By SIOBHAN GORMAN in Washington and STEPHEN FIDLER in LondonU.S. military and civilian networks are probed thousands of times a day, and the systems of the North Atlantic Treaty Organization headquarters are attacked at least 100 times a day, according to Anders Fogh Rasmussen, NATO's secretary-general. "It's no exaggeration to say that cyber attacks have become a new form of permanent, low-level warfare," he said.
More than 100 countries are currently trying to break into U.S. networks, defense officials say. China and Russia are home to the greatest concentration of attacks.
The Pentagon's Cyber Command is scheduled to be up and running next month, but much of the rest of the U.S. government is lagging behind, debating the responsibilities of different agencies, cyber-security experts say. The White House is considering whether the Pentagon needs more authority to help fend off cyber attacks within the U.S.
"The Obama administration is very focused on this. The president has designated [cyber security] as a critical national asset," said an Obama administration official, adding that agencies responsible for cyber security have been staffing up, including Homeland Security's development of SWAT teams to respond to cyber attacks on critical infrastructure. "Not only do we have a strategy, but we have moved beyond that to implementation."
NATO's systems are behind the U.S.'s, said one person familiar with U.S. assessments of NATO's systems after a recent trip the deputy defense secretary made there. "The Chinese totally owned them," this person said, adding that NATO hadn't installed many of the basic network security patches, because it had decided some of its computers were too important to ever turn off.
NATO spokesman James Appathurai denied Friday that the alliance's computers were regularly compromised. Apart from a couple of disruptions to its public website, there have been no successful infiltrations of NATO's classified systems, he said.
In the U.K., "we expect to see increased resources for cyber-security operations as part of the upcoming security and defense spending review, and hope to work even more closely with the U.S. on such operations," said Sir Nigel Sheinwald, British ambassador to the U.S., on Friday.
Meanwhile, cyber weapons are being developed at a rapid pace. Many countries—including the U.S., Russia, China, Israel, the U.K., Pakistan, India and North and South Korea—have developed sophisticated cyber weapons that can repeatedly penetrate and have the ability to destroy computer networks, cyber-security specialists say.
Some U.S. intelligence officials and analysts worry that cyber weapons may become the next "loose nukes" problem. "The question is: When will these leak to al Qaeda?" said James Lewis, a cyber-security specialist at the Center for Strategic and International studies who regularly advises the Obama administration. "These are very tightly controlled, but some number of years from now, nonstate actors will have really good stuff."
Stuxnet alarmed officials both in the Pentagon and U.S. industry, because it targeted the core of industrial computer-control systems. "Instead of messing with the nervous system, you're going right to the brain now," one U.S. official said.
Gen. Keith Alexander, the chief of the new U.S. Cyber Command told a congressional panel this week: "What concerns me the most is destructive attacks that are coming, and we're concerned that those are the next things that we will see."
The danger, Gen. Alexander said, is that such attacks can do damage that is difficult to reverse and can't be fixed by blocking Internet traffic, destroying computers and other automated devices connected to the Internet before the government or a company can respond.
"That could cause tremendous damage," he said. "If that were to happen in a war zone, that means our command and control system and other things suffer."
Another danger, he said, is that such an attack could be mounted on the U.S. electrical or banking sector, and the affected company would largely be on its own to defend itself.
The White House is still trying to figure out how the government could aid the response to an attack on the private sector. If there were an attack today, Gen. Alexander said, his Cyber Command does not have the authority to respond to it.