Serial-Based Defensive Cyberspace Operations

How can a defensive cyber operator effectively identify malicious cyber activity occurring on serial networks? There are a number of serial-based computer networks and systems that provide mission critical impacts to the DoD. Operators are not trained on serial data, and do not know how to read anomalies, and are unable to protect these environments. Looking to identify both equipment and a process for hunting for malicious activity on serial networks.