The question is not whether control systems can or can not be totally isolated. We're way past
the point a completely isolated system would work given current economic requirements.
Industrial processes can be geographically distributed. That means MAN or WAN because no
company is going to pay people to go on-site physically to push buttons or read analog dials
anymore (and the MAN/WANs can be built using the same physical infrastructure as public
networks). Likewise production orders are now issued by computerized processes on the business
layer, not phoned to plant operators, so business network/control network bridging is
mandatory too. Companies that manage a good business layer/control layer integration have a
huge competitive advantage over competitors that fail to do it.
The question today is what is the right security interface between control networks and
business networks. Many organisations have this interface designed by industrial people with
little IT security culture.