There are plenty of companies where "most of the time it's not broken" is a big problem. Possibly bigger than the cost of a security issue (I don't know, because this is both hypothetical and I'm an outsider to the issues at play).
To not acknowledge that others would value a different part of the risk curve lacks perspective.
I mean, in my line of work Windows Update suddenly running and rebooting means fire risks. I wish I could connect the computer to the network so I could monitor equipment remotely, but it's too much risk. I hope utilities take the same measures. Certainly some work computers are vulnerable to all mess of viruses from not having gotten updates in years.
I agree in spirit, but there's always a balance. And to clarify, I meant "risk" in the "failure analysis" sense. I didn't intend to imply that such risks should go unmanaged. Disconnecting from the internet is part of that risk management, but of course it is multi-layered.
I can't buy an Emerson control system for a small reactor getting reconfigured every other week, and LabView on an un-networked Windows computer is perfectly fine.
I would not use a PC (with any OS) to control a 10 kg reactor though. At least directly. I think it'd be okay to use a PC to coordinate discrete controllers as long as they couldn't change state without a command (i.e. latching valves and the like) and as long as there was a backup safety that didn't have a computer in the loop.
Safeties that do things like shut off furnaces if temperature sensors break or valves that shut off flow if it becomes too high or detect a flame are common, analogous to a fuse on a circuit board. You sure hope not to use them, but they'll suffice for unexpected situations.
But there's definitely a risk that has to be managed, and connecting infrastructure and industrial equipment to the internet is not managing it very well!
There are plenty of companies where "most of the time it's not broken" is a big problem. Possibly bigger than the cost of a security issue (I don't know, because this is both hypothetical and I'm an outsider to the issues at play).
To not acknowledge that others would value a different part of the risk curve lacks perspective.