Re: Infection Vectors
I like most of your writeup but...
"The PLCs themselves don't get a virus, they just get altered programs downloaded to them from an infected PC. "
Maybe not a PLC virus, but perhaps a PLC rootkit? I'm choosing that name because the unauthorised PLC program modifications attempt to hide themselves from a PLC programmer looking at the infected PLC?. A few of the Stuxnet references mention rootkits, but among the good writeups there are masses of dross.
Don't rely solely on the writeups sourced from outfits like Symantec. Ralph Langner had a lot more clue about the PLC side of things than Symantec ever could.
for an interesting writeup, though unlike some of Langner's other writings, it doesn't use the word "rootkit".
There's a TEDtalk too, but if I remember rightly it's light on technical content. There's plenty of technical content on the blog on his company's website.