Every two months, government officials and executives from 20 telecommunications companies meet in a secure facility to grapple with one of the Pentagon's most harrowing attack scenarios: an electronic assault on U.S. computer networks and communication lines that could paralyze the country.

But after dozens of classified sessions designed to share reports about threats to the nation's phone and data networks, participants still eye each other warily. Business members disclose only a fraction of the computer intrusions against their firms – and often months after the events. Public officials rarely discuss investigations into penetrations of government networks or sensitive intelligence about potential assaults.

The lack of cooperation between the government and private industry has undercut development of a common defense against what security experts have labeled "information warfare." Even in the wake of a penetration of military computers earlier this month, that Defense and Justice Department investigators call the most extensive on record, officials were at a loss about whether the electronic attack was limited to government facilities or might have also affected privately operated networks.

"Our suspicion is, it's wider than just us," Deputy Defense Secretary John J. Hamre said when asked if the hackers had singled out the Pentagon. "But we don't know. There's no reason for an insurance company in Iowa to call the Department of Defense and say we've just had our computer hacked into.

"Most likely the next electronic Pearl Harbor that people talk about is not going to be on military assets directly," he said. "It's more likely to be on civilian assets. And what's the mechanism where they're going to call and tell us that we've had this problem?"

Yesterday, Attorney General Janet Reno announced the creation of a center for detecting and responding to electronic and physical threats to critical government and business operations. She said the new center would greatly expand on the FBI's computer crime office by including representatives from the Pentagon, CIA and other government agencies and members from the private sector. It also will seek ties with private computer security centers, such as those run by universities.

Last fall, a presidential commission concluded that the government was poorly organized to deal with the cyber threat and inadequately linked with private firms that are themselves a major target and have resources and expertise to combat the problem.

In cyberspace, the lines between military and commercial targets can be blurred. Services such as telephones, electric power, airplane travel and financial transactions have become dependent on interconnected computer networks that also are used by the Defense Department. About 95 percent of Pentagon communications, for instance, take place over commercial systems. A commitment by Defense Secretary William S. Cohen to make all the Pentagon's contracting for major weapons systems paperless by 2000 promises to deepen this dependence.

Defense officials say that an enemy country or terrorist group could conceivably penetrate these electronic networks and wreak havoc. For instance, using computer viruses, hidden codes, data-destroying software programs or other electronic mechanisms, cyber warriors might attempt to overload telephone lines, disrupt air traffic control centers, halt the operations of electric power grids or sabotage railroad switching facilities. They also could scramble the software used by banks, hospitals and emergency services or shut down stock trading by breaking into the system of an Internet service provider that routes electronic messages to the New York Stock Exchange.

Any of these actions could pose a grave national security risk if timed, for example, to interfere with a major deployment of U.S. troops or some other emergency.

The vulnerability of several hundred unclassified computer networks was demonstrated in a military exercise called "Eligible Receiver" run by the Pentagon's Joint Staff last summer. The scenario showed hackers able to penetrate some Defense Department computers, disrupting operations at certain military bases. The exercise also simulated intrusions into electric power company networks, making outages appear random and unrelated.

Simply getting firms to be on the lookout for the computer anomalies that could signal the beginning of a national security disaster poses a hurdle, specialists say.

"Part of the problem is, people don't realize what they should be reporting," said Jamie Gorelick, who left the Justice Department's number two job last year to become vice chairman of the Federal National Mortgage Association and now co-chairs a presidential advisory committee on protecting critical U.S. infrastructures. "When sensitive systems have been tested by trying to mimic an attack, people who saw evidence that such an incursion was underway ignored it, thinking it was something more benign and routine. The typical reaction was to reboot rather than think there's any kind of intrusion."

While many companies have taken elaborate steps to secure their computer systems, their goal has been to prevent economic losses rather than to identify other malicious intrusions. This has made some firms adept at spotting hackers aiming to siphon funds from financial accounts or steal trade secrets. But even the operators of major networks responsible for such critical services as phone connections and electric power acknowledge being less focused on the threat from intruders intent on shutting down phone service or sabotaging electric utilities.

"We've looked at any losses incurred as a result of cyber intrusions as a business expense, and they've generally posed little threat to our businesses," said Ernest L. Wallace, an executive for the telecommunications firm Comsat who has worked closely with the government on security issues. "Now, we're being asked to look at the national security implications. That's a broader national level requirement but not an industry requirement."

Because U.S. intelligence agencies predict that it will still be years before potential adversaries have the methods to trigger major disruptions in U.S. electronic networks, some telecommunications executives have questioned the urgency of the threat. Although reports abound of computer hackers successfully penetrating supposedly secure government and business networks, administration officials with access to intelligence reports say they know of no electronic attack that has posed a serious threat to national security.

"We need some concrete evidence there's a nuclear attack coming in cyberspace," said Lowell Thomas, who represents GTE in a joint government-industry telecommunications working group. "I've seen the latest national intelligence estimate, and I didn't see anything in there that will jar us into spending millions and millions of dollars to improve security.

"I'm a businessman, and I'm saying, show me what we're doing that isn't up to standards. We feel we're very secure," he added.

Military and intelligence officials disagree. Citing America's growing dependence on computer networks, the spread of information about hacker techniques and the increasing sophistication of intruders, they say that U.S. networks are increasingly vulnerable.

"The defenses that served us so well in the past offer little protection from the cyber threat," the presidential commission concluded last fall. "Our infrastructures can now be struck directly by a variety of malicious tools."

As a measure of how reluctant companies have been to volunteer reports of intrusions, national surveys by the FBI and a private computer center found that only about one in six organizations victimized by computer hackers in 1996 and 1997 advised law enforcement authorities of the incidents.

Industry representatives said they worry about the effect of disclosing an intrusion on public confidence in their businesses. They fear that competitors will take advantage of any reported incident of weakness or system failure. And they fret that disclosure will invite burdensome federal regulations or criminal investigations, constraining their businesses.

Many also say they have little trust in government promises of confidentiality. In the government-industry telecommunications group, the fact that shared reports hide company names and the locations of incidents still has failed to make participants totally forthcoming.

In conceiving the new center unveiled by Reno yesterday, officials looked to several other public-private collaboration efforts as models. These include the National Security Telecommunications Advisory Committee and the National Coordinating Center, both of which were established after the breakup of the AT&T monopoly in the early 1980s to ensure government agencies quick access to phone lines during emergencies and coordinate national disaster recovery efforts. Another model cited by officials is the network of Centers for Disease Control and Prevention, which gathers information from private medical sources and looks for national patterns of illness or drug reactions.

Because of the vast economic areas potentially affected by unwanted computer intrusions, some administration officials also have advocated setting up a series of independent information sharing and analysis centers around the country, which perhaps could be linked to defense labs or universities. A draft presidential directive that would authorize other collaborative efforts beyond the new FBI-run center calls on the government to encourage the formation of such private sector monitoring operations, according to officials familiar with the unpublicized directive.

Still, some administration officials caution that better tracking of intrusions is only a stopgap measure. An effective national defense will require securing U.S. networks against attack in the first place.

"Otherwise, what you're doing is like setting up a neighborhood warning center so people can tell each other when their houses are burglarized, but they aren't going to lock their doors or vote for a police department in their little town," said Jan Lodal, a senior defense official.

Hoping to encourage development of more secure Internet communications, the Pentagon recently decided to require encryption of all defense business transactions using a novel "public key" decoding technology that has yet to be tried on a large scale. This approach involves creation of computerized keys that can unlock encoded communications; the keys can be deposited with third parties for safekeeping. By paying industry to develop the technology for Pentagon use, defense officials expect to create a market for it that eventually can widen to encompass much Internet business.

The broad issue of encryption is controversial, with the FBI pressing for curbs on indeciferable codes. The topic has created rifts in both the administration and Congress, pitting law enforcement advocates against civil libertarians opposing infringements on free speech. Defense officials view their initiative as pointing the way to a possible compromise under which encryption and key recovery systems would be mandated for large, critical Internet users.

"We're not going to pick sides between factions, but we're marching right into the middle to try to create a consensus approach to this problem," Hamre said in an interview. "Our approach is to create over time the demand that will gradually produce the security infrastructure around these communications systems."

Staff writer Rajiv Chandrasekaran contributed to this report.