I used to do industrial controls, so let me give the unfamiliar a little background on these systems.
You have PLC's, (programmable logic controllers) often redundant sets of them for critical systems, that run the code that controls the facility. They are networked together via proprietary data networks with no internet involved. These units do not run windows, or any operating system usually. They have no USB ports, hard drives, or monitors. They are hardened against temperature, dust, and power fluctuations. Once the facility is running properly, the PLC's do everything. No human's need to make any decisions about facility operation.
However, sometimes, humans want to tweak a setpoint or override a safety interlock because they know a sensor is bad, or they want to run a certain automatic operation in manual, because something has changed in their process. For this, they have windows based graphics interfaces with pretty animated pictures of valves and motors and pumps and fans and reactors and pipes and ductwork, all of which change their state based on the status of the actual valve or motor or pump or fan. To do that, these windows based PC's are networked to the PLC's, to query them for state information. So nobody is "running a factory on windows". Think of these as terminals into your webserver. If you lose the terminal the webserver keeps on trucking. Also, just like terminals, you can have as many windows PC's as you want tied into the PLC network, so if you lose a couple, you still have others, in case there's something that you really don't want to lose visibility of.
At no point is this network tied to the internet, for obvious reasons. Usually, the drives are locked out on these systems using physical locks, so only engineering staff can load anything on them. USB is trickier, as I can imagine people hooking up legitimate devices such as sirens and flashing lights and even just speakers for audible alarms, all via USB, which exposes the USB ports to the operators.
Sounds like you haven't been in the industry in a while or we just happen to hit different cross sections. The industrial automation company I worked for bought off the shelf "Industrialized" PCs dropped in a motion controller card and went to town. Their older systems ran QNX(real time unix) with the GUI and all the data right there on the system. Their newer systems were Windows\In time(a real time windows addon) based. So yes there are people using windows to control the system. I have seen systems where there is no air gap between these windows based systems and the Internet. In fact I have remotely logged in to systems in plants via vpn and worked from home.
> dropped in a motion controller card and went to town
Perhaps we were working on systems of a different scale. Most of the facilities I controlled had on the order of 2000 - 5000 I/O points and stretched over several multistory buildings. It sounds like you're doing motion control of a pick and place machine or something similar. That's also fun, especially now that you can do so much with optical recognition.
Yeah we mostly did smaller systems. On bigger jobs we tended to do it as several smaller systems working together. The largest system we ever did was a several hundred I\O points but that was over maybe 20 systems(we did all product movement between machines in the place.)
Thanks. I took a tour of a lumber mill one time that was all automated. It was pretty cool. To be honest, the way these nuke plants are described is less secure than the lumber mill. I really, really hope that's just really terrible reporting.
You have PLC's, (programmable logic controllers) often redundant sets of them for critical systems, that run the code that controls the facility. They are networked together via proprietary data networks with no internet involved. These units do not run windows, or any operating system usually. They have no USB ports, hard drives, or monitors. They are hardened against temperature, dust, and power fluctuations. Once the facility is running properly, the PLC's do everything. No human's need to make any decisions about facility operation.
However, sometimes, humans want to tweak a setpoint or override a safety interlock because they know a sensor is bad, or they want to run a certain automatic operation in manual, because something has changed in their process. For this, they have windows based graphics interfaces with pretty animated pictures of valves and motors and pumps and fans and reactors and pipes and ductwork, all of which change their state based on the status of the actual valve or motor or pump or fan. To do that, these windows based PC's are networked to the PLC's, to query them for state information. So nobody is "running a factory on windows". Think of these as terminals into your webserver. If you lose the terminal the webserver keeps on trucking. Also, just like terminals, you can have as many windows PC's as you want tied into the PLC network, so if you lose a couple, you still have others, in case there's something that you really don't want to lose visibility of.
At no point is this network tied to the internet, for obvious reasons. Usually, the drives are locked out on these systems using physical locks, so only engineering staff can load anything on them. USB is trickier, as I can imagine people hooking up legitimate devices such as sirens and flashing lights and even just speakers for audible alarms, all via USB, which exposes the USB ports to the operators.