Thanks to the folks at InsideCybersecurity.com (subscription required) for pointing me at an ICS security best practices survey being conducted by the market research firm ARC Advisory Group. The relatively short survey looks at the actual general security practices that are in use at actual facilities. According to the ARC introduction to the survey they are trying to address the problem of facilities being reluctant to spend money on ICS security measures because of the lack of knowledge about what their peers are doing.
It looks like a worthwhile survey and I would recommend taking the ten minutes it takes to complete. That way you can get the free summary report about the results of the survey.