In fact, that portion of defense spending is increasing. It would increase still more “if we could find more worthy investments to make,” Carter added.
Even so, companies don’t necessarily understand the threat of cyberattack, Pentagon officials say. Though the “long march” toward cybersecurity is just beginning, Carter says, “It’s difficult to embark on this march, because the market, both economic and political, undervalues security at the moment – doesn’t see it, doesn’t fully get it,” he added. “And I’m afraid events will soon prove it wrong.”
Legislation on Capitol Hill would require a certain degree of federal oversight of cyberprotection for “critical infrastructure” such as power stations and water plants. Disabling such facilities by attacking their computer systems, say defense officials, would be a “cyber Pearl Harbor.” The bill also would require private firms to let the government know when their systems are hacked.
This seems reasonable, say US officials. “There are only two types of companies: those that have been hacked, and those that will be. Even that is merging into one category: those that have been hacked and will be again,” the FBI"s Mr. Mueller said last month. “Maintaining a code of silence will not serve us in the long run.”
Yet it remains unclear how information that private companies share with the US government might be used, says says Jerry Brito, a senior research fellow at the Mercatus Center at George Mason University. “Are we going to start profiling terrorist suspects based on their Internet habits?" he asks. "There are all sorts of things you can do with this information.”
Some say the threat of attacks on these plants may not be as great as some Pentagon officials seem to think.