I do not think that's true. It obviously took a serious amount of time, money, and testing to implement stuxnet. Double the cost and risk might still be do-able. 10X the cost and risk might not.
The level of defense - in this case an air gap - raised cost and risk. That added back bag job to plant the infection, or a bribed operator to the cost and risk. If the SCADA software ran in a VM as a guest OS, and booted from read-only media, stuxnet might not have taken hold, and the bribed operator might have been discovered by forensics on isolated infected systems.
At some point the cost and/or risk exceeds the value of the target or a reasonable threshold for the chance of success. Even when you have infinite money, you don't have infinite time or infinite risk tolerance.
The level of defense - in this case an air gap - raised cost and risk. That added back bag job to plant the infection, or a bribed operator to the cost and risk. If the SCADA software ran in a VM as a guest OS, and booted from read-only media, stuxnet might not have taken hold, and the bribed operator might have been discovered by forensics on isolated infected systems.
At some point the cost and/or risk exceeds the value of the target or a reasonable threshold for the chance of success. Even when you have infinite money, you don't have infinite time or infinite risk tolerance.