I have often been asked if it is possible to build a more secure control system. Because most initial control system designs did not adequately address cyber security, adding cyber security has been by “bolt-on” additions. “Bolt-on” additions can improve cyber security by adding functions such as white-listing but may not address inherent control system design cyber vulnerabilities such as unauthorized control logic changes. However, there is at least one control system vendor that has addressed cyber security as part of its initial design – Bedrock. I think it is important to acknowledge that it is possible to build a more secure control system from initial design that addresses known control system cyber vulnerabilities.