knee-jerk reactions are the norm not the exception to security disclosure, and I doubt he has some leeto 0-day to destroy the world with.
This. A discussion about viable "cyberwar" doesn't depend on knowing the latest and greatest weakness in Flash player. It depends on well-documented systemic weaknesses in commonly used PLCs, in protocols like ModBus; and where a practical attacker cares about "consumer" OSs, they care about exploiting the 30 year old unpatched packet drivers for NE2000 compatible cards running under MS-DOS 6.2 (it would amaze you how many "embedded" devices run DOS).
And the focus of such a serious discussion has nothing to do with glory or PII or money, but rather, "crippling infrastructure 101: Electric, water, and traffic control systems 101".
The only reason to censor this as a "threat" comes from the underlying mindset of looking for subtle systemic weaknesses rather than trying to find the digital version of "fly a plane into a building". Think how subtly Israel fucked Iran's nuclear program with Stuxnet, and you have the right idea.