You’re right to be skeptical. The software often runs on older, unpatched OSes and the firewall is a single point of failure. Most operators rely on “watchdog” timers that detect missing heartbeats, but those only notice a problem after it happens, not before. I’d push for a dual‑path network with separate air‑gapped segments for the core controls, plus an anomaly‑detection layer that actually flags odd traffic instead of just logging it. The challenge is convincing the budget committee that a zero‑trust architecture is worth the upfront cost. If we get that right, the plant’s cyber‑security will be more robust than any physical shield.