Industrial control system (ICS) equipment benefits from security by obscurity and complexity. The protocols are so unique and require so much effort to master that nobody but a motivated nation-state is going to spend the time and money figuring out how to attack them.
Plug these systems into a modern IT cloud infrastructure and all of a sudden the gamut of “traditional” attacks can now affect ICS/operational technology (OT) systems, including taking advantage of wormable, unpatched IT vulnerabilities.