So just another Windows Virus?
The article seems to waffle around to avoid mentioning that this is at its heart just another Windows virus, like the tens (hundreds?) of thousands of other Windows viruses already circulating around. The "industrial" application software running on the targeted Windows PC is the only novelty here.
Software like Cimplicity or WinCC (I'm not familiar with WebAccess) are not even really "control systems". They're Windows programs which are used to monitor the actual control systems, which are proprietary boxes dedicated to running proprietary software and connected to the Windows PC running WinCC (or whatever) via an Ethernet or RS-485 cable to pass the monitoring data back and forth. The software running on the Windows PCs displays a nice graphical view of what is going on, and also usually logs data to a database (typically MS SQL Server).
Let's take the mystery out of all of this. The actual control systems are not getting infected. The viruses are doing the same thing here that they are doing to all the other Windows PCs in the company.
What the viruses can do is to send commands to do things like dial set-point values up and down which might do things like spoil your batch of product. This is what Stuxnet did. More likely, they will snarf up production data so your competitor (who outsourced his industrial espionage to someone in China) is going to know what is in the recipes you use and how much stuff you are making (and presumably selling).
Your production line is not going to blow up from a virus. The reason for this is because the guy who designed it, if he was at all competent, will assume that the Windows PC is going to screw up with or without a virus. Software has bugs. Windows craps itself now and again. You assume this is going to happen so your control **system** is designed with that in mind. Where I live, you won't be allowed to put into production any sort of industrial machine without an engineering report that says you took all this into account.
What the virus can do is cost you money in lost production. The biggest problems are that a) industrial control system designers generally don't know much about Windows and b) industrial software companies want nothing to do with security. To them, that's up to the guys mentioned in point "a", who happen to know everything about servo drives and nothing about Windows.
The solution involves:
a) Tfhe HMI and SCADA vendors taking responsibility for providing a complete package, including the OS,
b) The package including repositories for supported third party components (like a Linux distro does), and
c) Standardizing industrial communications protocols instead of the current ludicrous situation where everyone has their own proprietary protocol, but they're all declared to be "standard" (just like every retard gets declared a winner in school) so we get rid of 95% of the security holes which relate to COM/DCOM based OPC (where the standard debugging ritual consists of gradually turning off all the security until things mysteriously start to work).
Everyone in the business knows what the problems are. The people who have their heads screwed on know what the solution is. The problem is that the current dominant vendors are only interested in selling proprietary hardware and are afraid that **any** change at all will disturb their painstakingly constructed vendor lock-in strategies.