"Like anything else in America, there's a large, noisy debate driven by business interests and hucksterism – people shouting about cyberattacks," Lewis says. "But the situation is clearly serious. Our vulnerabilities are great. I recall our first CSIS meeting on cybersecurity in 2001. At that time, we agreed that if nothing significant was done to change things in a decade, we'd be in real trouble. Well, here we are."
Warnings such as the "Pearl Harbor" one from Mr. Panetta in October have stirred debate over further measures the United States should take to protect itself.
Congress recently grappled with legislation that would have allowed the Department of Homeland Security (DHS) to do cybersecurity testing on computer networks of companies that operate natural gas pipelines and other vital assets – and would have granted those companies protection from financial liability in the event of a cyberattack on their facilities. But lawmakers did not approve it, mainly on grounds that the business community objected to the expected high cost of the new mandates and regulations, as well as the exposure of proprietary information to government. In response, President Obama is expected to issue an executive order soon, though it won't give the federal government as much authority to conduct cyberdefense testing as the legislation would have.
Not everyone agrees on what defensive actions to take. Some see Panetta's words as hyperbole aimed mostly at preserving the defense budget. Others warn of a US policy "overreaction" in which Internet freedoms are stifled by Big Brother-style digital filters.