Fundamentally? A power plant exploding or dam collapsing would kill way more people and cost far more in property damage than a single FedEx airplane with two crew being shot down.
Those all (currently) require a lot more than stealing a key from M$. Maybe stuxnet would be a better example for your point? Those uranium centrifuges Iran had were very expensive.
I have no idea how you would get a dam to collapse with only a laptop and a network connection. As for the power plant, the operators would have to be blind and deaf to let a plant get destroyed.
The real threat is a cascading power grid failure due to undersupply, e.g. coordinated forced plant shutdowns. A few days without electricity at a large scale means reduced availability of medical and emergency services, no running water, failing refrigeration, no stoves/ovens for cooking for most of the population, no working gas pumps, no electronic payment, no banking (no way to get cash) etc.
>I have no idea how you would get a dam to collapse with only a laptop and a network connection.
In a world where Stuxnet took out uranium centrifuges, and we've had actual PoC's of exploits that resulted in generators fragging themselves, I find your statement to be of the most shocking form of naivete I've heard in a while.
And in point of fact, the network connection would probably be for disabling alarms and control systems in order to mask work done to weaken the integrity of the structure itself. Physical and digital is inextricably linked.
A decently powerful generator is a massive machine. There is simply no way that it can destroy itself without causing abnormal behavior that will be noticed by on site personnel - noise, vibrations etc.
Key: "It seems they were used to the high levels of vibration" - Diane Vaughan wrote an important book that introduced the term "normalisation of deviance" as a factor in the Challenger Launch Decision, a more famous complex accident.
