Re: Really bad design
"And you think some two-bit script kiddie can pull that sort of thing off?"
Depends on whether the script kiddie has got access to the local Siemens/Simatic (other vendors are available) supply/support chain (or equivalent if we're not talking PLCs).
Lots of things made Stuxnet what it was, especially what the Stuxnet folks did inside the PLC itself.
On the other hand there are more than enough tried and tested and proven and documented ways of doing bad things in a typical Windows box, even on allegedly secure sites. Stuxnet used a few zero-day exploits, plenty more where they came from, and they're not even always necessary, depending on the poarticular goal.
In the case of Stuxnet, the actual payload (as distinct from the propagation mechanism) stayed passive till it knew it was in the right place, thereby minimising risk of detection, that's not rocket science either.
Causing havoc in general certainly doesn't take "the combined might of USA & Israel determined to do something".