The bigger problem for a Debian LTS is this: 1. who is going to do
security support for it ?
The same people that maintain the packages in sid and stable: the maintainer(s) for each package. For orphaned packages, NMUs by other developers or even a new maintainer team ("firstname.lastname@example.org"). Providing fixes, security or not, is our part of our duty as Debian developers. Sure, packaging new upstream versions is always more exciting than fixing a broken version/package but it needs to be done.
2. How are we going to deal with
drivers for new hardware - upgrade the kernel to LTS+1's ?
AFAIK Ubuntu does not add drivers for new hardware to any version save for, maybe, some exceptional cases (that I cannot remember, frankly).
Quite the opposite: it's the hardware manufacturers themselves who are compelled to provide drivers for RHEL, SLES and Ubuntu LTS due to customers asking. That's why there is an option to "load drivers from disk" at the very beginning of installation (isolinux prompt) on RHEL, SLES and Ubuntu.