Bruce Schneier, a "long-time computer-security researcher," wrote about last week's big DDoS attack on the Net as follows:
What this all means is that the [internet of things] will remain insecure unless government steps in and fixes the problem. When we have market failures, government is the only solution. The government could impose security regulations on [internet of things] manufacturers, forcing them to make their devices secure even though their customers don't care. They could impose liabilities on manufacturers, allowing people like Brian Krebs to sue them. Any of these would raise the cost of insecurity and give companies incentives to spend money making their devices secure.
I'm sorry, but I don't see it as a "market failure" requiring government as "the only solution". The company that was attacked, Dyn, seems to be a private, for-profit company. If so, it would seem to have plenty of incentive to address the problem, as would other companies providing similar services. It's true that the problem may well be big enough and difficult enough that cooperation among these firms is necessary. But much as it would surprise some Liberals, private firms are quite capable of doing exactly that.
Note that another computer security guy, Brian Krebs, has a much more reasonable proposal, a proposal likely, after some time, to work:
. . . to address the threat from the mass-proliferation of hardware devices such as Internet routers, DVRs and IP cameras that ship with default-insecure settings, we probably need an industry security association, with published standards that all members adhere to and are audited against periodically.
The wholesalers and retailers of these devices might then be encouraged to shift their focus toward buying and promoting connected devices which have this industry security association seal of approval. Consumers also would need to be educated to look for that seal of approval. Something like Underwriters Laboratories (UL), but for the Internet, perhaps.