Security has been the focus of the past few days as the RSA security conference has been underway. The keynote speech was delivered by Michael Chertoff, the Secretary of Homeland Security, and in his speech, he stressed the need to create a "Manhattan Project" for computer security. The Secretary brought up the recent attacks on Estonia, which led to a government shutdown for a short time, as an example of how much damage can be wrought by hacker attacks.Chertoff Describes 'Manhattan Project' for Cyber-defenses (eWeek) Any such effort will have to include a boatload of training, but not just for the security professionals who do the actual work involved in preventing and detecting attacks. Based on the statistics in Symantec's latest Internet security threat report, the average computer user is the biggest threat to network security. In years past, a user had to visit a malicious Web site to run the biggest risk of getting infected with malware, but hackers are getting more inventive and have started compromising legitimate Web sites in order to distribute their code. Who trumps bin Laden as a cyberthreat? Look in the mirror (News.com) Compromised legit sites power hack attacks (The Register) Symantec's report hits close to home, as I work in education, which was singled out by the report as the source for 24% of data breaches that could result in identity theft. I have long known the value of educating my users, as the statistics I read back in the '90s indicated that a well-trained user was six times less likely to accidentally damage their computer or compromise security. I rather suspect that training users would have a beneficial long-term effect as they would be another line of defense to add to the firewalls and IDS/IPS systems already on corporate networks. What do you think should be included in a "Manhattan Project" for network security?