Since defending against social engineering is more training than technical, your people have to learn to recognize when it’s happening.
Individual field devices may be the target of cyber attacks. Getting that deep is a challenge, but attackers have done it.
The first step in creating an effective defense is figuring out where the vulnerabilities are in the system. This is a difficult but necessary process, and it never ends.