[joe_the_user]

It would be simpler require critical software to focus on security and quickly shift to secure approaches. I mean, there are was article about how small water districts are short on funds and so choose to allow remote access to water treatment machinery so their engineers can work weekends at home. Imposing regulation that stop such d--- f--- tradeoffs seems obvious. HOWEVER, the paradigm of cost-reduction via breakneck (and so insecure) development and lack of regulation on critical process is very, very entrenched. The proponents of "go fast and break things" would prefer powerful bug finders be treated like demons to be exercised rather than start requiring sane security practices.

[Bender]

Fundamentally I agree with everything you said but I think you also explained in your own response why this will not happen. If they don't have the funds to do it right then it will be done wrong. It's a pattern that never ends and why it's so easy to shut down utilities.