State Department coordinator for cyber issues, Christopher Painter, said the United States faced a host of potential threats in cyberspace from freelance hackers to militants and potentially rival states. Diplomacy and policy was only just beginning to catch up with technology, he said.
"It is clear that cyber security is now a policy imperative," he told Reuters late on Wednesday on the sidelines of a conference by the East-West Institute, a think tank.
"It goes across governance issues, economic issues, military issues. The best course of action is to engage with countries and have a free and frank discussion. We're just at the beginning of this."
Painter, appointed in April after working as senior director for cyber security policy at the White House, would not discuss recent security breaches nor say who he thought might be responsible. But it was clear issues needed to be addressed, he said.
Internet company Google said on Thursday suspected Chinese hackers had tried to steal the passwords of hundreds of Google email users including senior U.S. government officials, Chinese activists and journalists.
Chinese officials denied any government connection, saying that China was also a victim of hacking.
Defense giant Lockheed Martin and electronics firms Sony have also recently reported data theft, while security experts say many other companies have suffered similar attacks but have been unwilling to declare them publicly.
Painter, a senior member of the team that produced the White House's cyber security doctrine published last month, said the United States was worried about economic losses through information theft and more direct cyber attacks that may damage essential national systems such as power or air traffic control.
Washington has said that in the event of a devastating cyber attack that caused physical damage, it might retaliate using conventional military means.
"What the U.S. has said is that there are a number of ways in which you could respond to cyber attacks include economic measures and perhaps also military measures," he said, although he would not say what options might be available for data theft.
"The most important thing is to build international consensus ... It's not just China that we need to engage with. It is an important part of our agenda with every country."
Part of the problem, he said, was the difficulty of attributing cyber attacks reliably and quickly. That has led to some experts saying that any unintended escalation between states could potentially spark war.
"It gets talked about a lot and in fairness I think it is a risk," he said. "The way you deal with that is by establishing international norms and confidence building measures. There's still a long way to go."
"The way to make sure that never happens is to make sure that countries have close relationships and connections in place. I think those structures need to be improved and we are working on that."
(editing by Elizabeth Piper)
This story was corrected to fix garble in two quotes. Paragraph 4 should read “best course of action is to engage with countries and have a free and frank exchange of views” not “engage with countries that have...” And, paragraph 11 should read “what the U.S. has said is that there are a number of ways in which you could respond” not “what the U.S. has said is that the right number of ways..”