For more direct advice:
1) discrete network firewalled, ideally air gapped, from the "corporate" or normal network. This is a single function network.
2) strict controls on media usage as well as protocols on how to use
3) strict config management and change control
4) physical protections to "local" and "remote" systems (RTUs, PLCs, and IEDs (note: IED = intelligent electrical device), you really don't want to build a secure control room and then get back hacked from a field device!)
To actually learn more, Idaho National Labs has the National SCADA Test Bed Program (http://www.inl.gov/scada/) and they also have control system security workshops/training programs. Their Advanced SCADA Security Training is pretty eye opening, and that's coming from the perspective of an IT security guy. Your normal operators and operational engineers will likely be blown away by it.
Like I mentioned, coming from the electric sector, I know what your facing (technical as well as cultural issues) and feel you pain. Good luck, and know you are not alone out there... just a minority!
I've noticed several design suggestions in your code.