"But you shouldn't rely on IT's -- you need your own," said Knapp about how engineers operating ICS networks need to tailor network security design to meet the unique needs they have. Often, there are older systems used in round-the-clock operation that simply can't face disruptions since critical industrial processes are at stake.

In a separate session today, security analyst Jonathan Pollet with firm Red Tiger Security, which focuses on industrial control systems, delivered a withering assessment of the current state of security in ICS.

ICS security lags five to 10 years behind what's commonplace in business IT systems today, Pollet said. That's even though these industrial control system networks look more and more like business IT because they're running equipment, and Active Directory and file and print services, said Pollet.

Pollet said he and his associates will walk into any variety of plants and manufacturers as consultants to do security assessments, and what they see can be astonishing in terms of security weaknesses. He says the latest security blunder involves plugging into operator consoles, which can bridge the control systems to the Internet. "We ask them why they're doing this, and they say, 'We're trying to get some more juice.'"

Pollet noted that stealthy attacks to compromise networks are on the rise, such as those against the gas pipeline industry announced by DHS this week, which he said isn't a rare phenomenon. Social networks are also a place where social-engineering ploys can be used to gain information that shouldn't really be publicly shared.