This document discusses network security monitoring of industrial control systems. It provides tips on safely capturing network data from ICS environments, such as using test environments first and working with vendors. It recommends starting with basic open-source tools like SecurityOnion and tcpdump. The document highlights focusing on top talkers, bandwidth usage, encrypted communications, and anomalies. It stresses the importance of including both IT and OT stakeholders and having a plan to address security responsibilities and upgrades.