Having voluntary standards for security simply isn't sufficient, Baker warns. But he acknowledges any type of new standards related to network security and audits "could be expensive." The North American Electric Reliability Corp. (NERC) Critical Infrastructure Protection in place today simply aren't enough, he says. Baker has been an advocate of in-depth government-based auditing over networks providing critical electric supply, noting that a number of countries in Asia, including China, follow this practice.

Baker says the need for this kind of government oversight for vital infrastructure may eventually be "learned the hard way" when cyberattacks one day take down the grid or disrupt other critical resources the public takes for granted. But instead of lengthy debate and compromise over cybersecurity legislation, the ensuing panic in a crisis might result in extreme legislation that becomes law.

Industrial control systems (ICS) increasingly involve components that include -based and other network products familiar to enterprise IT shops, and updating ICS-based networks is difficult, companies have admitted, as they did at the recent organized by DHS in May in Savannah, Ga. And of course, the covert U.S. and Israeli attack by means of the Stuxnet weaponized malware two years ago against the Siemens control systems in an Iranian plant suspected of developing a nuclear weapon has become a clear sign that cyberattacks are real.

One of the problems is that companies are simply in denial about cyberattacks, Baker says. "We have to persuade companies that own the infrastructure that they really are at risk of attacks from adversaries that have names and addresses," he says. He adds the intelligence community should be stepping up to "do a better job" to share information about .

Stewart says the is so concerned about the potential for cyberattacks that if the cybersecurity bill fails this time around, he wouldn't be surprised if President Obama might look for the authority to issue an executive order to strengthen the government's hand in regulating critical infrastructure.