I'll never accuse old Windows of being bulletproof, but I've gotten some considerable reliability out of old appliances by adding SSDs, a passively cooled chassis, and a weekly reboot scheduled task. Basically, just get rid of the moving parts and plan for state drift.
Old OT is actually pretty easy to take care of aside from sourcing replacements for some secret sauce PCI card that is no longer made. New OT blurs the line with IT in a really difficult way however, you can no longer rely on a dead simple airgap to solve your security concerns because everything and its mother wants to be on the internet.
You can not just rely on air gapped either. You have other avenues for attack as well. I actually virtualize most of my legacy OSes when possible. Just maintaining adequate serial connections when a USB to serial connector will not work with your legacy OS and a VM can't maintain a stable serial connection through the host OS. It's been a nightmare.
Old OT is actually pretty easy to take care of aside from sourcing replacements for some secret sauce PCI card that is no longer made. New OT blurs the line with IT in a really difficult way however, you can no longer rely on a dead simple airgap to solve your security concerns because everything and its mother wants to be on the internet.