If powerplant controls are exposed to the internet, the government should "step in" to waterboard those responsible with battery acid.
I feel like I repeat this at least once per 'cyberwar' thread, but it bears repeating until people start to understand. "Power plants can be attacked via the internet" is not equivalent to "Power plant controls are exposed to the internet". There's plenty of risk to the power infrastructure that comes from systems that can affect power usage being exposed to the internet, even if the power plant isn't exposed to the internet...
The reason that some people give 'cyberwar' more thought than that is that it's not as simple as you make it out to be. I'm a coauthor on a DOE sponsored paper (under security review, so no citation for now) that covers some more subtle aspects of the problem. The electrical grid can be attacked by compromising the control system if that system is internet connected, true. However, if a significant proportion of the electrical load for any one generator can be controlled via the internet, then that generator can be attacked via the internet without requiring any direct internet contact. Case in point, X10, Google, Microsoft, and many other companies are currently looking into home automation and controlling the home's electrical system via the computer. So, what happens the next time there's a runaway MS worm, but instead of just sending spam it gives control of the home automation system to the attacker? Simply by turning the power off in enough houses in an area, an attacker could actually cause physical damage to the power plant.
That's why we can't just dismiss the problem as "unhook the power plants from the internet." In a world that's increasingly hooked to the internet, we can't afford to overlook how the internet-connected components can possibly have an effect on the non-connected components.