problem of the Internet security also known as authentication, availability, containment, DOS tracking, identification, privacy, robustness, resliency, recovery, & threat analysis could include spam depending on party (we'll award spam separately) solutions to vastly [un]defined problems are inherently elusive something we have learned for certain: cryptographic algorithms and standards for authentication, security, and privacy are far ahead of our ability to deploy, administer, and use security systems need new specification techniques for security policies meaningful to system administrators and end-users so security is deployed in a way that meets user expectations increased automation, rigorous analysis, baseline profiling data self-configurable and self-healing systems ISP cooperation (DOS traceback) sysadmins: if you think these problems will be solved by another community i encourage you to investigate further because whoever is solving them needs your help anyway