Well said - and here's a bit more too
Can't argue with much of what this article says especially:
"Operators who have known how to fix the DNS, and IoT vendors who don't care about security, are both inviting the heavy hand of regulation"
Few want regulation as it may stifle innovation yet blatant disregard for the most basic of security features is simply reckless. And we're seeing a great deal of reckless behaviour from manufacturers who will bolt connectivity in without a second thought for the consequences right now (beyond more profit that is)... others maybe just ignorant to the implications (i.e. not reckless just unaware).
The implications of a hyper-connected world are profound - international effort is needed (as said by other user comments). However, a large part of that effort needs to be behavioural on the supply side and awareness on the demand side. We cannot expect everybody to become security experts - it needs to be baked in (enforced in some domains) and awareness of security in the digital age needs to become mainstream education (without all the technical details).
As a classically trained electronics engineer, I see a world of impedance when it comes to making the necessary changes... we need to to lower that impedance if we want to make change more rapid than international legal and cultural systems work. This is part of the challenge and why it is hard to make rapid change (complexity and cost are two more). We can all share the authors frustration as to the speed at which change is happening but hey, this is the real world and, with respect, rather than naively lambasting effort to drive change it might be better to encourage effort to change it - don't throw the baby out with the bathwater.
The good news is that there is an increasing number of people and organisations who are motivated to make change happen and actually doing something. For disclosure purposes, I declare that I work with the IoT Security Foundation (thanks for the mention) and, as noted, we will be making announcements soon - we're just into 3rd party review stage of our framework and guidelines on consumer/home products which will be both free and consumable.
We also commend the efforts of our associates - those at the Online Trust Alliance, those at the Industrial Internet Consortium, those at the GSMA and the Cloud Security Alliance to name but a few. Making global change is not easy but we're working on it (as fast as we sensibly can and the world can absorb).
I will stop there but to conclude - there's a lot of bad actors out there - us good guys need to stick together, see the problems and fix them as they come along. And they'll keep coming as security is a moveable feast.