We must also remember that at the core of the critical infrastructure lies the platform; systems developed by industrial goods vendors such as GE, Emerson and Siemens. These companies need to be incented and/or required to build in and provide better security technologies as part of their devices, systems and services so they are not only more robust, but also not subject to the risks faced by enterprise infrastructure.

One thing is for sure, policy, regulations, penalties and fines are not enough; this is the nation's critical infrastructure we are talking about. It's time we stop ignoring the risk that our profit-driven private sector enterprises pose to the critical infrastructure.

Sean Martin is a CISSP and the founder of imsmartin consulting. Contact him at sean@imsmartinc.com.

in Network World's Wide Area Network section.