Dr Ian Brown discusses the need to protect critical national infrastructure from cyber threats like phishing and botnets. He notes the rise of a criminal economy online and increasing targeting of phishing. Brown recommends appropriately resourcing law enforcement, funding security research, using procurement power to require higher security standards, and diplomacy to address state-sponsored attacks. The House of Lords concluded some liability should shift to software vendors, ISPs, and financial institutions to incentivize innovations in security.