Internet security experts believe the next terrorist attack on the United States, if and when it happens, may not involve airplanes or bombs but may be carried out in cyberspace. In fact, state and local governments already face cybersecurity breaches regularly -- they accounted for 26 percent of all data breaches in 2007, according to Symantec, a security software company. A new report, Defending Cyberspace: Protecting Individuals, Government Agencies and Private Companies Against Persistent and Evolving Threats, looks at the nature of these threats and recommends several actions organizations should consider in preventing them. Recommendations include the need for protection to come in layers that are constantly reviewed and upgraded as threats evolve; the need to share information and resources between public and private sectors to protect one another; and the need for funding to be "baked in" rather then "bolted on" to each relevant process or activity. The report concludes that while government can help, whether by creating positive incentives, by using its purchasing power or by imposing requirements, the primary responsibility for cyberdefense continues to rest with individuals and organizations. The report by Johns Hopkins University draws on insights gained at a 2008 conference in Washington, D.C. on defending cyberspace