Recently, Ellen Messmer wrote a story on a Cyber Security early warning system in the state of Washington, USA. One of the most promising pieces of this system is the process and information sharing that\u2019s being folded into it. Washington University, Starbucks, City of Seattle, Amazon.com, Port of Tacoma, and other groups are setting up an information sharing system that will help one learn from the other. For example, if Amazon.com experiences a botnet attack, it will share that profile and info about that attack with the city of Seattle so it can learn, prepare, and hopefully defend itself against a similar (or the very same) attack. The system, called PRISEM (Public Regional Information Security Event Management) is designed to offer an online early warning to all it members. This system has several security analogies in place today: The tsunami early warning system put in place after the disastrous Indian Ocean tsunami in December 2004\u00a0 The Las Vegas cheater profiling system which shares behavior, personal, and photographic info of known scammers amongst numerous casinos The information sharing strategy of ODNI (Office of the Director of National Intelligence) in America, which began operations in April, 2005 after the need to share information between the intel communities became painfully clear in the aftermath of the 9\/11 attacks.So praises all around for PRISEM and the Washington organizations committed to sharing security information. Unfortunately, the system they\u2019re putting in place will not detect or prevent the most nasty and common attacks that occur \u2013 those at the software application layer. PRISEM talks about the importance of protecting SCADA system and other critical infrastructure; I couldn\u2019t agree more. However, standing up a Security Information Event Monitoring (SIEM) and information sharing system isn\u2019t enough.\u00a0 The majority of application layer attacks will still be successful \u2026 and this will be the case until those software systems are either updated to modern secure coding standards, or protected with application layer defenses (similar to web application firewalls for web apps.) As an industry, we\u2019ve still got some innovation to create in the form of self-defending application system. The concepts are in place and this approach would be a lot less expensive than re-architecting and re-coding the thousands of legacy applications that support our critical infrastructure.We\u2019ll get there\u2026 one step at a time.