As cyber threats become increasingly sophisticated and persistent, agencies must look at security at every level of the IT stack. While there is no such thing as an impenetrable defense, the private sector has displayed some impressive capabilities to better protect, deter, and prevent cyber attacks. What critical infrastructure services are needed to ensure successful “defense-in-depth” cyber security operations? What next gen tools are being deployed on the front lines of the cyber war, and where do they fit in government? What policies allow agencies better access to these tools, and what policies need to change?