It depends. These industries are considered CI-KR (Critical Infrastructure - Key Resources) and CISA (Cybersecurity and Infrastructure Security Agency - a part of DHS) and PHMSA (Pipelines and Hazardous Materials Administration - a part of DOT) provide guidelines for protecting Supervisory control and data acquisition (SCADA) systems.
In this instance, we'll need to see what the problem actually was - an attack on the admin side or the SCADA side.
It'll probably turn out that they were running an unpatched version of Windows XP...
I didn't know that, but my guess is the admin side.