Last self reptition, honest. Please RTF Analysis
"he was totally staggered that anyone would attach their SCADA to any network which could be connected to the outside world in any way"
The (allegedly) effected SCADA systems were not connected to the outside world in any way.
"or allow anyone to attach external media to the systems."
No one attached external media to the SCADA systems.
"He also said that this is SCADA lesson one.""
Indeed it is. Which is why stuxnet was coded in order to jump over these limitations.
Clearly none of the commentards can be arsed to RTFM, so in summary :
Stuxnet arrives at your plant on a USB drive (say). It then compromises machines and spreads through your internal net via a combination of tricky exploits. It also continues to infect USB (or other removable media).
At some point, someone takes a USB drive accross the air gap that separates the internal net from the PLKC development boxes and plugs it into the machine used for PLC software development, it spots the WinCC PLC development environment and trojans the fuck out of it, enabling it drop it's payload of malicious PLC code into any PLC projects that come along.
At some point further along, someone tales this developed PLC code on (say) a USB stick, and crosses another air gap to the machine that is used to program the code onto the PLC. At which point, stuxnet trojans the fuck out of the PLC programming software as well.
Now, at this point, when you take your PLC out of your SCADA gubbins to modify the process code on it, another air gap because no one attaches SCADA to anything, it rewrites the code on the PLC, only you can't see it, because stuxnet has trojaned the fuck out of the programming software, and it is now lying to you.
Then you put the PLC back across the air gap and start up your plant. Then your plant go boom.
Stuxnet was specifically designed to work around the fact that no one is dumb enough to connect SCADA kit to external networks, and to exploit the - now thoroughly debunked - belief that this is sufficient to protect them from remote malfeasance.
Now can we all please stop with the "shouldn't connect SCADA to teh internets" cockwaffle ?