Most companies will outsource a lot of their configuration changes to other parties such as the control system vendor. It's not practical to have everyone travel to a site just to make a small change. Our company does similar setups to the grandparent post with all the layers of security as well. We do allow full control over VPN, BUT we do go through 4 layers, 2 factor authentication, firewalls, 3 different sets of credentials, etc. Some safety critical items cannot be done by one person but require 2 separate accounts to make the changes and download them to the control system. However yes, you have to do your due diligence and the most vulnerable systems (think NT4.0 and Win XP) should be no where that can reach the outside world without many layers of security.

I tend to disagree. I've been in the process control industry for close to 20 years. As a control system vendor, it would be impossible to do my job for most customers without remote access to systems. Most customers cannot maintain or make changes to their own control systems. However, it has to be setup securely. 3 or 4 different levels of machines and networks you have to traverse through, restrictive firewalls each step of the way, multiple sets of credentials, 2 factor authentication, and finally some things are setup where two different people have to be involved in the change. For example, only some people have the privilege to change the code and others can actually download that code to the running plant. All of those items greatly minimize the risk and make it possible to work remotely which is required in 2021. An ancient windows xp machine running team viewer? Yeah, that's just pure idiocy.

As someone who regularly logs in all over the country and makes changes to these type of systems on a daily basis, your idea is impractical and sounds ignorant. Most of my customers I deal with do not have the expertise to make changes to their own SCADA or DCS system and they rely upon the vendors like me to maintain and make changes to them. We do that through the internet quite often. However, the key is layers of security. For most of the stuff I do, I go through 3-4 different layerss to get to the end system, usually with multiple sets of credentials and 2 factor authentification. In addition, even some things in the end system are setup to require multiple different users to make certain changes, especially when safety systems are involved. No one person has all the keys to the kingdom in certain applications.

The law is not that you cannot carry more the $10,000 in or out of the country, but simply that you must declare it to customs when you transport more than $10,000 in and out of the country.

The frequencies that BPL affects are frequencies that allow people to talk all around the world, so the problem extends farther than just where the power is out.

Cell phones do not fall under part 15 of the FCC's rules. Therefore they don't have to follow this. I believe cell phones fall under part 22 or part 24 (but I could be wrong about this).