Compare both articles and discuss the challenges of developing and implementing a risk-based Supervisory Control and Data Acquisition (SCADA) cyber security program. What alternative methods of assessing risk should be included in such a program? What vulnerabilities still exist? Is the vulnerability market approach, as described by Panton, et al., a viable alternative? Why or why not?