As an owner or operator of an industrial control system, you must remain vigilant by monitoring and maintaining security throughout the lifecycle of your system. This involves numerous activities, such as updating antivirus signatures and installing security patches on Windows servers. It also involves monitoring your system for suspicious activity.
This can take many forms, such as reviewing system logs for unauthorized or unusual activity. It can also involve technology such as Intrusion Detection Systems (IDS) that can detect malicious or suspicious network activity.
IDS technology is generally not considered to be mature enough to be deployed on control systems in a manner that would allow it to block traffic (i.e. act as an intrusion prevention system). However, the technology can be used today as part of an overall defense-in-depth strategy to, for example, validate security measures, including firewall rules.
Finally, it is important to periodically test and assess your system. Assessments involve periodic audits to verify the system is still configured for optimal security as well as updating security controls to the latest standards and best practices. More aggressive or invasive practices such as penetration testing can be performed on systems during shutdowns or turnarounds.