Control systems have always had alarms and alerts and fine-tuning the system is always an important part of commissioning and every day operation. In the last several years, ICS Network Security Monitoring (NSM) technology and methods have been a popular topic in our space. These ICS NSM security alerts must be tuned, much like the ICS alarms are tuned. In fact, the process should be similar…and tied closely together. This session will look at how successful techniques from alarm management, such as ISA 18.2, can be used for NSM alert tuning. Chris will show that your SOC analyst may not have to be an ICS expert, but it will be important to build in context behind each alert that should come from working with your ICS Engineers and SMEs.