"things have been going wrong from the outset when architects have designed systems where all critical plants are on their own network."
No, Where things start going wrong is that these systems get connected to the internet. That's what should not happen.
"The failures come where it is assumed that a firewall is good enough. This is a problem because firewall rules are source- and destination-based and if the attacker or meddler is coming from an allowed source and bouncing off destination systems, then the firewall is useless."
Unless, of course, you're using a real firewall that is capable of doing DPI, connection tracking, etc. If your firewall is solely source and destination based, then you need a better firewall.