Security measures for Industrial Control Systems (ICSs), until recently, have come mainly in the form of a physical disconnect by implementing an ＂air-gap＂. This disconnect isolated the nodes of an ICS network from other net- works, including the Internet. While connecting an ICS network to the Internet is beneficial to both the engineers and companies that operate them, it places these ICSs in a situation where they are vulnerable to attacks as the protocols that are used by several of the ICSs have very little, if any, security mechanisms. This paper focuses on optimization of the feature extraction algorithms used in a continuing effort to develop a Network Telemetry based Intrusion Detection System (IDS). After development and testing of the optimizations described in this paper, the developed IDS was able to achieve 99.99% accuracy when differentiating between machines of an attacker and engineer on the same network.