All the multiple attackers with various motives – and multiple targets – make defending against cyberattacks a challenge. Government agencies, the Pentagon, and defense contractors seem to have gotten serious and have greatly beefed up security. Companies' spending data also indicate an apparently growing awareness of the threat, with cybersecurity expenditures increasing.
But that's hardly enough, cyber experts such as Lewis say. Critical infrastructure needs to have its cybersecurity tested to ensure it's adequate, he and others say.
"Like anything else in America, there's a large, noisy debate driven by business interests and hucksterism – people shouting about cyberattacks," Lewis says. "But the situation is clearly serious. Our vulnerabilities are great. I recall our first CSIS meeting on cybersecurity in 2001. At that time, we agreed that if nothing significant was done to change things in a decade, we'd be in real trouble. Well, here we are."
Warnings such as the "Pearl Harbor" one from Mr. Panetta in October have stirred debate over further measures the United States should take to protect itself.