In May 2019, the IEC published a guide to combining cybersecurity and safety for industrial automation and control systems (IACS), IEC TR 63069.I consider critically two main concepts in the guide: an overly-strong notion of “Security Environment” (SE), and an accompanying incomplete type of security-risk analysis called “threat-risk assessment 'security'” [sic]. A simple example from experience illustrates the weaknesses.