The risk is that embedded systems are also part of technological monoculture. At one point that was Windows, but now the risk is in the smaller devices, argues Geer.
"That combination, long-lived and not reachable, is the trend that must be dealt with and possibly even reversed," said Geer.
"Whether to insist that embedded devices self-destruct by some predicable age or that remote management of them be a condition of deployment, is the question," said Geer.
He called it a national policy issue.
"In either case, the Internet of things, which is to say the appearance of network connected micro-controllers in seemingly any device that has a power cord or a fuel tank, should raise hackles on every neck give our current posture," said Geer.
At a separate panel that preceded Geer's talk, Stacy Cannady, who specializes in hardware security at Cisco, talked about IoT devices and listed some of the problems that need to be addressed, including what is the unique identity of devices, is there a way to establish some knowledge of the software and its configuration, and whether it can be trusted?
"We have a very basic set of problems to solve on a very large scale," said Cannady.
Sign up for CIO Asia eNewsletters.