The Target data breach in 2013 affected 40million credit cards. It was traced back to an onsite HVAC (that was remotely accessible for billing) being on the same network as the rest of the system . The credentials for the HVAC were breached and used to attack the internal computers.
The link below discusses a comprehensive security plan for a building automation system. The connected components are identified and the network and systems are designed for authorized access.
One can see such a plan being useful for a number of sensor/IOT systems – e.g. energy, temperature and and video sensors.