Most of them aren’t or shouldn’t be. The really critical systems are air gapped. This means that they aren’t physically connected to the internet. You need to physically be there to access them.
Edit:
Even air gapped systems need to have things put on them and things taken off them. This is where the vulnerability lies. If you can get malware onto something that’s going to be put onto an air gapped system then you can make it do things. You don’t even need to be there yourself. You can hack one of the systems that they’ll be putting a USB into to transfer data to and from the air gapped system. An IT guy might take some work home with him and you hack his home computer and compromise that and then anything he takes from home to the air gapped system at work is now compromised. And so on.
Latest Answers