Foreign cyber-threats are “the modern day, 21st century nuclear weapons equivalent," Kerry said before the Senate Foreign Relations Committee. "We’re going to have to engage in cyber diplomacy and cyber negotiations and try to establish rules of the road that help us cope with this challenge."
“Every day while we sit here right now certain countries are attacking our systems,” he added. “They are trying to hack into classified information to various agencies of our government."
Kerry was responding to a question from Sen. Dick Durbin (D.-Ill.) who called the “war involving the invisible workings of computers…the most serious threat facing us today."
Kerry also mentioned state-sponsored cyber-war as a very real concern, noting that there “are some countries we are currently engaged with” which have a “very good understanding of this power and are pursuing it.”
He added, "It's threatening to our power grid, it's threatening to our communications and it's threatening to our capacity to respond, and there are people out there who know it.”
The focus on the cyber aspect of national security is becoming an increasingly loud drumbeat. Kerry’s comments echo the sentiments of US Defense Secretary Leon Panetta, who warned last fall that the US is in danger of a “cyber-Pearl Harbor” attack against critical infrastructure, like the power grid, the public water supply or even passenger trains. Unlike Kerry, Panetta named names, fingering China, Russia, Iran and militant groups as the biggest likely perpetrators of such an attack.
The comments also dovetail with the introduction by Senate Democrats of the Cybersecurity and American Cyber Competitiveness Act of 2013, recommending that a combined public-private consensus be built to address the growing volume of threats to national security.
The bill, sponsored by Sens. Jay Rockefeller (D-W.V.), Dianne Feinstein (D-Calif.) and Tom Carper (D-Del.), hopes to succeed where the 2012 Cyber Security Act failed, defeated by Republican filibuster after months of bipartisan discussions.
Absent a signed bill, the White House is expected to eventually enact some of the cybersecurity provisions outlined in the 2012 bill, using an executive order.