David DeWalt, CEO of computer firm FireEye, said that 95 percent of U.S. companies have their computer systems compromised daily and that China is responsible for 89 percent of cyber attacks during a Center for Strategic and International Studies event on Tuesday.
DeWalt, NSA Deputy Director Chris Inglis, and 10 experts on cybersecurity taking part in two panels, agreed that there needs to be partnerships between nations, cooperation in the private sector, education for the public, and new policies and laws to establish consequences for attackers.
"The defense model today is completely broken," DeWalt said.
"There is a great disparity of what the offense and defense does," Inglis said. "We are strategically lacking, point focused, and not holistic or balanced. We need to actively defend networks."
James Mulvenon, lead China expert and vice president of Defense Group, said having a strong offense is not enough to stop attacks. He suggested tricking hackers into thinking that the information they are stealing is seeded with false data.
"We have to get the Chinese and these other adversaries off this idea that when they retrieve the data out it is pure," Mulvenon said.
By sowing deceit the Chinese will respond with "circular firing squads on their end" and would move decision making on such operations to higher levels in the Communist government.
"Every ounce of bureaucratic energy they spend on finding that is an ounce they’re not spending intruding our networks," Mulvenon said.
One of the major threats is commercial espionage, said Shawn Henry, president of CrowdStrike Services and former FBI executive assistant director.
Stewart Baker, partner at Steptoe & Johnson LLP and former DHS first assistant secretary for policy, said the United States must commit to holding security violators accountable with threats that will "bring the pain."
He said the United States should treat hackers like terrorists by restricting and revoking visas and commercially black listing invaders.
"We need to take information and follow through," Baker said. "Tag information to trace back to [invaders] to say we know where they got the information."
Collectively, the experts on the panels said the public cannot afford to be naïve about cyber threats and that education is essential to stop attacks.
However, Henry said changing human behavior would not be enough because the United States has yet to experience a serious damage from a cyber intrusion.
"Unfortunately, education won’t happen until we see real world impact," Henry said. "People are willing to take extra steps and measures to be more secure after they see a physical impact."