Working from the premise that intrusions, penetrations and data-thefts have been severely underestimated, the CSIS report calls for a consistent national cybsecurity policy aimed at both securing cyberspace and establishing that security as an ongoing national security priority.
All well and good (and long overdue: previous administrations haven't had such detailed advance consideration of cyber-issues.)
But as the report itself points out, cyberspace differs in the breadth of its constituency: "privacy, law enforcement, business, technology, and national security" are all cited as having a voice (and some vested interest) in how the national policy is designed, implemented and deployed.
Let's hope small and midsized businesses are represented in the discussions and developments ahead: we've seen too many "business initiatives" on various fronts that have turned out to be enterprise-only initiatives.
Cyber-security policy needs to be aggressive and thorough, but also sane and workable for all businesses and institutions, not just bigbiz and big-gov.