US Unsure How Exposed Firms Are to Cyber Attacks: Official

Janet Napolitano, the U.S. secretary for Homeland Security, told CNBC Thursday she doesn’t know how vulnerable U.S. businesses are to cyber attacks, because private companies aren’t required to disclose that information.

Electricity pylon pass the Ffos-Y-Fran opencast coal mine in Merthyr Tydfil, Wales.
Getty Images
Electricity pylon pass the Ffos-Y-Fran opencast coal mine in Merthyr Tydfil, Wales.

“I can’t answer that question because they’re not required to give us that information,” Janet Napolitano said Thursday. “We know enough to say now we need to have some base standards that are met [and] real-time information sharing” between the government and private companies, particularly utilities.

Napolitano wants Congress to enact tougher cyber-security measures to protect the nation’s water, electrical and telecommunications grid.

“There are online programs that in the hands of somebody with a modicum of cyber training can infiltrate other control systems,” she said. “We live in a world right now where these kinds of attacks can occur, they do occur and that is why it is so important for the Congress to move.”

Congress has been moving slowly, with two cyber security bills under consideration. The measure, backed by Majority Leader Harry Reid (D.-Nev.), some Republicans, and the Obama administration, could require upgrades for critical infrastructure overseen by Homeland Security, while identifying security shortfalls for critical U.S. infrastructure.

Another bill backed by Sen. John McCain (R.-Ariz.), and largely supported by other Republicans, would require federal contractors to inform the government about cyber threats, and make it easier for government regulators and corporations to communicate about threats. It would not affect critical infrastructure, however.

There has been widespread and growing concern about incursions into U.S. networks by hackers looking to steal everything from state secrets to credit-card numbers. Victims have included defense contractor Lockheed Martin , Web search leader Google , Citigroup, and exchange operator Nasdaq OMX .

“The fact that we don’t know indicates the fact that we have a lot of work to do in this area,” Napolitano told CNBC.

“Are we doing a lot of work already? Yes,” she added. “We’ve responded to 106,000 attacks across the United States into various systems. We know they are going on, they’re increasing in sophistication. We know that tactics and techniques are increasingly available online to wrongdoers so, again, we need a statutory push. We need help from Congress now.”

—Reuters contributed to this report.