It's true that any system can be penetrated from the outside, but you have to defend those systems. You don't want to make life easy for the attackers. Again, it's risk management. You want to make the penetration of your critical infrastructure as hard as possible. You can never be 100% secure, but you can get as close as possible.
On February 20th, 2019. See this statement in context.