More FUD and shoddy security analysis (Score 2, Interesting)

Great, first it was IOActive frothing non-stop about smart meters, now we have Inguardians turning the froth up to 11. This whole smart grid security issue never addresses the probability of an attacker actually being able to carry out a serious attack in real life. The PDF talks about theoretical attacks. It describes possible weaknesses. It does not assign any probability or likelihood to those attacks. As such, this is faulty and misleading security work. Its the kind of FUD "security gurus" resort to when they want to scare people into buying their services. Notice that the PDF makes sure to advise users to buy services like pentesting and code review - which of course an Inguardians sales representative can sell you. Any decent security analysis MUST include consideration of probability. Risk (the most basic measure of security) is comprised of both impact and probability. Sure, breaking into a smart meter could be a catastrophic thing, thus a very high "impact" rating. However, if the probability of doing that in the wild is enormously low. Something like 0.000000001%. Then the risk of this actually happening is therefore very low. Until one of these “researchers” shows the real risks involved here, and not a bunch of theoretical and conceptual data, I remain unconvinced that there are serious problems with smart meters.