The US government's "cybersecurity policy" is completely and utterly inadequate. Their thinking so far has been "well, let's leave aside the <i>actual security</i> stuff, and focus on getting <i>cyber-weapons</i> - the more cyber-weapons we have, the scarier we'll be and nobody will touch us!"<p>Yeah, <i>maybe</i> that can work against a mid-level country like Iran. But what about China or Russia? Are they really going to be dissuaded from hacking US agencies and private companies because the US will hack them back? Are they going to be afraid that US threatens them with actual war? Nope.<p>Then there are also the "guerrilla hackers", which could be anyone from random hacker groups, to cartels in Mexico to North Korea who doesn't care if you hack back its hundreds of PCs. Your scary cyberweapons aren't going to dissuade them either.<p>The US government needs to stop making encryption and strong security (that itself can't hack) public enemy #1, and instead actually promote them in every single agency and raise security standards that private companies have to meet as well, <i>especially</i> if they are storing sensitive customer data.<p>As Schneier said earlier, the US has the most to lose out of all the countries by <i>actively trying to keep</i> the web vulnerable.