Five months ago, the utility hosting the ICS cyber security test bed met with one of their major ICS vendors. Some of the security patches actually impacted the reliability of the ICS and the overall system. Thus, the fact that a security patch could, and did, harm the operation of the system came as a surprise to the ICS vendor. Last week, another electric utility using this vendor’s latest generation of turbine controls received a security patch for a generating unit that had been operating very reliably. The utility implemented the vendor’s patch and subsequently started the turbine and brought it to full power. However, things did not operate as they should. The HMI control panel data froze and did not update. After reaching full power, the turbine was no longer able to be controlled by the operator.