There is another alternative
The issue isn't so much the data streaming out of these facilities as the possibility of sending commands into them.
So the 'internet' connection should just be one-way. Just take the data being fed out of the systems and feed it into a web server box via RS232/RS422/something similar. And then cut the Tx line(s) from the webserver to the computer it's monitoring.
Et voila, instant perfect security; it physically cannot be hacked into.
Biting the hand that feeds IT
