Let's start here with the digital millennium act, designed to stop you copying video cassettes and computer games.
The issue with IOT (regardless of scale) is the act allows security by obscurity. It has bugger all effect on the bad guys that WANT to exploit and hurts those that are just curios.
Forget tractors for a minute and look at DD-WRT. It has been permitted by the hardware manufacturer to hack a routers firmware and produce something that may be better than their home made software. Good stuff?, bad stuff?.. It depends, the bad guys could equally produce something nasty, which without some kind of certification might break your home network.. Hey ho..
Now look at Tractors;
“Vehicle software will be subject to contamination from the repair or modification efforts of individual vehicle owners, the vast majority of whom do not have the programming or technical competence in the full range of applicable federal regulations and industry standards,”
Vast majority - agreed..
But by refusing to accept people looking at your software all you are doing is trying to achieve security by obscurity. It's exactly the same as the home routers. Your software may be (pick your expletive), but there's a chance that somebody else's could be worse.
The issue here is that if you do have the skills and the time and he energy to try and make things work you'll get your ass sued off by somebody using legislation designed to protect video games and VCR tapes.
There is no easy answer to this, but discussion on how we secure the IOT is important. Research to show that there is a problem is desperately needed. A piece of legislation that allows ANY manufacturer to refuse you permission to look under the bonnet is dangerous.