Many of the threats that the Cyber Intelligence Sharing and Protection Act, or CISPA, is meant to address concern cyber intrusions that expropriate U.S. firms' intellectual property. But supporters of the bill also note the mounting volume and severity of cyber attacks sponsored by unfriendly foreign governments.

"The threat of cyber warfare may be relatively new, but it is not small," said Rep. Patrick Meehan (R-Penn.), the chairman of the Homeland Security Committee's Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies. "Iran has reportedly invested over $1 billion in developing its cyber capabilities."

Iranian officials have publicly blamed the West for orchestrating the attack in 2010 that saw the Stuxnet worm infiltrate one of the country's nuclear reactors. While Iran was on the receiving end of that attack, the witnesses at Thursday's hearing warned that the country's cyber experts could reverse engineer Stuxnet or other cyber weapons to deploy against critical infrastructure in the United States.

"I would make the argument that Iranian action against the United States through asymmetrical action is more rather than less likely," said Ilan Berman, a vice president at the American Foreign Policy Council. "Iran appears to be moving increasingly from defense to offense in terms of how it thinks about cyber space."

Lawmakers raised the concern that Stuxnet marked a fundamental shift in the threat landscape, that with that weapon, cyber warriors had "crossed the Rubicon" to achieve the capability to disrupt critical infrastructure systems such as the electrical grid or databases of electronic medical records. Stuxnet, the fear goes, provided a real demonstration of what had previously been an abstract concern.