My son works for Dominion Electric in the burbs of Wash DC. Without divulging too much we discuss the need for securing all aspects of the energy infrastructure. This sector is way behind in their security implementations and possibly policies.
Completely right and thats the result of connecting the OT infra to the IT infra.
OT was never designed to be connected to the Internet.
Visibility is the first item to get control. You can't manage what you don't know.
Well, I can go on like that and fill pages with next steps.
If you are interested we can help here, send me a PM if you like to discuss.