I understand how to secure these systems, but a lot of people don't. There is also a "stick my head in the sand" type of attitude because of the cost and risk of fixing the issue. If you apply a patch to your system and lose two days of production because something broke then that can be a huge cost. Manufacturing tends to be a low margin field so building a lab environment that is close enough to the real production environment is expensive and may still not guarantee that no issues will happen.
Security becomes very difficult on these types of devices and, to my point, just because a device is designed to run for decades at a time doesn't mean that is the an example other industries should follow.
Keep Up with TechRepublic