Moreover, if they do exist they should be wholly insulated from the Internet
Systems which are insulated from the Internet rarely get security updates and security reviews often miss them. Yet all it takes is a compromised laptop on the wrong network or a USB stick inserted into the wrong machine, and suddenly the whole "secure" network is up for the taking.
Critical systems should be designed to function despite FSB, Mossad, and the NSA all have having direct access to every LAN. Alas, that is practically impossible to achieve today, industrial systems and management functions do not have the necessary security features to work in such an environment.