Industrial firms should have contingency measures for when cyberattacks happen, not just prevention plans, said Michael Hayden, former director of the National Security Agency and the Central Intelligence Agency. "They're getting through. They will penetrate your network. You can make it harder. You can make it more expensive. You can make it more robust. But they're going to penetrate," he said.