The focus of many information security methods are on office automation: protecting vulnerable data. When working in embedded software environments, the focus changes significantly to availability, and also the counter-measures against threats change dramatically. A major issue is that security will become an “IT problem” that industrial automation continues to ignore. In this presentation, the problem will be presented, as well as directions to embed security measures into the organisation.