As someone who works with this stuff all the time, I feel I can say this with some degree of authority, if you connect your SCADA / PLC system DIRECTLY to a internet connected PC. You should be drawn and quartered / keel hauled for pure stupidity.
I have access to some of my customers sites remotely, all of them are through secure VPN then either RDP from the secure connection or in one case through citrix to the computer in question. If their IT dept can't sort out VPN security that is another issue entirely.
When it comes to industrial gear stability is #1, #2, #3 and #4 on the list of priorities, and #5 is physical security, most plants that I have worked at are fenced and require you to go through a gate house of some sort before you can enter site, this is not because they are doing some super secrete work it is for liability issues, if some retard sneaks onto the site and gets an arm ripped off because they put their hand in some bit of plant, the fines and paperwork would be hideous.
Most computers on industrial sites will be running unpatched XP SP2, but it is ok because there should not be any internet connection to these machines. USB's should also be limited to trusted ones for backups.
Ok rant over.....I could go on....