Event logging is a rarity

Traditional industrial devices usually do not generate log style data for reporting. In ICS and SCADA systems, maintaining history of event transactions is not the norm. The data historians maintain process history, but that's more to keep track of the controller command outputs (such as valve open/shutdown). This is not the event log style history that is needed for device visibility.

Account-related event monitoring is an integral part of IAM. Any malicious or erroneous activity or functional anomalies need to be flagged in a timely manner. This is an area that needs further innovation and hardening.