Over the past decades, information and communication technologies are more and more integrated into process control system, cyber-security becomes a crucial issue for enterprise information system. This paper first gives a layered view of process control oriented information system. Based on this layered structure, the vulnerabilities of the system is identified. Further study is focused on the monitor layer and the field layer. Through detailed analysis of the latest security case, cyber penetrate trends and attack path are identified. The paper concluded with a multi-stage security task approach for a full security life cycle.