So, the Obama administration has declassified part of the "cybersecurity" planning of the Bush administration.... the story hit slashdot, and here's my response.
I propose instead that we consult the results of the previous R&D work that has been active in this area since the 1960s, and learn the lessons of problems already solved. This is low risk (as we've already paid for it), high payoff.
Let's get capability based security into the hands of the masses. This will remove their machines from the threat pool. It would also allow those inside the government to manage security in a much more granular (and thus more effective) manner.
This can be fixed, and it doesn't require a high risk, just due diligence, and hard work.