This report actually tells that with a few exceptions, the grid is protected in the way that federal regulations require. It then goes on to say that federal regulations are not strict enough. It comes up with "tens of thousands of attacks" where everyone that knows what this is about will know that these are a few standard port scans. If you count every package as a single attack, you'll get into big numbers easily. It claims destruction of tens of thousands of hard drives at an Arab oil company, while in truth, these drives weren't damaged, but the contents of them was wiped or changed due to a large scale virus infection. The company had good backups in place and as far as is publicly known, no significant amount of relevant data was lost. The entire attack did cost a lot of money, but nothing vitally critical was damaged and the company is still in business today. I'm not sure, but I doubt the attack even hindered them pumping or selling a single gallon of oil.
The biggest actual threat the report can come up with is physical damage to large distribution station transformers. To damage these, physical action, not cyber, will have to be taken. This is out of scope of the research and should have been kept out of the report.
There are many good recommendations in the report that will improve resilience and resistance against cyber attacks on the US national power grid. However, the tone and exaggeration of the report will make it hard for professionals to take it seriously and for politicians to "do the right thing" and get the things in place to make the recommendations become true.
Whether or not the information is encrypted is not important in this case. It may be to you, but it's not to the party you are dealing with. The big deal is that you can be reasonably assured that you are in fact dealing with that party and not someone imposing as them, or someone intercepting the communications between you and them. HTTPS will always sign each data transmission, making it virtually impossible to alter the data under way or to have someone else impose you.
HTTPS is seldom about privacy, especially with all the monitoring, tracking and statistics going on. Try visiting the web without google or facebook getting cookies and tracking data on you, regardless of you visiting a site that uses HTTPS or HTTP. You can, but you'll have to go through great length to do so.
The data being sent back to you, goes to an e-mail provider you trust. If you don't trust them, you wouldn't be using them. The information you gave to the website is something that isn't that sensitive that you wouldn't want "strangers" to have. If it was, you wouldn't be handing it over to some web site. Yes, your address is in there. Very annoying that over a thousand companies and government departments (on average) have you on file. However, it's trivial to find out where people live, usually, so it's not a very big secret. The most annoying thing to me is the spam they keep mailing you even though you clearly indicated you were not interested in that. Sure, it could be handled a bit more secure than this, but in the end, you are responsible for the amount of personal data you are putting online and you know in advance that once you put it there, certain things are probably going to happen with it. If you only want to deal with companies that will default to sending you GPG encrypted e-mail, you'll not be shopping online a lot for the foreseeable future.