Re: Not a big deal, as industrial security is almost non-existent anyway.
The big deal as you say is connecting to the internet. I can understand not using passwords and encryption if you have your own ISOLATED network not connected to anything else. If they are close enough to plug in then you have many other problems. The problem comes when the boss wants to connect so he can check on the factory, or the chief engineer want's to be able to reprogram from home without have to get dressed and come in when the off shift calls. Once you hit that point you are trusting every other user on the internet to respect your system. Simply put, that is not going to happen. You need the VPN, strong passwords and encryption. If the software is designed with good security built in then you have defense in depth.