Name the top reason security should be implemented in the industrial automation environment
I believe the most important reason industrial control systems (ICS, SCADA, et al) should be well and appropriately secured regards the potential risk to public safety they present. Improperly or insufficiently protected systems could be made to malfunction in ways that create real and significant dangers to populations near or affected by them. This includes petro-chem of course, but also power, water purification and management, and waste management, to name a few. This risk is greater in overall danger potential and impact than is the attendant loss of the business asset and its revenue and the costs assocaited with its recovery/replacement, as inconvenient as that would be.
IMPACT - is single word answer. Yes impact of any lack of IT security control can lead to risks and damage. This damage or impact need to be measured to know it's handling and mitigation policy.
IoT/Network 4/M2M world consists of enterprise wide integration and thus, proper IT security controls need to be in place. For E.g. BMS (Building Management System) login was by attackers to enter into retailer's checkout POS setup to theft customer data.
Impact of lack of IT security controls need to be accessed using proper IT security framework such as ISO27001, PCI DSS ( if it involves card related operations), corrective and preventaive actions are needed just similar to the enterprise IT security practices.
Please do drop a line with your views and other critical factors.
Generally it is a mix of all the above. Impact may result in events pertaining to public safety, environmental crisis or closure of the large-size entity of public interest.
For a specific entity, the most important reason to invest in the security depends on the current state of internal controls environment and operating environment. A large petro-chemical plant operating in the middle-east has different security requirements from an engineering giant based in western Europe.