For more information on SCADAs, their vulnerabilities and exploitations, please see the SCADA tag.
An example article showing American vulnerability to SCADA attacks:
Several attacks have already taken place against regional power plants in Ukraine, resulting in several short-term blackouts in December 2015. It was the first recorded case of power outages being caused by cyber attacks and originated from a type of malware known as BlackEnergy.
It is not clear who was behind the attacks but a military spokesperson stated last week that they were originating from Russia. Another type of malware has since been discovered by investigators looking into the December cyber attacks, although researchers say it is impossible to know how many systems are currently at risk.
“This is the scariest thing—we’re living on a powder keg,” Olech Sych, a consultant to government investigators, told Reuters. “We don’t know where else has been compromised. We can protect everything, we can teach administrators never to open emails, but the system is already infected.”
According to Sych, an “air gap” was breached when power plant workers ignored security protocols and connected critical computers to the Internet. This allowed hackers to gain access to the internal network.
“We understand that this couldn’t have happened without an insider. To carry out this kind of attack you need to know what kind of operating system and SCADA [supervisory control and data acquisition] are used and what software controls the industrial facility.”
Full article: Hackers Turn Ukrainian Infrastructure into ‘Powder Keg’ (Newsweek)