I worked for years in industrial networking for places like power plants and electric utilities. The risk of security breaches was not just around economic loss, but the loss of human life. And in my humble view, security was never treated with the level of attention it deserved.
Part of the problem is there are no well-accepted measures for security. In the smart grid world many smart people tried to create and apply checklists and standards, and while they were helpful, in my experience they were not able to close many of the security gaps in smart grid systems.
In the consumer world it's even more difficult. There have been many cases of people finding flaws in things from security cameras to refrigerators, and many of the companies making these products use sales as the #1 criteria for product features. Spending on security can protect future sales - so large, well established brands think hard about security - but for many companies security is just not a top priority. In fact, a recent study by HP Security Research highlighted weaknesses in the majority of IoT products they looked at.
It is a big and complex problem - as Ron Ross, a NIST fellow, recently discussed.
Fundamentally this problem won't get solved by wishing for higher security or by imposing federal guidelines. We need to fundamentally change the game. Consumers must be able to buy internet-connected devices from untrusted companies, and use those devices with confidence that their home networks won't be hacked. Businesses must be able to allow devices like postal meters and coffeemakers in their offices to connect to the internet without worrying about leakage of confidential information. And manufacturers must be able to build products without having to worry that their products will be used as spam bots.
A fundamental rethink of how we connect devices to the internet. An approach based on modern security and cloud access.
Cirrent changes the game, and will finally make the IoT much more secure.