Re: See "Cure IT"
Good idea, but not as simple as it once was. These critical systems have been "plugged in" to the Internet for so long now that the supporting infrastructure has become reliant upon a remote connection.
Where there may have once been a local control room in an industrial building where a local operator could monitor the plant, there is now a wiring closet where all the terminations are extended to remote connections. The space where the control room had been converted to production.
I'm not even sure if the connections are cut if the systems would fail safe. The practice of hiring the bright young newly minted (cheaper) developers and pushing seasoned programmers out to pasture before their time (cost cutting) has resulted in sub par systems for critical infrastructure.
My experience (many years ago) with systems like these was more often with access control and security alarms but a smattering of ICS and SCADA. None of what I saw could be safely connected beyond the local space under control (ie not even connected to the company data network) let alone connected outside the company space.
Getting back to where we were or should have been is not going to be a simple task. We should start right away ten years ago at least.
The longer we allow it to go on the worse it will get. Might as well provide a remote connection straight to our adversaries.