Most of the new report’s observations focused on counterterrorism, the central focus of the 9/11 Commission. But in speaking with many of the nation’s most senior national-security leaders, we were struck that every one of these experts expressed concern about another issue: daily cyberattacks against the country’s most sensitive public and private computer networks.

A growing chorus of national-security experts describes the cyber realm as the battlefield of the future. American life is becoming evermore dependent on the Internet. At the same time, government and private computer networks in the U.S. are under relentless cyberattack. This is more than an academic concern—attacks in the digital world can inflict serious damage in the physical world. Hackers can threaten the control systems of critical facilities like dams, water-treatment plants and the power grid. A hacker able to remotely control a dam, pumping station or oil pipeline could unleash large-scale devastation. As terrorist organizations such as the Islamic State grow and become more sophisticated, the threat of cyberattack increases as well.

 

Getty Images

On a smaller scale, but equally unsettling, ordinary building systems like electronic door locks, elevators and video-surveillance cameras (today, present in many homes) are also vulnerable to penetration by hackers. Even life-sustaining medical devices, many of which contain embedded computer systems connected to the Internet, could be disabled by cyberattacks.

Others steal Americans’ sensitive personal information and sell it to organized crime rings. The theft of credit- and debit-card numbers from tens of millions of Target customers last year is the most prominent example, but this happens every day. Home Depot confirmed on Monday that it had been hit by a massive data breach.

Meanwhile, state-sponsored cyber intruders have stolen the plans to top-secret U.S. weapons systems, reducing America’s technological advantage and putting military personnel and the homeland at risk. For example, Chinese hackers have used cyber infiltration to gain access to plans for the F-35 Joint Strike Fighter, the Global Hawk surveillance drone and other advanced systems. State-sponsored hackers have also made off with reams of American companies’ intellectual property—business secrets worth hundreds of billions of dollars. Keith Alexander, the former National Security Agency director and retired Air Forcegeneral, has described the continued ransacking of American companies as “the greatest transfer of wealth in history.”

We are at war in the digital world. And yet, because this war lacks attention-grabbing explosions and body bags, the American people remain largely unaware of the danger. That needs to change. Only public attention can create the political momentum for needed reform.

There are a number of cyber-related legislative initiatives pending in Congress. One of the most promising is legislation in the House and Senate that would encourage companies to share information about cyberattacks with the government, so that national-security agencies can analyze the attacks and respond to them. The former 9/11 commissioners’ recent report endorsed such legislation, and it is an important first step. Given the dimension of the problem, however, a larger-scale effort is needed to elevate public awareness and get out in front of this rapidly changing threat. Simply put, the country needs a national cyber strategy, covering all aspects of the problem. This could be accomplished by taking two essential steps.

First, Congress should pass legislation creating a National Cyber Commission. The commission should be empowered to evaluate the cyber threat to the U.S., both to the government and private entities. It should also assess the capabilities that national-security agencies and the private sector possess today, and measure those capabilities against what will be needed as the threat grows. The commission should conduct its work as transparently as possible and should deliver unclassified findings and recommendations to Congress and the American people. The commission should be nonpartisan and should include experts in technology, law and national security.

Second, Congress should create a National Cyber Center, which would bring together government and private experts to ensure unity of effort on this crosscutting problem. The National Counterterrorism Center, created 10 years ago in response to a 9/11 Commission recommendation, is working well. At the NCTC, counterterrorism experts from federal, state and local law-enforcement agencies sit side-by-side, share terrorism-threat information and coordinate responses. There is no counterpart to this proven model for information-sharing in the cyber realm—a major gap in America’s cyber defenses.

In recent months, we have heard time and again from leading experts that the cyber threat is serious—and that the government is not doing enough. One lesson of the 9/11 story is that, as a nation, we didn’t awaken to the gravity of the terrorist threat until it was too late. We must not repeat that mistake in the cyber realm.

Messrs. Kean and Hamilton served as chairman and vice chairman of the 9/11 Commission, respectively. They are co-chairmen of the Bipartisan Policy Center’s Homeland Security Project.