process control is still handled by the PLCs (unaffected by any sort of malware... that I know of) and if something was looking like it was about to go wrong, then the PLC should be set up to deal with it...
The PLCs I'm forced to work with (that happens to be from the same manufacturer that produces the POS that's WinCC[*]) can be networked and, as soon as you connect them to a network, you can control them (as in, modify the program, start them, stop them, the whole lot) remotely.
The communication is not encrypted and it's not password protected[**], so anybody that can obtain access to the network (and that's not very difficult in many factories, especially the very big ones) can control them at will.
[*] and other manufacturers aren't better
[**] there's a password protection, but it's enforced by the programming software, not by the PLC itself. You just have to use your own program, using the reverse engineered communication protocol and you're set.