"PCs in an OT [operational technology] network run sensitive HMI [human-machine interface] and SCADA [supervisory control and data acquisition] applications that cannot get the latest Windows, antivirus and other important updates and will always be vulnerable to malware attacks."
Then access should be limited to intranet only.
edited to add "to"