Most (all?) Cisco equipment allows you to do a password override, or "recovery", operation if you have physical access to the box. Aside from that, if they kept copies of the configurations (duh!) and standardized equipment, it wouldn't take much to just swap out the affected systems if necessary, using just a couple spares or loaners. Again, that assumes standardized equipment... The way this incident has been reported if pretty poor - the press keeps saying he locked the city out of their systems, data is affected, etc. but at this point his behavior (while reprehensible) would appear to only be an inconvience to move/add/change activities. There will be labor costs and downtime to fix the situation, but if not data has been altered then this crime is far less than some. Leaking credit card numbers would be worse.
It seems like this one incident is a being used as the big chance to "blame the network guy". He is totally in the wrong, but this is far from the big crime they are making it.
I actually know of a company that did this to themselves by laying off their entire IT department before making sure they had the passwords and config files.... I didn't see that in the news.