Interesting - right now I'm reading "Cyber War" by Richard A. Clarke - he talks about our offensive cyber war capacity - which is informally ranked as No. 1 in the world - vs. our dependence on the Internet and our defensive capability - which in his estimation combine to make us the most vulnerable to being attacked of almost any country that is "in the rankings" as a cyber world power.

He makes some interesting parallels to how we don't have an established strategy for cyber war, and how this is similar to the first decade or two after the advent of nuclear warfare capability - a capability without a defined role, without guidance for when it would be used and, more importantly, limits on when it would NOT be used. And that's where we are with cyber war - no overarching strategy for the people who are wielding this to know when we would or would not use cyber warfare.

And he says that while we've developed intelligence-based and military-based cyber groups in each of the armed services that will defend the DOD-related sites, and Homeland Security has cyber capabilities to protect other government sites, NO one is tasked to protect the privately owned, critical infrastructure. Each private sector and company is on its own.