Homeland Security pronounces on control system security

The US Department of Homeland Security released its Catalog of Control Systems Requirements (Draft) July 2007  today. It is interesting reading. According to several commentators, it contains warnings about spam and social media-- things not entirely commonly associated with control systems. This brings the question: how many people are using the control system computer for email and other personal communications, and roving the internet? Are you still allowing people to bring IPods into the plant? Remember, a big IPod is a 60 Gigabyte SERVER with an IP address. Interesting questions in the brave new world of interconnected control systems. Once again, I ask: if DHS thinks control systems are important to national security, is there any reason to assume that damage, misfunction, malfunction, sabotage, etc. to a control system isn't a reportable matter under Sarbanes-Oxley? I think that if it quacks like a duck, it is one. Control systems are a SOX issue. Control system security is a SOX issue, whether it is physical security, process security or cyber security.