Got to agree. My experience is that separation of application levels as defined by ISA-99 (Purdue Model for Control Hierarchy - reference ISBN 1-55617-265-6) is widely implemented. This article assumes non of this background. Also all of the research performed by the various Oil and Chemical companies, originally with the framework of the Chemical Industry Data Exchange (CIDX) organisation, that defined an approach to cybersecurity must be considered relevant in this area.