An that attitude is what makes security so difficult. I work with a couple security researchers who have just started looking at Industrial Control systems in the last couple of years. These systems are designed to just work. The problem is that when you find a vulnerability in the system it will probably be there for another 5 to 10 years. How do you secure these systems then? Do you completely isolate them from the internet? Do you have people manually update stats and aggregate data? Just because a system is designed and will work for decades instead of years doesn't mean that it is an exemplary piece of software.
The real issue with these systems is to reduce costs and improve visibility they are being hooked up to corporate networks. This makes them accessible to malicious people that may find some gain from manipulating them. Just ask Iran about their nuclear program.
Keep Up with TechRepublic