Attacks in cyberspace are increasingly getting "democratized," Schneier said. The key is knowing how to respond.
Expecting market forces to somehow recognize the threat and respond to it in a strategic manner is unrealistic, the panelists said. While private companies are responsible for a large portion of the Internet infrastructure, they need an incentive to be more proactively involved in defending it.
What needs to be decided is how much of role the federal government should take in enforcing better security and how much the private sector can be motivated to take the right measures, Chertoff said. The crucial issue is to figure out "how to handle the need to defend against high-end attacks. We need to understand who has the responsibility to do what, and when," he said. "We need to have some sort of declared policies" about response at a strategic, national level.
Discussions about a national strategy for cyberwar have assumed greater importance recently. Google's admission last year that its servers were compromised by attackers based out of China, and the attacks against critical targets in Estonia a few years ago, have brought into sharp focus how devastating organized attacks can be.
"We are at the brink of a cyberwar arms race. There's too much of a chance of this going off accidentally," Schneier said, while stressing the need for international agreements to determine rules of engagement.
What's vital is that the government doesn't wait for a catastrophic event to happen before taking action, McConnell said.
"The odds are we, will wait," he added.
Sign up for Computerworld eNewsletters.