Too many vulnerable IT/OT assets are unnecessarily online, says CISA. It offers advice on what to do about it.