In the past 50 cyberattacks investigated by cybersecurity firm Mandiant, 48 of the victims didn't know they were compromised until an outside organization told them, said Kevin Mandia, Mandiant's CEO.
Coviello also called on Congress to give the NSA more power to stop cyberattacks on U.S. companies. The NSA has the expertise but it has limited authority to act inside the U.S., witnesses said.
There's a "lack of clarity" among the U.S. public about what resources the government should use to battle cyberattacks, Hayden added. "We have capabilities sitting on the sideline because we are not yet sure how to appropriately use them in this new domain," he said. "We, the American people, have not yet established the rules of the road for what it is we want the government to do in the cyberdomain, or what we will allow the government to do."
A huge, unresolved debate affecting cybersecurity is the right of privacy, Hayden added. "We don't have anything approaching a national consensus when it comes to what constitutes a reasonable expectation of privacy on the Internet," he said.
Sign up for CIO Asia eNewsletters.