Notwithstanding the importance of network monitoring in protecting industrial control systems, it is also important to understand the nuts and bolts of Level 0 and Level 1 devices to defend the system holistically. This presentation provides a brief introduction to process anomaly detection, which complements network anomaly detection.