“Security should be built in, not bolted on.” True. You’ve heard it. I’ve heard it too. In fact, with the IIoT quickly becoming a reality, this phrase is being repeated so many times that I’m worried about it becoming a cliche that creates a sense of urgency without real potency. But why is security often bolted on to begin with? Will understanding the reasons help us avoid it? I hope so. There are many reasons, ranging from economic ones to regulatory, educational, and technical ones, which I cannot get into in this blog post in detail (see the IISF for additional details).