We've Never Been Ready
It is not clear to me what I should be most concerned about; the fact that this sort of boilerplate still passes for news, or that despite the billions spent, the hours worked, and the rash of appointments of "czars" and other high-speed belly buttons we're still in the pickle we are in.
Not that people's hearts are not in the right place, but either we're serious about this or we are not. If we are not, stop talking and spending and start spending and acting. CNCI? I love it, if it means a dramatic boost in actual security and utility. As guys more observant than me have pointed out, we're not exactly building better mousetraps here.
My (functional) holiday wishes? That we only see new, meaningful stories on this issue in '09 and beyond, and that whomever we get to herd the INFOSEC cats is focused on serious solutions and not more gadgets.