It's quite a demonstration of a companies incompetence. Critical infrastructure should be expected to hold up against state actors. Never mind some group trying to make a buck.

Guess they got access pretty easily, much like the Florida water plant attack awhile back. The plant was running a remote desktop server (team viewer IIRC) on the machine that also had the software to control the amount of which chemicals were added to the water.