Seems to me we have to take these devices off the Internet without further delay. Either that or use iron-clad authentication protocols.
The use of cryptographic certificates for control of devices would probably solve this problem at reasonable cost.
D
I would hope that any really critical control networks were never connected to "the internet" in the first place! Sheesh. Would they actually put something like the control valves to a nuke plant or a dam on outside access where hackers could snoop in the first place? Not likely IMHO.