[PeterisP]

Why do you assume that none of those attack vectors should ever be accessible? It's reasonable to assume that the systems need to exchange data with external systems on a daily basis, possibly on a real-time basis.

They most likely need remote monitoring and reporting, they can need data that needs to be periodically inserted from an outside system, they might even need remote real-time control. Any such accessibility is a possible attack vector, and "security at all costs" isn't reasonable - even if the operation is literally priceless, you still need to balance the security risks of malicious attacks versus the increased risks of downtime or faults caused by more difficult/slower monitoring and control due to the security measures you implement; a strict airgap might prevent an attack but be a contributing factor in a non-malicious accident that's just as disastrous.