Cybersecurity for ICS, SCADA, and IoT is a hard problem that simply requires some critical thinking and creativity. I have spent a considerable amount of time on ICS/SCADA security in the past couple of years, and have learned that while difficult, it is not impossible. We have to remember that there is no “one size fits all solution for ICS, SCADA or IoT in terms of security guidance.
I equate this ICS security challenges somewhat to parenting challenges. While I would like a step by step how-to guide, the circumstances that I face with my kids, each with their own little unique embedded processors (minds), almost always need to be dealt with individually based on the circumstance, their temperament, their processing capability (maturity in various categories), and more. Protecting (securing) their embedded processors and keeping them focused on what is most import (with minimal disruption) cannot be captured in a how-to even if written unique for each kid to cover all possible circumstances with that kid. The how-to would need to be revised before it was complete.