It is often debated if, and how often, hackers are going after critical infrastructure like water plants, generators, and such.

MIT Technology Review reports on a security researcher Kyle Wilhoit's exploration of this question. He set up two fake control systems and one real one (just not connected to an actual plant), which he then connected to the Internet.

Over the course of the one month experiment he detected 39 sophisticated attacks against his "honeypot" systems. The attackers did not just penetrate the systems, but also manipulated their settings, which would have had real world impacts had these been real systems.

One must assume that the same is happening to any real Internet accessible industrial control systems.