Anyway, why are these systems attached to an inherantly insecure network?
Simple answer is it's a series of short sighted managment "cost cutting choices" over time. But if you called them on it they would argue that legally they are required to do so as part of "shareholder value"...
Historicaly you need to study how we got from the original entirely manual systems run by people on site to our current lamentable state of affairs where everything is run by nobody at some far off place often via systems in space with close to zero security.
Basicaly the problem is a balance between the controling hand and the controling mind when seen through the perspective of efficiency. Obviously the most efficient way to control a physical process is to have the hand as close as possible to the point that requires control.
If you look at the railway system in Britain during the Victorian era where the railway crossed a road at the same level (hence UK term of "level crossing") in a village or town there was usually a man who had a cottage and set of signals and a mechanical telegraph directly adjacent to the crossing, whose job was to stop traffic and manualy close the crossing gates and operate the signals and telegraph.
Thus the physical controling hand and mind was on site and required a full support system of home garden etc.
Many of those crossings are still there today but are fully automated with nobbody on site and not even a controling mind. In most cases just a box of electronics that has replaced the relay ladder logic to control the signal sequenciing and gate motors that had replaced the man. As for the cottage and garden it's probably been sold off long long ago.
Oddly perhaps the time when the controling mind was least present was with the ladder logic. As comms technology has improved we now have the ability to bring the controling mind back. The reason for doing so being to increase capacity by alowing the safe distance between trains to be substantialy reduced and track speeds to be increased.
Thus the most efficient system currently is one of highly centralised mind controling thousands of hands from great distance. And as the cost of communications drops distance becomes in effect no problem, so moving the controling mind half way around the globe is now a way to save money simply by going where labour costs are the lowest, which is what we see in the Petro Chem industries.
However there is the proverbial "elephant in the room" of security or lack there of, and it arises due to legacy issues.
Back when ladder logic was designed nobody designing them envisaged that less than fifty years later communications would be where they are now, nor the technology. The transistor had been invented less than a decade previously and computers were still rarer than hens teeth and primarily were using relay and thermionic valve technology.
But those ladder logic systems were designed to have minimum service lives of twenty five years and many operated for thirty or more. They were designed for simplicity and reliability. And thereby started the problem, as long as the communications were considered private the overriding design goals were high availability achieved through high reliability and minimum repair/maintanence times. Thus simplicity of protocols etc was an overriding consideration and the only consideration towards security being that against acts of god / nature.
Then twenty years later a major revolution in communications happened it was called "deregulation" the cost of communications plumeted, distance metrics quickly became inhibitors to business and the comms market was forced to respond both legaly and to new market preasures. A race for the bottom started and one of the first casualities were the very expensive private communications networks...
The switch over was fast and nobody wanted to talk about the elephant of security, even though it was well known that these systems were vulnerable. The god of mamon had to be served through short term shareholder value, next quaters figures were the only measures of success.
So cost cutting started in areas like maintanence that short term view dictated it, the only thing of interest in walnut corridor was not preventing failure in the future just mitigating it's effect on them if it should happen now or in the future via legal niceties and further they all assumed they would have gone on to bigger and better things anyway... So we got the likes of Enron and black outs and power shortages they enjendered.
In such an environment there was little or no chance that the wide open information security issues would be addressed as at best such activity would not be increasing short term profit even if it was not costing money it was diverting resources from profit making and thus depriving shareholders of their legal rights...
It is only in recent times where vulnarabilities are painfully obvious and being regularly exploited are people now talking about information security in such infrastructure systems.
But guess what this same problem is occuring in medical technology with the likes of implants and WiFi based bedside equipment relaying back to central nursing systems.
And guess where next?
How about smart metering where home owners will lose control of their home appliances in the name of "being green" rather than the real reason lack of investment in infrastructure by the infrastructure companies. If some have their way you will only be able to have a fridge cooker or heating or air conditioning if you cead control to them.
If you think "no way" you will have no choice you won't legaly be able to refuse. We've already seen this sort of behaviour with set top boxes for cable TV and now for radio it's becoming built into your TV with some modern sets requiring network connections to function such that the manufacturer can harvest every channel watched and when...
Welcome to the brave new technological world, where big brother is in every item with your fridge snitching about your liking of unhealthy food to the manufacture who then sells it on to your insurance company so your premiums will be automaticaly raised to cover not just the increased risk cost but also the cost of collecting the information and making the information broker extreamly wealthy...