SANS 2021 features 30+ Interactive Courses, Three NetWars Tournaments, Trivia Night, and Bonus Talks. Save $150 thru Tomorrow!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

NIST Recommendations for ICS & IIoT Security

  • Thursday, February 28, 2019 at 3:30 PM EST (2019-02-28 20:30:00 UTC)
  • Phil Neray, Michael Powell, Jim McCarthy, Tim Zimmerman


  • CyberX

You can now attend the webcast using your mobile device!



WannaCry, NotPetya, and TRITON demonstrate that ICS and IIoT networks continue to be soft targets for cyberattacks, increasing the risk of costly downtime, safety failures, environmental incidents, and theft of sensitive intellectual property.

NIST and the NCCoE recently published a NIST Interagency Report (NISTIR) demonstrating how off-the-shelf, ICS-aware behavioral anomaly detection (BAD) effectively reduces cyber risk for manufacturing organizations, without impacting OT networks, as well as risk from equipment malfunctions.

The report was the product of a close collaboration between NCCoE, CyberX, and other technology providers such as OSIsoft.

In this joint webinar with NIST and CyberX, you'll learn about:

  • Mapping the security characteristics of BAD to the NIST CSF
  • Using NIST's reference architecture for your own ICS & IIoT environment
  • How CyberX detected 15 examples of high-risk anomalies in NIST's testbed environment, including unauthorized devices; unauthorized remote access; plain-text credentials; network scans using ICS protocols; and unauthorized PLC logic downloads

We'll also discuss how CyberX's agentless platform helps you:

  • Auto-discover your ICS & IIoT assets, protocols, and network topology
  • Identify critical OT vulnerabilities and risks
  • Prioritize risk mitigation for your most valuable processes (crown jewels)
  • Enable rapid ICS threat detection, response, threat hunting, and prevention
  • Implement converged IT/OT security in your corporate SOC via certified apps for IBM QRadar, Splunk, ServiceNow, Palo Alto Networks, and other integrations with your security stack

Speaker Bios

Phil Neray

Phil Neray is Director of IoT & Industrial Cybersecurity at Microsoft. He joined Microsoft as a result of their acquisition of CyberX, a leader in agentless security and behavioral analytics for industrial and critical infrastructure networks. Prior to CyberX, Phil held executive roles at IBM Security/Q1 Labs, Symantec, Veracode, and Guardium. Phil began his career as an engineer with Hydro-Quebec and as a Schlumberger engineer on oil rigs in South America. He has a BSEE from McGill University, is certified in cloud security (CCSK), and has a First Degree Black Belt in American Jiu Jitsu.

Michael Powell

Michael Powell is a Cybersecurity Engineer at the National Cyber-Security Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) in Rockville, Maryland.†His research focuses on cybersecurity for the manufacturing sector, particularly how it impacts industrial control systems.

Mr. Powell joined the NCCoE in 2017.†In his previous positions, he was responsible for the management/oversight of building and commissioning US Navy DDG-51 class ships.†He also served in the United States Navy for over 20 years, retiring as a Chief Petty Officer.††He holds a bachelorís degree in Information Technology from University of Maryland University College, A Masterís degree in Public Administration from Bowie State University, and a masterís degree in Information Technology from University of Maryland University College.†Mr. Powell is currently in the final stages of completing his Doctorate degree in Computer Science at Pace University in West Chester, New York.

Jim McCarthy

Jim McCarthy is a senior security engineer at the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST). He currently

serves as the Federal lead for Energy Sector projects. The NCCoE collaborates with members of industry, government, and academia to build open, standards-based, modular, and practical example reference designs that address cybersecurity challenges in key economic sectors. The center benefits from formal partnerships with market leaders, including several Fortune 50 companies.

Mr. McCarthy joined the NCCoE in 2014, after serving at the U.S. Nuclear Regulatory Commission. He also worked in various cybersecurity roles at the U.S. Department of Transportation. In his previous positions, he was responsible for the management and operation of the cybersecurity incident response teams for these agencies. He also performed security assessments on components of the nationís critical infrastructure systems. He holds a bachelorís degree from Providence College and masterís degree from the Johns Hopkins Carey Business School.

Tim Zimmerman

Timothy Zimmerman is a Computer Engineer in the Intelligent Systems Division at the National Institute of Standards and Technology (NIST), Gaithersburg, Maryland. His research focuses on cybersecurity for the manufacturing sector, especially its impact on industrial control systems and robotics.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.