Now also having worked with SCADA systems for a long time. Most are rather poorly done. The software is usually bubblegum and duct tape with a shiny coat of gloss to make it look nice.
I supported several of these devices for about 10 years. Guess how many are supported now? None. They sit out there waiting for someone to exploit them. They will never see another patch. Ever.
But those older SCADA devices were not dependent on being cloud-connected, were they? There are probably a thousand SCADA devices on the network I deal with and they're all internal-only. They don't reach out to the Internet nor can the Internet reach into them. There's no need, so they don't get the option. Even if they are vulnerable to exploitation, the vectors that would allow for exploit are far fewer.
Or are you a one eyed monster
No, that was in the porn...
The first time, it's a KLUDGE! The second, a trick. Later, it's a well-established technique! -- Mike Broido, Intermetrics