He has some great info that people shouldn’t just listen to, they should be doing it (like two step authentication), and I think maybe his scare mongering is used to get peoples’ attention. I don’t see why or how anyone would use a cyber attack against infrastructure when a conventional attack is much more effective.
People should be more scared that there is a key logger on their system logging their every keystroke, or they should be scared that they use the same username and password on their bank account as they use on a blog site. It’s nice to see someone talking about this part of the threat which is very real.