[This is a response to Joe Weiss' question, "Who is Kidding Who about the Cyber Vulnerability of the Electric Grid?"]
It seems legit to consider propagation of undirected malware as at least partially bounded by heterogeneity. In comparison, it didn't take long for researchers to successfully develop malware that would compromise a homogenous AMI network.. To the extent technical diversity increases the cost of developing an attack, it's a good thing. Unfortunately, this isn't enough to deter adversaries. Other techniques can do more to increase the level of effort. Defending targeted attacks is a higher bar. Focus on prevention alone is probably a mistake.