Totally impenetrable physical security doesn't exist, but totally impenetrable electronic security most certainly does. It's quite simple to make something completely immune to hacker attacks over the internet: disconnect it from the internet!
Which was exactly my instant reaction when I saw the story. The real problem, as mentioned by Congressman Langevin, is that most of the power providers are small private operators that swim in murky waters. They like the "convenience" of having their billing systems, control systems, and the secretary's network resources all on the same network ("easy to administer with one sysadmin", I suppose), and "just put a firewall" to protect the key systems.
Profit is everything when the profits tend to be razor-thin. It's the middlemen that make most of the money, not the producers.
Of course, our defense infrastructure isn't immune to this, either. The easiest "break-ins" are apparently by just leaving around USB keys in the parking lot, and depending on unsuspecting and greedy people picking them up and sticking it into their laptops or desktops to see what's on it (and whether they can nab it for themselves..)