"There are vulnerabilities in all components but HMI [flaws] are the easiest for researchers to get their hands on," Peterson said.

While addressing such flaws is vital, it is equally important to address flaws in the control systems themselves, said Joseph Weiss, managing partner at Applied Control Systems LLC and author of the book Protecting Industrial Control Systems from Electronic Threat. "These are the flaws that can cause things to go boom at night."

"If you haven't protected HMI's, shame on you," Weiss said. But the bigger threats really are the control system flaws that allow attackers to send commands that cause physical equipment to shut down, overheat or blow-up, he added.

Stuxnet showed how programmable logic controllers could be overwritten to send commands that caused equipment to fail, he said. Despite that warning, little has changed. "Prior to Stuxnet there were zero programs for securing PLCs. To this day there are no programs for securing PLCs," Weiss said.

A lot of the problems have to do with insecure design, Peterson said.