Industrial Control Systems, specifically the older installations, are often deployed as isolated installations, with no access to the external networks including the internet. Most of their security controls revolve around physical security. Today, these ICS networks are getting connected indirectly and true network isolation is becoming uncommon. Initiatives like Digital Transformation leads the business case towards ICS systems integration with business networks. Also, some malware can use extreme tactics to connect the air-gaped networks to the internet.
Attackers controlling an ICS environment can not only destruct the data but also disrupt the production, physical damage and risk the lives of people.