Since Mark has brought up the issue, I think it is time for a complete response. It may ruffle some feathers. When I first got involved in cyber security at EPRI in February 2000, we had to make a decision as to what should be the scope of the program.
I had a telephone and email exchange today with an international electric industry security standards committee that I would like to share. It goes to the heart of the issue that there is little knowledge and understanding of control system cyber security issues and the resulting training that is required.