Level 3 Communications' Chief Security Officer Dale Drew says service providers, manufacturers and even consumers must combine to halt massive DDoS attacks using IoT devices in botnets. The solution he has in mind includes reputation-based routing by the service provider but also more secure endpoint devices and greater consumer awareness.
Makes sense that there should be parallels -- spam is a kind of DOS attack.
As for securing the IoT: Industry pressure is necessary but not sufficient. Naming and shaming won't get vendors and operators to secure their products and networks. That requires laws and regulations.