ICS security experts shared real-world stories from the field that expose the dangerous gap between written policies and actual practice on plant floors. The incidents include an Iranian-linked threat actor trying to infiltrate a Middle East facility's operational technology systems, a vulnerability scan that accidentally shut down two power plant turbines, and an undocumented federal agency control system running on default credentials that was unknowingly accessible from the public internet. These cautionary tales underscore how assumptions about air-gapping, physical isolation, and operational safety often don't match reality, especially when institutional knowledge leaves with retiring staff or security processes fail to adapt to the unique needs of industrial environments.