Agreed there is a big difference security-wise between operational issues and administrative issues. But practically (a) it may take some time and effort to investigate & establish / confirm the distinction, and (b) even if the operational system is not affected if they can't reliably account for what is being transported it may be necessary to shut down anyway, at least until they can build some sort of ad-hoc system to provide the necessary accounting.
I am not an expert in this area, but listening to people that are suggests to me that legacy SCADA systems are unlikely to have adequate security, intrusion detection and monitoring features, and some of these are running on unsupported hardware and software, with institutional knowledge rapidly disappearing. In most cases they were never intended to be connected to any sort of public network, but evolved to this in a haphazard and insecure manner over a period of time, operated by various companies / people, using various technologies, none of which are necessarily focused on security from this type of attack.
I hope Colonial and other operators can regain / retain control of their systems (which they will) and I really hope that something tragic happens to the people that are doing this.