Analog is way easier to "hack" than digital. For example, hot wiring a car, etc.
@Weird Tolkienish Figure No.
You can have a valve that has an electronic motor - that's fine. But have an analog override (an actual manual valve).
The valve with the electronic motor can be operated with a servo, but have a switch too.
The servo that operates the electronic motor can be operated by a computer, but have a switch too.
the computer can be operated by a local network, but the computer should be able to do that job air-gapped too.
The local network can be operated by a wider domain, but it should first be able to function air-gapped too.
And so on.
It is called redundancy. And it is important. IT and top brass have a similar mindset, call it a 'god complex' or 'castle mentality'. Central control. It is foolish. The guy running the floor with 25 years of experience sure as hell knows better when to turn that valve than you do.
Distributed and redundant simple systems are, in the end, the easiest to protect. Look at it this way:
You will always have the analog component to protect. That relies upon actual boots-on-the-ground.
Everything bolted onto that physical site on the ground is just another level you have to protect.
So the further the control is from that valve, the more protections are required. And each level has it's own vulnerabilities. And every vulnerability has an exploit. Every one.