Several security experts warned a U.S. congressional panel on Tuesday that urgent action is needed to counter the increasing threat of major cyber attacks on critical American systems and federal agencies. A House of Representatives Homeland Security subcommittee held the hearing during a week when four cyber security bills are expected to come up for a vote in the House.
Michael McCaul, chairman of the House Oversight, Investigations, and Management Subcommittee, said China is the most aggressive collector of U.S. economic information and technology.
"China's cyber warfare capabilities and the espionage campaigns they have undertaken are the most prevalent of any nation state actor. China has created citizen hacker groups, engaged in cyber espionage, established cyber war military units," McCaul said.
Cyber security experts told the panel that Russia, Iran and North Korea are also experimenting with cyber attacks, and that threats to U.S. electric power grid and mass transportation systems could also come from other foreign intelligence services, anti-American computer hackers and terrorists.
Former FBI cyber security specialist Shawn Henry painted a bleak picture.
"I believe most major companies have already been breached or will be breached, resulting in substantial losses in information, economic competitiveness and national security. Many are breached and have absolutely no knowledge that an adversary was or remains resident on their network, often times for weeks, months or even years," Henry said.
Experts told the panel that at some time all U.S. federal agencies have been hacked. The experts called for Congress, the government and the business community to recognize the seriousness of the threat and to be proactive in developing with strategies to protect against cyber attacks.
The hearing came during what has been called "Cyber Week," when the House of Representatives is expected to vote on four cyber security bills. One of them, a bipartisan measure, would allow companies and the government to share more cyber security information and techniques as well as expand the government's role in protecting Internet services and corporate computer networks against cyber attacks.
Some Democrats on Tuesday's panel said the four bills coming up for a vote do not go far enough in giving the government authority to provide oversight, instead calling for companies to voluntarily share information.
"At the end of cyber security week, America will remain without a comprehensive national strategy that bears cyber security efforts in one domestic agency and protects the privacy rights of American citizens," said Democratic Representative Bennie Thompson of Mississippi.
The other bills expected to be voted on this week would increase cyber research, development and education, and update federal computer network security practices.