I don't have much to add here, but I've been going to Def Con and the other Las Vegas security conferences for a few years. Every year there is a section for infrastructure security (factories, refineries, etc). Its always the smallest section and the least populated. But its simultaneously the "most important" in terms of how much damage can be done from a single attack. Every year I went and was always terrified by all the stuff I saw because all the people hosting booths were like "yeah its dead simple to get in and break things." I feel like so many people could see this coming and there are just no consequences for the companies to incentivize them to do better.
In 50 years I hope to find out it was pulled off by the infrastructure teams who have been arguing for more security all along and that they did some good with the money.
Completely agree. If interested check out the documentary Zero Days. Insane, essentially the NSA in tandem with Israel took down Iran's nuclear program by impacting their industrial control units. Many Zero Days were used with nearly an unlimited budget.