Most of these things can be taken to at least a semi manual mode of operation (It might require more people out on the floor manually tweaking things) but I suspect that most of these systems are actually simple enough on a local level that a good tech team with screwdrivers and set of schematics can fairly quickly get the PLCs out of circuit and some switches and pots and meters wired in (Most systems have switches on things like pumps and switchgear labelled along the lines of auto-off-manual already), worst case a laptop, a can card and use canoe or canalyser to talk to the valves and inverters directly.
Doing this does of course then depend upon having enough process engineers who really understand the plant to be able to run it with a board full of switches (and few if any interlocks) rather then letting the computer handle the details, this is probably the real issue as keeping such people on staff is expensive and is the reason you went heavily computerised in the first place. Getting management signoff could also be a problem, boards with billion pound assets like to hire consultants before letting the local on site guy fiddle with the flow rates and heat levels on the refinery heavy oil cracker without any interlocks.
There are of course systems that need the computer support, but even things like power stations (yes, even the nuclear ones) actually do not strictly need it, for all that bringing a set on line without it may require getting some people out of retirement to demonstrate the trick to it, and running without the computers would probably require emergency permission to violate all sorts of regs.
Damaging? Of course.
Disaster? Only if you cannot find the people who can deal with the loss of PLC support or if the attack causes the PLCs to damage the plant before the humans can step in.
The other major issue here is that while the scada controls may be more or less homogenous (Lots off Simens stuff out there) the systems they are controlling are anything but so a broad attack would probably be able to take the automation off line or change set points at random, but you could not easily write an attack to say cause the grid frequency to try to rise to 400hz, because there are far too many variations in the physical connections between the PLCs and the rest of the plants out there.
The scary thought is that it is not an attack on the SCADA running the pumps and power that would be really damaging so much as one of the machines running say the stock exchanges, repairs to some damaged pipes, boilers and transformers might take a few years and cost a few billion, repairs to the confidence in the financial system after some banker has diddled the risk models to ignore the sub prime lending risks.......
Regards, Dan.