In the issue 3/2014 of the German SPS-Magazine, Peter Panholzer of Limes Security published an article on the importance of ICS operators including security requirements already during procurement.
The article details why security is a must-include during any procurement activities on the way to being able to operate ICS systems securely.
The message is rather simple: If operators procure components that lack basic security functions and have low resilience on their protocol stacks, it will be rather difficult and costly to compensate this.
Furthermore, the article also details what information operators should request from their suppliers.
The full article (German only) can be found here.