Over the past few years, there has been a noticeable transition from centralized Industrial Control Systems (ICS) to distributed systems. However, the challenges of distributed systems (e.g., communication delays and packet loss) can give rise to undesired situations like deadlocks, which malicious actors may target. To address such conditions, implementing run-time security monitoring can ensure these systems' reliable and secure operation. In this paper, we introduce a novel approach for run-time security monitoring for distributed ICS, extending previous works that focus on autonomous and centralized systems. Our approach makes it possible to specify physical and cyber resources and their changing limitations within a distributed environment. By doing so, our approach offers a valuable contribution to ICS security by tackling limitations introduced by distributed ICS. Furthermore, it provides an efficient mechanism for monitoring the security of these systems in real time.