A major attack is coming, said Senator Susan Collins, a Maine Republican and cosponsor of a stalled in the Senate.

"We know it's only a matter of when, not whether, we have a catastrophic attack," she said at a Woodrow Wilson Center debate about cybersecurity. "My hope is this isn't a case where Congress does nothing until there is a catastrophic attack on our critical infrastructure and then, inevitably, we will overreact and that will make [civil liberties groups] very uncomfortable."

One major problem with cybersecurity efforts in the U.S. is that businesses being attacked often don't have a complete picture of the threats, said General Keith Alexander, commander of U.S. Cyber Command and director of the U.S. National Security Agency. Government agencies and businesses need better incentives to share information with each other, he said.

"The people who run the networks understand what's happening on their networks, given the information they have," Alexander said. "The problem is they don't have all the information. Government has some, they have some, academia has some, and we're not sharing."

Alexander has , the legislation introduced by Collins and three other senators earlier this year. The bill would create voluntary cybersecurity standards for U.S. businesses and would set up mechanisms for the government to share cyberthreat information with businesses and for businesses to share it with each other.