The one thing worse than Obama's security plan would be no plan at all.

He's barely into his first term of office but President Obama's Cyberspace Policy Review marks a change of direction that is possibly years behind conventional wisdom. Large sums of money will be spent trying to fix the problem of cyber-insecurity that has grown almost as fast as the number of official and unofficial bodies with responsibility for looking after its myriad elements. And the daft thing is that what Obama said as he launched the review document - that the US is wide open to attacks on its electronic assets - has been known about for years.

Will it work? Wishing and doing are not the same thing, as his opponents will surely point out, and no well-meaning reviews protect vital electronic infrastructure just in their writing. But the fact that he said it at all is to be applauded. And nobody knows whether the new cyber-chief role with have enough power.

If anything Obama's first task is to change the mindset that has dominated US thought for the last half generation, namely that the US is too big to tangle with and governments should keep their noses out of affairs best left to the industry.

Interesting questions that this review does not answer is the extent to which the US government starts setting standards and have a say when they are set. That wouldn't go down well with Us business or its supports. Nor does it look at the responsibility of the US government to go beyond protecting vital assets and protect its people, who are probably both the biggest beneficiaries and victims of the whole electronic age.

Beyond core assets, what is the US government trying to protect?