consultation on a secure internet of things (IoT)

I was just asked for policy commentary on a secure internet of things (IoT).  It's basically identical to considerations about secure AI.  I'm not really a security expert, so I'm happy to take comments and feedback on the below:
  1. I don't believe we can have a completely secure IoT or anything else.  Security is always an arms race, and people need to know we cannot guarantee it.
  2. It is therefore essential that we include public education in any such campaign; public behaviour will in part determine how vulnerable the IoT is.
  3. It is also essential that we have strong regulation against cheap IoT devices.  No one is going to provide security patches for a £3 light bulb.
  4. It would be dishonest to be involved in any such claim as "secure IoT" at all while the government is mandating that cybersecurity is compromised by backdoors.
Is anything ever secure?