What do you think about passports with RFID implants?

We've seen recent cases where that's been a big question. I don't think it's a bad idea, but I don't think security was as high a consideration as it should have been, I have one. And knowing the security implications of it, I'm very cognizant of where I put it and where I store it to make sure no one can use a mechanism to read something from it. You've seen these card readers where you go up to a gas pump and it has a little RFID wand or you're at your company and you have an RFID reader to open the door. You walk up to it and flash the card in front of this reader. The government and customs are not the only ones who have access to these readers. Someone just has to get close enough to you and they can read the data off your passport. Once they have that data, they can use it to create a fake passport.

What do you think about companies doing background checks on IT workers - both during hiring and periodically throughout their tenure?

I think it's not a bad idea, realizing that every company has a different culture. IT is just no longer a function that helps you share Powerpoints and do word processing. IT has become a part of our day-to-day critical infrastructure. It's how we make our financial services run and transportation systems work. If people are involved in IT, they need some scrutiny to make sure they're not at potential for doing bad things to the company or even to national security. [Companies should] check for criminal history. If someone has a history of financial problems for non-explainable circumstances, are they more prone to commit some financial crime against you? If they have a gambling problem or a drug problem, would they be more inclined to sell your data to a competitor?

Bear in mind that background checks ... are not a way to guarantee that people will do what they should do but it gives you an indication if they have it in them to commit fraud or if they can be trusted around your systems.

How likely is it that terrorists would attack computer networks in the US?

They don't want to wind up attacking a system they depend on. Terrorists now can push Bin Laden videos to mobile phones. They're doing pod casts and web casts. To attack the Internet is not in their best interests because they'd suffer like everyone else. Attacking a financial system to cause economic harm, is that a possibility? Absolutely. But the protections you put in place to protect against a regular hacker would be the same best practices you'd use against anyone, including a terrorist.

If terrorists did want to launch a cyber attack, what do you think they would target? There's been indications for years that one of the things they want to go after is our financial services systems. It would affect not only us but everyone globally. I think it would be the most likely target, but also the most difficult to penetrate because of all the work financial services has done.

What can the US government do to increase cyber security?

There's education and research that the government could help more on. And using the power of procurement, they could push vendors to develop more secure systems. If the government says, 'Design me a more secure system and here's the money to go do it,' the vendor [would do it and] then sell it to the private sector. The other piece is that there's not a whole lot of emphasis from the government on research. What is the government doing to make sure universities and companies have dollars to do research that will enhance security? There is R&D that needs to be done that may not benefit homeland security but it might create the next generation of the Internet that is more secure. The government could seed the next generation of tech savvy researchers to look at our problems and figure out how we can solve them.