A leaft in a plant is infected. Saving the plant should contain and neutralize the infected from spreading to other peers.
Similarly if a computer in a Plant system is compromised, the recovery is to contain, neutralize and rectify it to avoid affecting the neighouring nodes.
On a strategic approach, if the ingress/egress points with external systems including removable media are tightly controlled and the O&M activities are strictly following the administrative controls, the likelihood of being compromised if rare to none; even security patching is not in regular fashion. This is the common practice in industrial automation control systems. However, certain cybersecurity practitioners always believe the same maintenance practice including technical controls as if in IT should be adopted. This will definitely consume unnecessary resource and likely break things causing severe damage to the plant.