Author here: I think another takeaway from this story (besides the importance of supply chain security management) is how crucial a defensive computer security architecture is. In a nuclear facility, the only thing that could have prevented these attacks are network segregation, password policies and similar measures.

By the way, IAEA has great guidance [1] on how to manage computer security in nuclear facilities. If you are interested, I encourage you to read it (or ask me about it).

[1] https://www-ns.iaea.org/downloads/security/security-series-d...