Hmm
Funny thing - we were just told a few weeks ago by our Cyber-insurance carrier that we need to protect our Industrial network from our "office" network. The Industrial net needs to be completely and securely isolated from the rest of the network, and preferably from the Internet as well. Isolation from the local net isn't easy, since the PLCs need to send a sizeable stream of data to the SQL servers over in the office network.
Judging from this story, that may be holding the tiger by the wrong end. That, or it's a subtle push to move our SQL servers (or maybe ALL of our servers) out to "the cloud".