Senator Robert Bennett, a leading congressional evangelist on critical infrastructure protection issues, also called on US civilian agencies to adopt the "red team/blue team" models used by defence agencies to test their information security. In this model, red teams are the attacking force, while blue teams defend.
"The big threat to our security comes from hostile nation states that can muster sufficient resources to make a concerted assault on America," Bennett said at an Armed Forces Communications and Electronics Association conference today.
Bennett said foreign cyberattackers were unlikely to attack the US military or its intelligence agencies, where defences are strong, but would instead aim for the banking system and other significant targets. If, for example, they managed to shut down Fedwire, the Federal Reserve's fund transfer system, it could mean that "no checks will clear, no money can be transferred, no financial transactions can take place in the United States. That will devastate the United States more than a nuclear device set off over a large city," said Bennett. "It will cause more long-term havoc."
Bennett reiterated his point in response to a question following his talk, saying that a successful attack that shuts down Fedwire "could bring the nation to its knees".
A Bush administration official, John Sopko, a deputy assistant secretary for administration at the US Department of Commerce, said the administration "has been taking definite steps" to elevate the importance of critical infrastructure protection.
The Bush administration announced last week that it was working with federal agencies to prepare an updated national plan to protect US government agencies and private-sector businesses from attack. The administration said the plan will involve the private sector and said meetings have already been held with officials involved in banking and finance, electric power, rail transportation, oil and gas, state and local law enforcement, and the IT sectors.
On 24 April, the Bush administration said it would review how the government was organised to deal with security issues and would seek an "integrated approach".
Although he praised the Bush administration's recent efforts on this issue, Donald Upson, Virginia's secretary of technology, was also critical of the government's approach to critical infrastructure protection so far. "We don't know today exactly what the role of the federal government is in protecting that infrastructure.
"There has to be a management focus, and that management focus has to go at the highest level of government," said Upson.