Threat of ‘Spectacular’ Cyberattack Looms: Official

Can You Guess What's the Worst Password to Have?
Nick Rowe | Photodisc | Getty Images

The U.S. is facing unprecedented cyber threats. And businesses and government are at risk, said Eric Rosenbach, Deputy Assistant Secretary of Defense for Cyber Policy in an interview with CNBC.

"I read my intel brief every morning at 5:30 a.m. and it's never a very good news story at all," Rosenbach said. "There are a lot more attacks, and I hate to admit it but I fear that there will be some type of spectacular attack against the United States or one of our allies before there is comprehensive legislation and real appreciation to take this seriously."

Just one month ago, Secretary of Defense Leon Panetta made headlines when he warned that the U.S. is in a "pre-9/11 moment" or a "Pearl Harbor" scenario, referring to a potential chain of cyberattacks against the country.

Rosenbach, Panetta's right-hand man on cyber-security, echoed that chilling warning ─ to prepare for a digital 9/11. (Read More: Panetta Warns of Dire Threat of Cyberattack on U.S.)

Congress failed to push the Cyber Security Act of 2012, a bill that enabled the federal government to take control of all communication capabilities—including the cybersecurity standards of water, power, and utility companies—during a cyber emergency, through the Senate in August. ( Read More: 10 Ways Companies Get Hacked )

The bill failed again on Wednesday when Democrats and Repbulicans found themselves in diagreement over the role government agencies should play when it comes to protecting businesses in cyber emergencies.

"The bill is far from perfect, but it's highly preferable to no action at all." said Rosenbach, "We have to come up with standards that help us patch some of the holes in the critical systems that we need, particularly for critical infrastructure information."

The administration has wrestled with the idea of updating cyberlaws as the tools and weapons in cyberspace have increased in numbers and grown ever more sophisticated.

The black market for cyberweapons, which can be used to attack critical infrastructure, banks, or personal networks, is growing rapidly, Rosenbach said. (Read More: SEC Left Computers Vulnerable to Cyberattacks: Sources)

"I think about the fact that you can go out there and purchase a specific type of cyberweapon and use that against the United States, and they don't even have to be a nation anymore to develop a weapon like that — those are more like the dark web pages," Rosenbach said. "I can't give a specific name, it's classified information. But if you have the weapon and you know the vulnerabilities of the U.S. infrastructure, that makes me nervous." (Read More: Cyberattacks Up Sharply, Suppliers Targeted: Lockheed )

Over the last six months, massive security breaches — such as the attack on Saudi Aramco, the world's largest oil company, and attacks against U.S. financial services companies, including PNC Financial, Wells Fargo, JPMorgan Chase, and Bank of America — have shown that government and businesses are not prepared for such cyberattacks. (Read More: Hackers in Iran Responsible for Cyberattacks: US )

"CEOs need to understand the mounting threat, consider the risk and plan accordingly," Rosenbach said. "You are naive if you are not factoring some aspects of cyberrisk into your business plan."