[mcgarnagle]

Okay, then really the comment should be renamed to why is critical infrastructure allow to be tampered with. Say this infection was brought in via hardware or bluetooth exploitation or wifi exploitation. None of those attack vectors should ever be accessible. No human working there should ever be able to "by accident" infect the system.

[tueo23094]

That's nice in theory, but perhaps you have to change the logic of that SIS. Perhaps some parts need to be decommissioned, or added to. A security hot patch is needed or a backup taken.

There are thousands of reasons someone may need to connect to a system

[PeterisP]

Why do you assume that none of those attack vectors should ever be accessible? It's reasonable to assume that the systems need to exchange data with external systems on a daily basis, possibly on a real-time basis.

They most likely need remote monitoring and reporting, they can need data that needs to be periodically inserted from an outside system, they might even need remote real-time control. Any such accessibility is a possible attack vector, and "security at all costs" isn't reasonable - even if the operation is literally priceless, you still need to balance the security risks of malicious attacks versus the increased risks of downtime or faults caused by more difficult/slower monitoring and control due to the security measures you implement; a strict airgap might prevent an attack but be a contributing factor in a non-malicious accident that's just as disastrous.