I mean, in my line of work Windows Update suddenly running and rebooting means fire risks. I wish I could connect the computer to the network so I could monitor equipment remotely, but it's too much risk. I hope utilities take the same measures. Certainly some work computers are vulnerable to all mess of viruses from not having gotten updates in years.
I agree in spirit, but there's always a balance. And to clarify, I meant "risk" in the "failure analysis" sense. I didn't intend to imply that such risks should go unmanaged. Disconnecting from the internet is part of that risk management, but of course it is multi-layered.
I can't buy an Emerson control system for a small reactor getting reconfigured every other week, and LabView on an un-networked Windows computer is perfectly fine.
I would not use a PC (with any OS) to control a 10 kg reactor though. At least directly. I think it'd be okay to use a PC to coordinate discrete controllers as long as they couldn't change state without a command (i.e. latching valves and the like) and as long as there was a backup safety that didn't have a computer in the loop.
Safeties that do things like shut off furnaces if temperature sensors break or valves that shut off flow if it becomes too high or detect a flame are common, analogous to a fuse on a circuit board. You sure hope not to use them, but they'll suffice for unexpected situations.
But there's definitely a risk that has to be managed, and connecting infrastructure and industrial equipment to the internet is not managing it very well!
