An online connected system is much more at risk than one needing an inside manual hand. it's why air-gap networks exist.
Mission critical should be air-gapped so that the risks can be reduced.
Updates are only applied after scanning and deployment in test systems, period.
Are you going to stop everything? of course not, but you'll stop a damned lot more than with internet connected mission critical computers.