Playing Devil’s advocate to my own normal inclinations (I hate smart meters!)... Doesn’t the same principle apply to almost any technology, of “get a job with a manufacturer and write some malicious code”?
I have personally written code that runs on national telecomms network all over the world. A US customer once confirmed my code had surpassed 1 billion calls in a year. I needed no special security vetting and I suppose I could have incorporated something nasty, and might have got away with it, but chances are a colleague would have spotted it, either immediately or some time later. I’d say, chances of getting away with it were pretty slim, especially if the payload was some way in the future.
Can’t help thinking that somebody with dastardly plans to bring down a world economy, would want an attack vehicle that stood better odds of success...