Here's a sample from the overview:
- On paper responsibilities don’t align with day-to-day activities. Over the past several years, industrial automation professionals have seen their responsibility broaden from managing operations to managing security and, in some instances, managing compliance. However, there is a clear gap between the time these individuals commit to each requirement, regardless of whether they own a high degree of responsibility
- Similar management requirements exist across security, compliance and operations functions. In other words, actions and activities necessary to support a security program may be strikingly similar to what’s required for compliance management and operational management within critical infrastructure
- Infrastructure operators are constrained in their ability to manage these overlapping requirements. This is particularly true when it comes to managing multi-vendor environments with assets from a mix of industrial automation suppliers
Recommend you read the full report ... it's a brisk read at <10 pages.