But what do you do if the control system itself is susceptible to virii? I've seen 'isolated' networks of MS Windows systems become infected when a technician plugs an infected laptop into the subnet to update software or perform some monitoring activity.
What with the desire to have people telecommute or have maintenance done remotely, interconnected networks are going to become more and more the norm. And then there's the boss who will insist on being able to log in from his/her home system at any time just to 'check up on things'. Using the same system that the kids have installed every conceivable piece of suspect software, of course.