Re: As long as we don't get minimal security standards..
"follow the standard industry advice, keep the control gear on a separate network to the rest of your IT systems."
Do you know how unhelpful (and potentially misleading) this advice actually is?
The "programming panel" (or whatever it's called for any particular vendor) pretty much *has* to connect to the automation network to configure and program the automation devices. Then it goes somewhere else to do something else.
For example, it frequently ends up connected to the corporate LAN for one or other legitimate reason.
It's typically a Windows PC, even if it doesn't look like one.
See any problems with that?
Hint: Stuxnet crossed an air gap. How do you think it did that?
Hint: sneakernet, with the programming panel as the carrier?