Speaking to a group of U.S. business leaders last week, Defense Secretary Leon E. Panetta issued a dire warning that foreign hackers are becoming increasingly sophisticated and that their online attacks on transportation systems, banks and other vital facilities are escalating. The worst-case scenario, he said, is a "cyber Pearl Harbor" perpetrated by state-sponsored hackers or terrorists that "would cause physical destruction and loss of life, paralyze and shock the nation and create a profound new sense of vulnerability."
Panetta wasn't lobbying for more defense spending or expanded powers to respond to threats. Instead, he was trying to break a vexing logjam in Congress over legislation to beef up cyber security in the private sector. In particular, business groups have resisted a Senate proposal that would give the private operators of critical infrastructure — water plants, electrical grids and the like — an incentive to meet new cyber-security goals.
That measure, S 3414, was blocked in August by a Republican filibuster after the U.S. Chamber of Commerce declared its unstinting opposition. The measure would allow the government and businesses to share more information about cyber attacks and potential defenses, which the chamber supports. But it would also call for the private sector to develop voluntary "best practices" for protecting critical infrastructure, which the chamber argues would become mandatory, burdensome and insufficiently responsive to the dynamic nature of the threat.