How real is the risk of a cyber attack on the U.S.? Could one cripple the government and the economy?
Absolutely. I put cyber attacks in the category of catastrophic risk, both to government and companies. It could cause a shutdown of the Internet. We are dealing with threats ranging from nation-states to terrorist groups and rogue individuals.
Which Internet domains are most vulnerable?
We do a good job of protecting the dot-mil [military]. In dot-com, dot-org, and dot-edu, we haven't had as much success, particularly the critical infrastructure. That's where the most damage could be done. If the power grid were taken down in the middle of winter, it could cause economic damage and lead to potential loss of life.
Just how vulnerable is the private sector at this point?
The financial sector has incentives to secure our banking system, but our utilities don't have those incentives. The owners and operators of electrical grids don't get it. Their risk calculation is not the same as what the government has in protecting the public. The regulatory agencies don't have the authority to require standards or guarantee safety.
How should all this be addressed?
The legislation I've introduced will help ensure that dot-gov is better protected and give the Homeland Security Dept. the authority to work closely with or regulate the private sector to close these vulnerabilities before time runs out.