Samoa
Andorra
Angola
Anguilla
Antarctica
Antigua and Barbuda
Argentina
Armenia
Aruba
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belize
Benin
Bermuda
Bhutan
Bolivia
Bonaire, Sint Eustatius, and Saba
Bosnia And Herzegovina
Botswana
Bouvet Island
Brazil
British Indian Ocean Territory
Brunei Darussalam
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Cape Verde
Cayman Islands
Central African Republic
Chad
Chile
China
Christmas Island
Cocos (Keeling) Islands
Colombia
Comoros
Cook Islands
Costa Rica
Cote D'ivoire
Croatia (Local Name: Hrvatska)
Curacao
Cyprus
Czech Republic
Democratic Republic of the Congo
Djibouti
Dominica
Dominican Republic
East Timor
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Eswatini
Ethiopia
Falkland Islands (Malvinas)
Faroe Islands
Fiji
Finland
France
French Guiana
French Polynesia
French Southern Territories
Gabon
Gambia
Georgia
Germany
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guam
Guatemala
Guernsey
Guinea
Guinea-Bissau
Guyana
Haiti
Heard And McDonald Islands
Honduras
Hong Kong
Hungary
Iceland
Indonesia
Iraq
Ireland
Isle of Man
Israel
Italy
Jamaica
Jersey
Jordan
Kazakhstan
Kenya
Kiribati
Korea, Republic Of
Kosovo
Kuwait
Kyrgyzstan
Lao People's Democratic Republic
Latvia
Lebanon
Lesotho
Liberia
Liechtenstein
Lithuania
Luxembourg
Macau
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Martinique
Mauritania
Mauritius
Mayotte
Mexico
Micronesia, Federated States Of
Moldova, Republic Of
Monaco
Mongolia
Montenegro
Montserrat
Morocco
Mozambique
Myanmar
Namibia
Nauru
Nepal
Netherlands Antilles
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
North Macedonia
Northern Mariana Islands
Oman
Pakistan
Palau
Palestine
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Pitcairn
Poland
Portugal
Puerto Rico
Qatar
Reunion
Romania
Russian Federation
Rwanda
Saint Bartholemy
Saint Kitts And Nevis
Saint Lucia
Saint Martin
Saint Vincent And The Grenadines
Samoa
San Marino
Sao Tome And Principe
Saudi Arabia
Senegal
Serbia
Seychelles
Sierra Leone
Sint Maarten
Slovakia
Slovenia
Solomon Islands
South Africa
South Georgia and the South Sandwich Islands
South Sudan
Sri Lanka
St. Helena
St. Pierre And Miquelon
Suriname
Svalbard And Jan Mayen Islands
Sweden
Switzerland
Taiwan
Tajikistan
Tanzania, United Republic Of
Thailand
Togo
Tokelau
Tonga
Trinidad And Tobago
Tunisia
Turkey
Turkmenistan
Turks And Caicos Islands
Tuvalu
Uganda
Ukraine
United Arab Emirates
United States Minor Outlying Islands
Uruguay
Uzbekistan
Vanuatu
Vatican City State
Venezuela
Vietnam
Virgin Islands (British)
Virgin Islands (U.S.)
Wallis And Futuna Islands
Western Sahara
Yemen
Zambia
Zimbabwe

By providing this information, you agree to the processing of your personal data by SANS as described in our Privacy Policy.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
  • Privacy Policy
  • Terms and Conditions
  • Do Not Sell/Share My Personal Information
  • Contact
  • Careers
© 2025 The Escal Institute of Advanced Technologies, Inc. d/b/a SANS Institute. Our Terms and Conditions detail our trademark and copyright rights. Any unauthorized use is expressly prohibited.
  • Twitter
  • Facebook
  • Youtube
  • LinkedIn