There IS cause for concern, but the risk varies greatly from one application to another.
Also, "cyberattack" has many different meanings. Much of it simply could be a traditional physical attack on infrastructure, such as putting an explosive down a utility manhole or blowing up a computer room. How much protection does critical power substations have against being bombed?
Many networks are very vulnerable to viruses. For example, an email virus could cripple everyone's desk top with a flood of emails. That might have nothing to do with an application, but if one's desktop is down, can one still control an application? For critical control points, such control units should be fully isolated except for their dedicated function. Operators shouldn't be emailing their girlfriends or surfing the net from such computers.
Critical applications should not be controlled through the Internet at all. That is way too risky. It's all right for an applicaton to use Internet protocols within itself, but it should be completely isolated from the Internet. That is direct lines between control and the field, with secondary backup lines.
This turned out to be much ado about nothing. The laptop was stolen for itself, not for the data on it. I suspect almost all such thefts are for the physical item, not the data.
(We do need far better controls on protecting information, though.)
In this day and age the existence of sabotage viruses and the like is inexcusable. The sabotage isn't by James Bond type figures climbing down the skylight. A great many people are skilled enough to make viruses, they just choose not to. The Internet should be far more secure. It's like using a bathroom door lock to protect the gold at Fort Knox.
We'll probably need a national or international body to control the Internet and eliminate the numerous weakspots in it, kind of like the way the FCC and intl bodies allocate radio frequencies and telephone signal protocols. This business of hijacking unprotected servers is ridiculous.
Although this is blasphemous to say so, we'll probably need border controls on Internet traffic entering the United States just as there is on physical goods. Or quarentine borders around countries that create malicious viruses, phishing, etc.
I still insist the term "virus" is very misleading. It implies it's something we can't really control very well, like the common cold. But that's false. It's sabotage, not naturally from nature, but specifically created by people. Maybe if the headlines read "ABC BANK HIT BY SABOTAGE, 3RD ATTACK THIS WEEK" people would take notice and demand action.
[public replies, please]