What is it: http://www.sandia.gov/scada/history.htm
how it’s vulnerable:
If you read enough of these you can piece together that the SCADA systems don’t have to have a direct connection to the Internet for an attack to occur. Many of the existing utility systems have SCADA systems connected to dial-up modems and/or private radio networks. At least one penetration testing toolkit (Metasploit) contains code which can be used to attack a SCADA host if a dial-up or radio connection has been made.
examples of real SCADA attacks:
Australian hacker exploits ODBC vulnerability to dump millions of gallons of sewage.
Illinois teenager hacks a Caterpillar system to dump 65,000 gallons of oil sludge into Des Plaines river.
During a controlled test, Homeland security uses electronic attack to physically destroy a diesel generator.
Who is working on fixing this: http://www.inl.gov/scada/resources.shtml