The most crucial point, Lee said, is that, “everything that everyone is talking about is speculation, because we’ve never seen it (a major attack).”
Another problem he sees is that there were no collective, international warnings to the perpetrators of the Ukraine attack.
“We didn’t even have to say we knew who did it,” he said, “but we should have said that whoever did it, be warned that this is an unacceptable act that will bring severe consequences.
“This was an attack on a completely civilian infrastructure, and now it is seen as permissible. It’s going to embolden attackers.”
Stockton also warns that while terrorist organizations may lack the capability to launch a crippling cyber attack now, that may not always be true.
“They have access to Dark Web and zero days to increasing extent,” he said. “And they are becoming increasingly sophisticated. We’re in an arms race. We continue to strengthen resilience, but we need to accelerate our efforts to defend and respond.”
Lee agreed, saying that while things are improving in securing critical infrastructure, “it’s not happening nearly as fast as it should be.”
Sign up for Computerworld eNewsletters.