Cyberattacks have breached the Pentagon and sent businesses into bankruptcy. Still, it might take a cyberdisaster that causes damage on the scale of Hurricane Katrina in 2005 to get lawmakers to pass legislation aimed at shoring up the U.S.’s infrastructure.

The White House has proposed an executive order to address part of the problem, but Gen. Keith Alexander, the director of the National Security Agency and commander of U.S. Cyber Command, says that is not enough.

The Pentagon has a pilot program that will help private companies work with the government to help them protect their own information. But that program “doesn’t give us the ability to work with the Internet service providers and allow that to benefit the rest of the critical infrastructure and the rest of government,” Alexander said during an Oct. 1 panel discussion at the Woodrow Wilson Center in Washington. “That’s really what we need this legislation for.”

An executive order also would fail to address liability protections to shield companies from lawsuits over information-sharing that are needed to encourage tparticipation, says Susan Collins (Maine), the ranking Republican on the Senate Homeland Security Committee and a co-sponsor of cybersecurity legislation. “I think the executive order is a mistake,” Collins says. “I fear that it actually could lull people into a false sense of security that we’ve taken care of cybersecurity.”