They really do exist. Believe it or not, just last week I had an actual meeting with an actual paying client who took IoT security seriously because "we've got some hydraulics on this machine that can cause real damage if someone hacks into it."

Unfortunately, I think this is going to be the perspective for a long time: if the customer sees real liability (read: a lawsuit for physical damage) as a possibility, that's probably going to be the only motivating factor to take security seriously.

Whatever. One step at a time!

> Who is we who need solid security?

Anyone with a modern medical device is the 'we'.

My grandmother got a new pacemaker installed a while back. She now has a device sitting beside her bed with a 4G modem in it, that talks to her pacemaker at night and sends the data back to some service, which in turn her Doctors can access.

This is apparently the normal thing to do.

What level of security is there in either of those devices?

How do you ensure that there isn't open ports? Does it get security updates pushed to it? (I wouldn't be money on that)

How does one ensure that this can't send malicious commands to the pacemaker?

This isn't just an issue with pacemakers, either - plenty of other medical devices are coming with various wireless chips in them.

> Who is we who need solid security?

Ultimately, the we is society.