the system they broke into (public-facing not-so-important stuff) is, as far as I can tell from the article, linked to control systems as well. Probably on different subnets with firewalling, other user credentials et cetera, but if they're connected they can be broken into.SCADA
is the kind of stuff used to control power grids, railway stuff, etc. Used to run on physically separate networks with dedicated access terminals, but since that was a bother, some of them are now routed across the internet (SCADA protocol encapsulated in IP packets). And some of the still physical separate systems are accessed through client applications on normal workstations that are internet-connected, which means if you break into one of those boxes, you can use it as a gateway to the SCADA grid.
So theoretically you might be able to shut down power plants, mess with railway traffic, etc. And iirc some security consultants have already demonstrated that they could
mix a little hacking and social engineering, and access a power grid control remotely...