I recently watched a TED talk by Ralph Langner, lead of one of the teams attempting to reverse engineer the virus to determine its purpose. My original reaction on Twitter was:
The most terrifying part about this attack is that while it was highly targeted, all of the exploits and actions it took are remarkably generic and can easily be retargeted to many other types of systems. There are many targets, and they are very vulnerable. The community of engineers and developers working with these sorts of control systems have, up to this point, not felt the need for a level of security paranoia that many software systems presently require.
There is some good discussion in the comments on Reddit: