This has been a point of discussion for at least half a decade. The article has nothing that hasn't been posted to HN before. My take on a the playing field: Smart grid stuff has a weird confluence of stuff going for it, which is bad for security, but not as bad as the doom-and-gloom-for-profit folks say it is.<p>* Very legacy systems are very much in play, and compatibility is a requirement -- replacement and modernization is extremely expensive and time consuming.<p>* Old school engineers who hang on to "the power grid is different, we need specialized, non-standard it systems" mentality. This is partially true, but to the point the make it.<p>* A general distrust of power grid engineers (including software) of anyone claiming that "evil hackers are everywhere". They don't understand certain software issues, like once an exploit is found it is essentially free to take advantage of, which is the exact opposite of may real-life security issues.<p>* Utilities that view security as a matter of procedural compliance with some set of rules.<p>These combine for a bleak picture, the tempering tho comes from:<p>* vendors and regulators (doe, nerc, ferc) are very concerned with security at all levels.<p>* researchers are starting to show how real, physical damage can be caused by cyber-security problems (not just hypothetical, but demonstrable, bottom line affecting issues).<p>* recognition by the more pragmatic older engineers that today's "kids" are maybe on to something using commodity communications and software instead of custom everything. This has inherent security benefits in many places.<p>All that being said, this is a giant field, and the "smart grid" is not one thing (in fact, if you have n people talking about it, (n-1)^2 definitions of smart grid will usually emerge) -- security for the grid is an exciting and interesting place to be.