@Velv - Architecture should rather scream
when some techie suggests to enable VNC on an Internet accessible (direct or through a firewall) interface of a PC/server running some industrial control software. That guy should be escorted to the nearest exit door and made sure he will never get close to a computer again for the rest of his life, except maybe for his own home PC.
This is the real failure here, allowing direct access from Internet to these systems. We're in 2014 by now and there is no excuse or justification for this kind of setup.
Question to CxOs, IT managers and any PHBs in the concerned organizations: why are you paying these imbeciles ?
Question to IT security managers: are you not feeling a little incompetent for not spotting/acting on this chain of failures ?