ICSs were, and continue to be, designed to meet reliability, safety, and regulatory requirements. Cyber securing the ICS system consists not only of securing the OT networks but also the instrumentation, actuators, drives, analyzers, and controllers which often are serial-based before the conversion to Ethernet communications. Level 1 sensors, other field devices, and their communication protocols are generally not cyber secure. Additionally, it is often not possible to tell the difference between a malicious cyber compromise and an unintentional equipment failure. Moreover, the sensing/control loop will continue to operate even if the Ethernet network is not available. Consequently, there is a need to understand what is happening at the Level 1 layer in addition to what is happening with the OT networks.