Patrick Lambert wrote in a TechRepublic blog post that while the scenarios painted by Panetta are horrifying, "there's no way to accomplish them solely via the Internet. Most things have to be done on site, and any critical systems shouldn't be connected directly to the 'Net in the first place."
John Felker, a retired Coast Guard captain and vice president of cyber programs at SCI Consulting Services, who believes Panetta is right, said: "Those systems were closed -- site specific -- when they were put in place a long time ago," he said. But now they are Internet facing. "It's cheaper that way, but they are also more vulnerable."
"Absolutely -- no question about it. I've seen the ones and zeroes, so I know," Felker said. "Depending on the attack, could it be worse than Sandy, not only from the risk to life, but the economy. If there is no electricity, a lot of things don't get done."
Could a "Cyber Reserve" mitigate the threat? DHS Deputy Secretary Jane Holl Lute believes that until DHS can improve its in-house capabilities, a reserve is the way to go.
Jim Finkle reports at Reuters that the Deputy Secretary hopes to have a working model for a Cyber Reserve within a year, with the first members drawn from retired government employees now working for private companies, but also recruit from Department of Defense contractors, veterans' organizations and outside groups.
The management of such a reserve of security pros could be tricky, however, since it would involve security clearances and allowing people access to confidential information and tools that could leak into the wild unless they were tightly controlled.
"This has been talked about before," Felker said. "There are a lot of plusses and a lot of minuses. The big question is what authorities do they operate under. How do you get them to do what you want?"
"We know [experts are] out there. But you have to have somebody managing the program that is very comfortable with ambiguity. Gen. [Keith] Alexander [head of the National Security Agency] is probably somebody who could do it."
Felker said the security risks from reservists themselves are probably small. "It depends what kind of access you give them. Some of those [cyber ] tools don't go outside unless it's under very controlled conditions," he said.
However, even if the U.S. does get a Cyber Reserve up and running within a year, it will still be late to the party. Steve Elwart, writing in WND,noted that Estonia has a "white-hat hacker organization" that support's the country's National Guard; that the U.K. is developing a program; and that China is, "actively recruiting a vast [cyber ] army of up to one-half billion soldiers."
Read more about malware/cyber crime in CSOonline's Malware/cyber crime section.