[samuellb]

These kinds of attacks are already happening. It has actually happened in the apartment area where I live:

We have a hot water central heating system that distributes heat to the apartments buildings. To improve efficiency, this system was upgraded with "weather forecast" functionality. The supplier stated that this system would not work behind NAT or a firewall, and required a public IP address, so it was connected directly to the ISP's switch.

A couple of years later, in the summer, the system got cracked and the heating system was turned on and the system temperature was increased to the maximum. Because all radiators have (analog) thermostats on them, it didn't affect the indoor temperature, and it took a week until it was noticed.

If nobody had noticed, it would have resulted in a huge district heating bill. And if done on large scale, I guess it could overload or underload power plants (if using electric heating). So I disagree that there are little incentives (to bad guys) to crack heating systems.