Recent high-profile attacks on Internet infrastructure have highlighted how easy it is for vulnerable parts of the Internet to cause damage elsewhere in the Internet. As a result, we cannot think of security merely in terms of individual systems. We also need to look at the impacts on the commons, i.e., the Internet as a whole. This talk discusses this situation from the point of view of the Internet architecture, and the economics that apply to both Internet of Things ecosystems and attackers attempting to misuse them. The talk concludes with an analysis of potential minimum requirements that are necessary to prevent excessive attacks, and possible ways of establishing such requirements.