April 2011, CPNI (UK) and DHS (US) published “Cyber Security Assessments of Industrial Control Systems – A Good Practice Guide” (http://www.cpni.gov.uk/documents/publications/2011/2011apr28-infosec-cyber_security_assessments_of_ics_gpg.pdf). The document is a comprehensive guide for performing penetration testing of ICSs. This implies that performing a penetration test constitutes a comprehensive cyber security assessment. This may be true in the IT space, but it certainly is not in the ICS space.