There is a discussion on the SCADA/Control System Security Professionals linked-in site concerning how to handle an internal assessment on vulnerabilities in control systems. Stacy Bresler stated he has audited approximately 30 entities as an official NERC CIP auditor and says he has found many more than just 2 utilities who are trying to secure their systems and not just CIP identified cyber assets either. This is inconsistent with discussions with personnel from some of the utilities he has audited.