Where these devices are being attacked inside, ostensibly, professional organizations (companies, schools, government buildings), I agree. But there you have, again ostensibly, an actual network administrator capable of dealing with the issue (and paid to do so).
We don't expect all homeowners to be, say, experts in electrical wiring, or gas supply, plumbing, drainage, or waste management. But all of these things—if they are poorly modified, managed, or maintained—can cause impacts on third parties. In the case of networked devices, the possible impact on third parties is even greater. We also enforce strong regulation on these systems – defining what may and may not be legally connected to public utility networks, for example.
We would probably expect a homeowner to hire a tradesperson to maintain these services, and in some cases it's legally mandated that only a qualified person may install or modify these systems. Is it then unreasonable to kick consumers off of the Internet when they install poorly-maintained devices, and require them to resolve the problem – perhaps by hiring the networking equivalent of a qualified plumber?
Probably a startup idea or two would come out of that sort of regulation. Now that, to install that Nanny Cam, I have to hire a certified network administrator.
The solutions available (and there are more, just enumerating some):
IPv6 so everything is directly on the internet or not hidden behind a common router like they are now. This allows direct blocking of bad actors.
Security certifications for all software and hardware that ever connects to the internet. Well, guess I won't be doing as much programming at home anymore. And good luck getting that open source project of yours certified without getting some Patreon supporters with deep pockets.
Arbitrarily, from the consumers perspective, block their access to the internet when they "did nothing wrong".
Hold the creators of the devices accountable for making shitty, exploitable systems. Sue them directly for the financial harm they've permitted (millions of dollars today alone). But good luck suing them, they're in a foreign and will cease to exist tomorrow (under that corporate entity).
In theory the user could be presented with a "here is why you've been blocked" explanation when they try to browse any site. They could then (probably) figure out what is the offending device, take it off the network, then click "please let me back on the internet, the bad device has been removed". (Somewhat similar to how the MX blacklists work at present).
that's true, but the vast majority of internet service subscribers aren't their own network administrators. If you're using an ISP-supplied modem/router combo, i'd say that your ISP is your network administrator. If my ISP wants that kind of access into my local network (and they don't give me any other option) then they should be doing some actual administration.
