Dr. Richard Browne:

Precisely, or even attacks on group water schemes, in one specific case. A group water scheme had its supply stopped because somebody managed to access a device remotely and, in essence, disable it. That is one thing.

There are a couple of other basic things. First, people should ensure devices are continually updated and they have the latest version of the working software. Multi-factor authentication, MFA, should be used at all times. Every single service or device should have MFA and people should use it. If MFA was properly applied and people had devices patched to the latest standard, from the assessments I have seen - I have heard from CEOs of some of the leading IT companies in the world who will tell you the same thing - that would stop 90% of attacks. It is as simple as that. The basic things still work and those two basic things really matter.

Complex passwords is another thing. These are long, complex passwords. I know it is difficult. People should use a password manager. Using difficult passwords that are difficult to guess will save a lot of trouble.

While that remains the case, no matter how many people we can persuade to do the right thing, there will always be some people who will not be able to, will forget or will not be sufficiently interested to do it. Collectively, we all bear the risk of that issue. There is a piece of EU legislation called the cyber resilience Act, CRA, which has been agreed and will be published formally later this year.

That in turn will put binding obligations on manufacturers of all these kinds of devices to ensure that this is done by default and to support these devices for a fixed period of time. This will again take this vast constellation of often very cheap connected devices and make them much more secure.