Hackers, cyber criminals, state-sponsored hackers and other bad actors can hit any industrial system without specific knowledge. A search engine like Shodan, a specific exploit easily available on an underground forum and an anonymizing tool to avoid detection could be sufficient to compromise a system in a critical infrastructure. In 2013 ICS-CERT received 181 vulnerability reports from researchers and ICS vendors, 177 were true vulnerabilities, 87 percent were exploitable remotely while the other 13 percent required local access to exploit the flaws.”]
Source: http://securityaffairs.co/wordpress/25587/security/ics-cert-warns-rise-attacks-online-ics.html