[kube-system]

Ironically enough, sometimes it might be other laws that necessitate those systems to be running in order to continue operations. Critical infrastructure is often fairly regulated for other reasons (depending on what it is), and those systems might be used to meet some other compliance/regulatory requirements.

I have found myself working on these kinds of systems professionally, although we were able to air-gap them.

I guess you could say that inability to comply with those other regulations is also a “too bad, you should have thought of it” scenario, but those are not always laws we’d want them to break. (Safety, etc)

And at some level, critical infrastructure is no more of an expert at preventing cybercrime than a shopkeeper is at preventing shoplifting. I do think we need the government to stand up a bit here and help to prevent this crime in the first place.