The issue of critical infrastructure protection, or control system cyber security, is getting to be more popular with the mainstream IT community as demonstrated by the number of presentations at Black Hat. The issue is really separating the real issues from the hype. The first and most important point is that the control systems used in almost all industries were designed for reliability and safety and do that very well. They have reliability numbers of far greater than 99% and operate for as many as 10-15 years. They were not designed to be secure and therefore aren't. That should not be a surprise but apparently it is.