The problem is that even if you wanted to build a "secure" industrial system...
... the industry will throw their spanner in the works. Essentially you will get industrial systems which can only be controlled by OPC (OLE for Process Control) or if you are lucky OPC-UA, it's cousin which drops DCOM for SOAP.
Seriously, there is no way any of those companies is ever going to correctly implement those systems. There is no way you can run those systems without them having huge attack surfaces.
What we'd need would be regulations limiting the maximum complexity of those systems. The simpler they are the easier they are to understand and that gives people a chance at securing them.