Anyway, this article can serve as a simple starting point for this topic
The helpful people at UK's National Infrastructure Security Co-ordination Centre NISCC has produced quite some information in this area including best practise documents, architecture and design recommendations, etc.
A good place to get fresh information on embedded systems security, process control systems security, etc. is the SCADA Security Blog hosted by Digital Bond. Not only do they have some nice information, they've also produced a number of tools that might be useful. Cisco's Critical Infrastructure Group (CIAG) is another interesting place with some information.
SANS recently held a webcast on Cyber Attacks Against SCADA and Control Systems. Eric Byer talked about "his" ISID database on published incidents or attacks against process control systems and the sponsor Symantec talked some on their pen tests against process control systems. I have several problems with the ISID database:
data to be usable.
I also have problems with not beeing able to get the research articles they've written on the subject.
I've tried to get some info from Eric and others at BCIT. So far all I've got is bounced mail....
DHS have released a report on the CyberStorm excercise, a large scale excercise with simulated attacks on critical infrastructure components. It describes, among other things, how important it is to get communication (oral, human communication) and trust working between involved parties during a crisis situation. In a context where you have a mix of govermental bodies, commercial entities and other organisations without established and trustworthy channels this might be a major problem. The excercise was done in the US, but I'd say that the conclusion is general and would be apropriate to most contries in the event of an attack against the critical infrastructure.
Other, older, reports and documents of interest include:
INFRASTRUCTURE PROTECTION -DHS Leadership Needed to Enhance Cybersecurity.