I suppose alerts for scada would carry very similar information (IP adresses, process numbers, probe IDs, etc...) than the ones for classical IT systems.
In addition, some fields could be needed to describe very specific information. Nevertheless, I believe these specific information (role of a service or of a machine) is rather to be find, during the post-treatment of alerts (alert correlation phase), in the knowledge database describing the environments under monitoring.

I can see two specific issues:

1. Update to the keyword list of classification, to include specific source of vulnerability information beyond Bugtraq and CVE. Yet, CVE is very largely used for SCADA systems.
2. Specific information. This should be handled by AdditionalData, possibly extending the XML representation of AdditionalData.

Both need to be addressed anyway to update the standard.