"If we were in a cyberwar today, the United States would lose," Michael McConnell testified Tuesday before a hearing of the Senate Commerce, Science and Transportation Committee.
"This is not because we do not have talented people or cutting edge technology; it is because we are simply the most dependent and the most vulnerable," said McConnell, a retired Navy admiral who heads the business consultancy Booz Allen Hamilton's national security business. "It is also because we have not made the national commitment to understanding and securing cyberspace."
McConnell's testimony wasn't the only disturbing words heard at the hearing.
Scott Borg, director and chief economist of the independent and not-for-profit research institute, U.S. Cyber Consequences Unit, testified that the theft of business information via the Internet represents a bigger potential loss than losses due to personal identity theft and associated credit card fraud. Corporations could lose profits as well as long-term viability if its business secrets were stolen by a foreign competitor, he said.
James Lewis, senior fellow at the non-partisan Center for Strategic and International Studies and project lead of the CSIS's Commission on Cybersecurity for the 44th Presidency, said Congress might need to impose some regulations on the private sector - which controls 85 percent of the nation's critical IT infrastructure - to assure its safety. Although Internet pioneers envisioned a largely self-governing environment, he said the Internet has turned into the "wild, wild west" and encouraged Congress to enact legislation to provide closer government scrutiny on key private-sector IT systems. "We do not expect airlines to defend our airspace against enemy fighter planes, and we should not expect private companies to defend cyberspace against foreign governments," he said.
Indeed, kicking off the hearing, panel chairman John Rockefeller, D.-W.Va., suggested the government must be involved in helping safeguard critical privately controlled IT systems and that businesses must cooperate with the government to help protect federal, state and local information assets. "Neither the government nor the private sector can keep cyberspace secure on their own," he said.
Rockefeller and the committee's ranking Republican member, Sen. Olympia Snowe of Maine, are sponsors of the Cybersecurity Act of 2009, which could serve as the instrument to be used to combine other IT security bills before Congress if their measure reaches the Senate floor.
Snowe, in her opening comments, called for the elevation of the White House cybersecurity coordinator - a post held by Howard Schmidt - to a higher-ranking, cabinet-level and Senate-confirmed position. She and Rockefeller have introduced another piece of legislation to do just that.