There are other types of plants where the consequences would be equally grave - Plexiglas polymerization in the piping would be a Very Bad Thing Indeed, for example. Chemical plants might even go boom.
And it doesn't look like the Security Team were asleep at the switch, either. The plant wasn't exposed to the Internet like a lot of the Power Grid:
The report, issued by Germany’s Federal Office for Information Security (or BSI), indicates the attackers gained access to the steel mill through the plant’s business network, then successively worked their way into production networks to access systems controlling plant equipment. The attackers infiltrated the corporate network using a spear-phishing attack—sending targeted email that appears to come from a trusted source in order to trick the recipient into opening a malicious attachment or visiting a malicious web site where malware is downloaded to their computer. Once the attackers got a foothold on one system, they were able to explore the company’s networks, eventually compromising a “multitude” of systems, including industrial components on the production network.My feeling is that the future will see the segmenting of networks into "ordinary business users" and "mission critical" with no connections whatsoever between them - exactly like the DoD unclassified and classified networks. While this is no panacea, it makes it much, much more difficult to penetrate, and very likely requires physical access. And a shout out to the retail industry: your Point Of Sale terminals should be separated from the rest of the network in exactly this way to avoid a repeat of the Target credit card breech.