I don't think you confused the issue there at all, but forced a clarification of boundaries. The safety critical PLC industrial controller network should be isolated from the Net, however, even with the pipeline hack, the shutdown of the PLC network was due to compromise of billing systems, which are non-safety critical to the immediate user population (administration) but mission critical to the architecture of the western, market-mediated economic activity. You can't secure those systems perfectly, though we can definitely do better. The correct response, however, in this case is effective deterrence of those looking to engage in cyber offensives. Like it or not, when you can sit back outside the reach of effective enforcement measures, and cause mayhem and havoc, and make a buck doing it financial incentivization mechanisms pretty much ensure it will happen.
I just hope we don't take it too far. Many young and talented people in the CS and IT space cut their teeth testing the limits of legitimate access without pushing into the full on destructive regime these attackers have.
I'd hate to see things cracked down on so hard we lose a good signal for talent because we decide that the integrity of cyber systems must be defended at all costs. However, there needs to be a much more pronounced reaction to the types ofor blatantly malicious activity that has been escalating for the past decade or so.
The point is, failing to secure those general use computers has bad consequences.