I’ve worked in the process control industry, processing fluids and gasses. Think natural gas, nuclear, even food like cranberry juice. These production facilities need to lock down. The plants themselves need to be off-line 110%. Only then can you guarantee the safety of the software running the valves, controls, and sensors.
Very complex software but keeping these production facilities off-line from the internet is a no-brainer.
-SB
I concur. Electric power industry is the same - and for the most part, we keep the operations systems very isolated from the internet and corporate network . I have a feeling that even with all the precautions used (and they are annoyingly cautious), there are weaknesses that can be exploited. External communications paths are one that I would consider, but I'm sure that's on someone's radar too. We have internal communications paths, but some of our comms rely on AT&T, Verizon, Sprint, etc. to get from point A to point B.
Our IT people work to find and contain the weaknesses before the bad guys find and exploit them.