I found this article by former global head of industrial security services at Siemens Galina Antova very interesting for a number of reasons. 

The initial 'commandments' - details on the specific requirements and inherent challenges of applying security to a rigid OT environment - does the best job I've come across of encapsulating the problems we security practitioners encounter when addressing security in these scenarios. Neatly summarised, the few short points cover the nature of ICS specific threats, and the reasons why they aren't straightforward to address.

The two key aspects for me, in both framing the problem and looking to define a framework to help are:

- Full and total visibility. As the nature of an OT environment is both more static than traditional IT, and also more susceptible to dangerous problems if unratified changes are made, a natural solution is to just see more of the behaviour that is occurring. Full network visibility, including the OT-specific protocols and serial communication, base-lining of connectivity and behaviour, non-intrusive detection methods, and testing.

- Related to the first point is the absolute criticality of the networks we're looking to protect. Active pen-testing can be enough to disrupt these systems if the attempted access is successful. These environments run day-to-day power generation, water treatment, gas and oil production systems, and other things that we all rely upon. It's natural for the custodians of these systems to place availability and reliability over and above hypothetical (if no breach has occurred) security threats. 

We can all help with these issues. Greater understanding of the problems and a concerted, joint effort to address them, taking in the concerns of both IT and OT professionals, is a first step.