Do a gargoyle search of FERC, NERC, and Homeland Security. Spend a little time looking at the public offerings on post-9/11 utility plant security. The old stereotype of the nightwatchman asleep in his guard-shack is quaint but inaccurate. Likewise the picture of someone playing on Facebook from a workstation that also controls vital subsystems for any utility borders on the ludicrous.
If you are knowledgeable about the networks most companies use you are familiar with concepts such as firewalls, web-based content filters, proxies, and - in Windows-based networks - group policies (to name a few). All these appliances and systems work to limit access to sensitive systems. The thing about utilities, security companies, financial corporations, etc is that with most of them the computers that control their vital core infrastructure systems aren't even connected to their corporate network much less the Internet. They are on private networks, physically isolated from email systems and web traffic. The only way to hack them is to breach physical plant security (often multiple layers) sit down at a terminal and then breach hardened network security.
So let's put on our James Bond jacket, take a draw on our vodka martini (shaken, not stirred) and imagine we're about to conduct a little industrial sabotage. We've mapped out the physical location of this high-value target - a water plant. We pole vaulted the chain-link fence, transversed two or three hundred yards of CCTV monitored ground, breached a number of doors in order to gain access to a control room where we've identified the workstation that hosts the control set - no doubt from the large lettered sign that says "Plant Control Computer" - and "hacked" our way into it, likely using the password "password" to gain entry.
Now we are in position to wreak some serious havoc, so what do we do? We reprogram a pump to cycle until it goes tits up. Brilliant.
I'm not saying it can't happen. I'm saying that the probability of it happening is roughly on the order of Øbozo suddenly getting some humility.
...just sayin