Control systems for critical infrastructures like national power grids make increasingly use of open technologies and protocols, and the Internet. In this environment, the risk of electronic attacks on these control systems has to be evaluated and mitigated. This paper addresses the key challenges commonly mentioned in the context of control system security (also referred to as "SCADA security") and discusses feasible solutions for most of them. The paper argues that the main obstacle to control system security is not technical, but financial. A couple of exemplary research projects from one automation vendor that aim to reduce the plant owners? cost of security are presented to demonstrate what kind of research will bring control system security forward.