There are pieces of infrastructure that, if crippled by a cyber attack, could damage the country and the economy, Daniel said.

Senate Republicans in August blocked a cybersecurity bill backed by Obama that would have set voluntary cybersecurity standards for privately-owned critical systems. The bill also would have encouraged companies and government to share information on cyber threats.

Republicans and the Chamber of Commerce opposed the measure, saying standards would be a back door to government regulation of companies and wouldn't keep pace with evolving threats in cyberspace.

“Whether you want to call it light touch, voluntary, in its implementation we still believe it would be more of a regulatory approach,” Ann Beauchesne, the chamber's vice president of national security and emergency preparedness, said at the panel discussion. “We just don't see that as the right tack to take.”

The chamber supports a measure focused solely on information sharing that passed the Republican-controlled House of Representatives in April, Beauchesne said. Minimum standards for cybersecurity should be developed by industry, not government, and should vary for different sectors, she said.

Obama's administration may issue an executive order to accomplish some of the goals of the bill it supports, while saying it can take only limited action on its own and urging lawmakers to act. Senate Majority Leader Harry Reid, a Nevada Democrat, has pledged to bring the Obama-backed measure to the Senate floor again during a post-election lame-duck session of Congress.

Cyber Threat

The Obama-backed bill's lead sponsors are Senators Joe Lieberman, a Connecticut independent, and Susan Collins, a Maine Republican. Lieberman, who isn't seeking re-election, is chairman of the Senate Homeland Security and Governmental Affairs Committee. Collins is the panel's top Republican.

U.S. Defense Secretary Leon Panetta in a speech this month faulted Congress for failing to act on comprehensive cybersecurity legislation, saying computer assaults by other countries or extremist groups could be as destructive as the Sept. 11 terrorist attacks.

Panetta pointed to recent cyber attacks, including a series of distributed denial-of-service assaults on the websites of major U.S. banks and an attack on the computer network of Saudi Arabian Oil Co., known as Saudi Aramco, as “significant escalation” of the threat.

Referring to news reports that the Saudi Aramco attack was carried out by a company employee, Joseph Rigby, chief executive officer of Pepco Holdings Inc., said internal threats are “very high on our list of awareness and concern.”

“People that have their hands on or have access to the infrastructure, we're doing background checks, we're doing security checks, things like that, but people's personalities change, what's happening in their lives,” Rigby said. “You have to be very, very diligent around what your people are doing.”

Daniel, the White House cybersecurity coordinator, and other administration officials have been meeting with lawmakers and industry representatives about a possible executive order. Republican senators including John McCain of Arizona and Kay Bailey Hutchison of Texas oppose the White House taking unilateral action, saying the issue should be handled in Congress.

An executive order probably won't be issued before the November presidential election, Daniel said earlier this week. He declined to comment on timing beyond that.

“Traditionally in security, societies assign that responsibility to their government,” Jane Holl Lute, deputy secretary of homeland security, said at the panel discussion. “In cyberspace there have been no assignments yet made.”

Bloomberg News

Copyright 2018 Bloomberg. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.