Generally, I’m a fan of letting market forces figure out best solutions to whatever evolving needs we may have, but I’m enough of a realist to accept that’s not a workable answer to every need. Some problems need a top-down fix. However, we can’t expect policymakers or industry consortia to create compliance demands in a vacuum. Useful regulations can require that we follow a standard only if such a standard has been defined already, ideally by widely respected authorities. This is very much the case for security in modern electronic systems.