beauwoods

A couple of great questions here.

Depending on how you define IoT, you can include cyber physical devices like vehicles. CAN bus, a 30-year old (give or take) technology is deployed across cars, trains, and planes. Check out the Car Hacking Village and download Craig Smith's excellent Car Hacker's Handbook (or buy the physical copy) for more on CAN bus.

Because CAN bus is pretty insecure I'd love to see the transport industry move to something more modern. Several alternatives are being developed but they aren't widely in place as full replacements. Tesla has done a good job getting rid of the CAN bus and uses an emulator to give access for things like diagnostics where necessary (for example, emissions checks).

This is a great question to ask and a hard one to answer. It will depend on your threat model (for more, check out Adam Shostack's books and courses) and your capabilities. Most people share common threats - unsophisticated, untargeted adversaries like criminals or what we call 'skript kiddies'. For that, most of the higher end commercial routers will do what you need. In fact, enterprise-grade technology is tuned for enterprise-grade needs which may not be well suited for the types of adversaries you face.

If you have a different threat model, like high profile individuals or security researchers who often provoke adversaries, your needs will differ.

Kim Zetter's book, Countdown to Zero Day, is an excellent read on Stuxnet. It didn't blow anything up, just degraded their ability to enrich nuclear material.

The WannaCry ransomware in 2017 took out something like 40% of the UK's ability to deliver healthcare for a day to a week and yes, people likely succumbed to preventable/treatable conditions as a result of this outage.

This is a great question! When the initiative [I Am The Cavalry](https://iamthecavalry.org) started our problem statement was (and remains) that dependence on connected technology is growing faster than our ability to defend it, in areas impacting human life, public safety, and national security. We also hope we aren't Cyber Cassandras and can raise the alarm without being alarmist to catalyze action that prevents the kind of disasters you're thinking of.

Josh Corman's TEDx talk, Swimming with Sharks might be of interest.

Bruce Schneier distilled and expanded on this work in his book, Click Here to Kill Everybody.

Yes that's exactly what it looks like! :D /s

If you want to see how hackers view these kinds of clips, check out Samy Kamkar and Keren Elazari breaking down famous scenes.