Comment Um, no, that's a BAD idea (Score 4, Insightful) 46
The problem is not necessarily with Siemens. Industrial controls in general are not inherently meant to be accessible over large networks. They're designed to run reliably as they are, not with patches and updates. This applies to anything from Siemens/Fanux/Rexroth/Allen-Bradley/Mitsubishi to Cognex cameras to ABB/Fanuc/Kuka robots, or any little bastardized system in between.
Why not? Well, there is a ton of weird, unique software that runs on industrial controllers. They run some really embedded HMI (Human Machine Interface) software on top of, say, XP Embedded, or even NT4 or Win2k or some Linux flavor, or WinCE. If you start throwing out patches to those systems, there is a very very good probability that at some point, the system that you are updating will fail due to the update. Heck, Siemens updates regularly break its own software, much less Windows patches. If you try, and screw things up, you're forced to revert to some old dated backup or Ghost image stored in a filing cabinet on a CD-R or server if you're lucky. If you're not lucky, you call the vendor in to fix your broken system. Hopefully they are competent enough to have a backup from their last visit 6 years ago, and work from there, losing all your work in the meantime. So, you have machine downtime of hours, days, or even weeks if you're not lucky. How much does downtime cost? It depends on how many systems you took down, and the product. Conservatively, anywhere from $5,000 to $1,000,000 per hour.
What to do? You obviously can't push out patches. But, there is a lot of good that comes from monitoring machines, their productivity, uptime, faults, etc, remotely. By taking these systems off of an internal network, you also lose productivity in efficiency losses. So, you're forced to be the High Priest of IT and lock down a network like no other. No outside USB sticks, manufacturing firewalled off from the rest of the plant, and all kinds of restrictions that make users angry. It sucks, but it's possible. Unfortunately, small time manufacturers with their one part time learn-on-the-fly IT guy probably won't do it right. Perhaps this is where the DHS can come in to help, in the name of national security?