According to Lawrence K. Gershwin, the CIA’s top adviser on science and technology issues, despite a major increase in intelligence efforts dedicated to computer security, attackers still develop new tools and techniques faster than the CIA can keep up.

Often, “we end up detecting it after it’s happened,” said Gershwin. “I don’t feel very good about our ability to anticipate.”

Gershwin told the Joint Economic Committee that foreign governments are the most potent threat to U.S. computers for the next five to 10 years, rather than terrorists or lone troublemakers.

So far, he said, individual hackers don’t have the skills or the motive to make a major attack against U.S. infrastructure like the telephone system or financial networks. And since terrorists want immediate and predictable results, they will stick with their current attacks for the foreseeable future.

“Terrorists really like to make sure that what they do works,” Gershwin said. “They do very nicely with explosions, so we think largely they’re working on that.”

Still, Gershwin warned that a terrorist organization could surprise intelligence officers and mount a cyber attack within the next six months.

The committee focused on the vulnerabilities faced because of the separation of the public and private sector. Even though the government uses commercial networks, and vice versa, there still is little information shared and attackers could exploit that split.

“When a commander at the Pentagon tries to call a commander in the field,” Sen. Robert Bennett, R-Utah, said, “he’s connecting with Verizon.”

Gershwin said that this reliance on private networks can mean that a foreign power could install a backdoor into government systems. “While we may be working with American companies on issues at some point, there are contracts and subcontracts,” Gershwin said. “It gets hard to tell who’s doing the work for you.”

There are some public-private collaborations, such as the FBI’s InfraGard program to get closer to tech companies and the federal Information Sharing Analysis Centers. But there is still much distrust, as companies don’t want to share their vulnerabilities with other firms or see them reported publicly, and the government holds back its secrets.

“I’d like to think we can work on that collaboration now,” said Rep. Adam Putnam, R-Fla., “rather than when there’s a crisis.”.