WASHINGTON, Oct. 11, 2012 – Defense Secretary Leon E. Panetta spelled out in detail the Defense Department’s responsibility in cybersecurity during a speech to the Business Executives for National Security meeting in New York, Oct. 11.
Panetta has stressed the importance of cybersecurity since taking office last year. In addition, the secretary has warned about a “cyber Pearl Harbor” many times, including during testimony before Congress.
The speech before BENS aboard the USS Intrepid Museum is the secretary’s clearest discussion to date of DOD’s responsibility in the cyber domain.
“A cyber attack perpetrated by nation states or violent extremist groups could be as destructive as the terrorist attack of 9/11,” he said in prepared remarks. “Such a destructive cyber terrorist attack could paralyze the nation.”
The secretary pointed to denial of service attacks that many large U.S. corporations have suffered in recent weeks, but also cited a more serious attack in Saudi Arabia. In that attack a sophisticated virus called “Shamoon” infected computers at the Saudi Arabian state oil company, ARAMCO.
“Shamoon included a routine called a ‘wiper,’ coded to self-execute,” he said. “This routine replaced crucial system files with an image of a burning U.S. flag. It also put additional ‘garbage’ data that overwrote all the real data on the machine. The more than 30,000 computers it infected were rendered useless, and had to be replaced.”
There was a similar attack later in Qatar. “All told, the Shamoon virus was probably the most destructive attack that the private sector has seen to date,” Panetta said.
Enemies target computer control systems that operate chemical, electricity and water plants, and guide transportation networks.
“We also know they are seeking to create advanced tools to attack these systems and cause panic, destruction and even the loss of life,” he said.
“An aggressor nation or extremist group could gain control of critical switches and derail passenger trains, or trains loaded with lethal chemicals,” he said. “They could contaminate the water supply in major cities, or shut down the power grid across large parts of the country.”
Cyber attacks could be part of a major attack against the United States, and this could mean the cyber Pearl Harbor the secretary fears. This is “an attack that would cause physical destruction and loss of life, paralyze and shock the nation and create a profound new sense of vulnerability,” he said.
DOD has a supporting role in cyber defense, he said. The Department of Homeland Security is the lead federal agency, with the FBI having lead on law enforcement. Still the overall DOD mission is to defend the United States.
“We defend. We deter. And if called upon, we take decisive action,” the secretary said. “In the past, we have done so through operations on land and at sea, in the skies and in space. In this new century, the United States military must help defend the nation in cyberspace as well.”
DOD has responsibility for defending its own networks, and can also help deter attacks. “Our cyber adversaries will be far less likely to hit us if they know we will be able to link them to the attack, or that their effort will fail against our strong defenses,” he said. “The Department has made significant advances in solving a problem that makes deterring cyber adversaries more complex: the difficulty of identifying the origins of an attack.”
DOD has improved its capability of tracking attacks to point of origin. “Potential aggressors should be aware that the United States has the capacity to locate them and hold them accountable for actions that harm America or its interests,” he said.
But improved defenses will not stop all cyber attacks. “If we detect an imminent threat of attack that will cause significant physical destruction or kill American citizens, we need to have the option to take action to defend the nation when directed by the President,” Panetta said. “For these kinds of scenarios, the Department has developed the capability to conduct effective operations to counter threats to our national interests in cyberspace.
“Let me be clear that we will only do so to defend our nation, our interests, or our allies,” he continued. “And we will only do so in a manner consistent with the policy principles and legal frameworks that the Department follows for other domains, including the law of armed conflict.”
For full story, visit defense.gov