Good questions indeed.
I would expand the list of concern out farther than nuclear power plant
though. Any power plant which had their control system compromised and was
subsequently taken offline could have disastrous effects on the power grid,
whether coal or uranium is the fuel.
This is assuming of course that the reactor protection and emergency core
cooling systems do not depend on network functionality (i.e. disabling
interlocks must happen manually, or at least electronically, but not
remotely via network). If the NRC actually allowed nuke plants to control
their reactor safeguards systems over a network then they are incompetent.