Major issues for the security of electronic commerce include authentication, reliability, avoidance of fraud, availability, non-repudiation, and privacy. From a technical perspective, new approaches are required. The most promising solutions appear to be in the area of model-based processing, automatic detection and repair, and automatic re-configuration as appropriate. These solutions in turn will lead to resilient information systems that perform as desired when attacked. There are no generally accepted criteria for how much security is enough. Metrics are needed to help quantify the new security and reliability issues arising as telecommunication and computer networks are converging and systems become more interdependent. Metrics and standards will play a long-term role in measuring performance and establishing benefits of possible enhancements. Speakers discussed the need to conduct rigorous risk-based analyses, and to identify the high priority problems before undertaking any remediation efforts. Establishing metrics will be an ongoing challenge for both industry and government, requiring the two communities to work together on the development.