An architecture was recently proposed to protect the power grid, in the context of a European project. The design of the architecture, guided by an analysis of the evolution of critical information infrastructures, tried to be as generic as possible, with a view of possibly serving as a reference cyber architecture for process control infrastructures. The need for a new architecture is explained by the fact that cyber architectures for process control, despite being basically physical processes controlled by computers interconnected by networks, exhibit a potentially huge cost of failure in socio-economic terms, thus bringing extremely demanding requirements, which have not been previously found together in a same class of computer-based systems. In this paper we wish to report the lessons learned in the development, analysis and evaluation of the proposed cyber architecture for process control. © 2009 IEEE.