With no plan to respond to cyberattacks, U.S. risks reliving 9/11

In the wake of a widespread cyberattack, the United States could face the same lack of coordination and preparedness the nation experienced after the Sept. 11 terrorist attacks because the government has not developed clear policies for how to respond, a panel of current and former federal security officials said on Monday.

"In terms of terrorism response, I think we're getting well-practiced and well-organized. We are an efficient nation," said Gen. Michael Hayden, principal at consulting firm Chertoff Group and former director of the CIA. "Not so with the new age threat of cyberattacks, [where] we are not well-organized. It's very unclear who would be in charge of response."

As a result, the federal response to a cyberattack could resemble what happened on Sept. 12, 2001, the day after the World Trade Center and Pentagon were attacked, said Hayden. The government would pull together people to "frankly act like a committee, because we don't have any other alternative" strategy in place to define how federal, state and local government and the private sector will respond, he added.

Hayden sat on a panel at the Excellence in Government conference in Washington, which was produced by Government Executive Media Group, the parent company of Nextgov.

The Obama administration is developing a National Cyber Response Plan, but details have not been finalized yet.

"It has been hard enough for us to create a legal regime to respond to the global threat of terrorism," Hayden said. "There is no regime for us to work within to respond to cyberattack. We are in a place where technology has long outstripped policy -- let alone law -- in terms of what's available. We're going to have to rely on heroism instead of a plan. That's always challenging."

Adm. Thad Allen, commandant of the U.S. Coast Guard, who also was part of the panel, described cyberspace as an artificial reality that introduces major problems for command and control. "You don't have a physical threat you can see move across the time-space continuum into [an] area of responsibility," he said.

President Obama announced plans to appoint a cyber coordinator in the White House early in his election campaign, reaffirming the pledge during a speech on cybersecurity in May. The position remains vacant, which some argue has contributed to the lack of a coordinated plan.

"You don't need unity of command but unity of effort," said Michael Chertoff, chairman and managing principle of the Chertoff Group and secretary of the Homeland Security Department during the Bush administration. A coordinated response allows the federal government to "swiftly stop the bleeding," he said. But the Obama administration has yet to establish that kind of cyber preparedness.

"Are we prepared to defend ourselves? Does deterrence work? These are concepts that have not been thought out," Chertoff said, comparing the need to develop a cybersecurity strategy to the formulation of Cold War policy after World War II.

"It's going to be a challenge," he added. "9/11 revealed war could be an internal offensive, and cyber makes it offensive in which everything is a potential attack point."