Re: Smart streetlight? FFS, why?
"Ok, perhaps it would be useful for the streetlight to report its ON/OFF/dimmed state to a central system"
Bang. Now you need an Ethernet, 4G or even one-wire protocol connections back to a central point, which requires more than a dumb processor.
It's not about what you want to do but how you do it.
Do you want a custom protocol over a custom wire reporting back to custom software on the status of a bulb that you can switch on and off? Or do you just want to IP everything from the traffic lights to the streetlights to the road sensors and send all the info over the same wires from 10 different systems to one location where some larger computers can actually process it?
There is some sense to IoT. It's how you deploy it that matters (i.e. Ethernet chips are 10-a-penny nowadays, and you're already cabling to the thing and powering the electronic circuits - so PoE might well be cheaper than two separate cables - but if you just plug it into the city, you're an idiot. VLANs, RADIUS, port-isolation etc. are MINIMUM REQUIREMENTS).
But when a Raspberry Pi can be had, one-off, for £20 and is a 1GHz machine with gigabytes of RAM, Ethernet, Bluetooth, USB, Wifi, GPIO, etc. then I can't imagine that the IoT device side of things even figures in the expense of a town-level network. For a start, I bet it's MORE EXPENSIVE to buy a simple remote-controlled, timed, on/off switch that works on a streetlight than it is to buy some mass-produced, centrally-controlled, standardised thing.
The enemy of security is commodity and laziness. These kinds of devices are commodity, proven by the fact that you could knock one up, connected and with a SIM card (or eSIMs nowadays) and relay electronics, for less than the price of a little plastic cover in a certain shape.
The problem left is laziness. Don't just Ethernet your streetlamp and not even bother to secure it from attackers.