Defense Secretary Panetta Sees a 'Pre-9/11 Moment' for Cyber Security

By Matt Egan
Published October 12, 2012
FOXBusiness




Against the backdrop of a slew of recent cyber attacks against U.S. banks, Defense Secretary Leon Panetta this week warned about the cyber threat and said the U.S. may need to aggressively hit back at cyber evildoers.

The comments marked some of the clearest remarks by Panetta about the evolving and rising cyber threat, which has been on full display in recent months through a high-profile attack on Saudi Arabia’s state oil company and recent ones on U.S. banks like Bank of America (BAC) and Wells Fargo (WFC).

“A cyber attack perpetrated by nation states or violent extremist groups could be as destructive as the terrorist attack of 9/11,” Panetta said in a speech to the Business Executives for National Security meeting in New York on Thursday. “Such a destructive cyber terrorist attack could paralyze the nation.”

While he didn’t call out Iran for a specific role in any recent attack, previous reports indicate some U.S. officials blame Iran for the bank attacks and cyber security experts see Iranian fingerprints on the Saudi Aramco intrusion.

“It's no secret that Russia and China have advanced cyber capabilities. Iran has also undertaken a concerted effort to use cyberspace to its advantage,” Panetta said.

Panetta spoke out about the potential need for the U.S. to retaliate or deter a future cyber attack.

“In the past, we have done so through operations on land and at sea, in the skies and in space. In this new century, the United States military must help defend the nation in cyberspace as well,” he said.

Panetta warned that “this is a pre-9/11 moment” and said “the attackers are plotting.”

The Defense Secretary also appeared to declassify some new information, warning that intruders infiltrated computer control systems that “operate chemical, electricity and water plants and those that guide transportation throughout the country.” It’s not clear who was behind this attack.

Panetta expressed concern that an “aggressor nation or extremist group” could deploy cyber weapons to derail passenger trains, contaminate the water supply, shut down the power grid or amplify a physical attack.

Panetta also specifically addressed the denial of service (DDoS) cyber attacks of recent weeks on major lenders like J.P. Morgan Chase (JPM) and U.S. Bancorp (USB).

“These attacks delayed or disrupted services on customer websites. While this kind of tactic isn't new, the scale and speed with which it happened was unprecedented,” he said.

Likewise, Panetta detailed the Shamoon virus that infected computers in Saudi Aramco, destroying about 30,000 systems. There was a similar attack on RasGas of Qatar, another major energy company in the region, just days later.

“All told, the Shamoon virus was probably the most destructive attack that the private sector has seen to date,” Panetta said.

Panetta said the Department of Defense has developed the “world’s most sophisticated system” to detect cyber attacks but is also thinking about a response.

To prepare for this threat, Panetta said the DOD is developing new capabilities by investing $3 billion a year in cyber security because “we need to build and maintain the finest cyber force and operations.”

The DOD is also finalizing a major upgrade to its rules of engagement in cyber space and working toward building stronger partnerships, including with the private sector.

“The private sector, government, military, our allies -- all share the same global infrastructure and we all share the responsibility to protect it,” Panetta said.

The Defense secretary called on Congress to pass cyber legislation in order to ensure that information sharing is “timely and comprehensive.” He said the legislation should be like the stalled bipartisan bill co-sponsored by U.S. Sens. Joseph Lieberman and Diane Feinstein.

Panetta: Cyber threat is pre 9/11 moment



U.S. Defense Secretary Leon Panetta
October 12th, 2012
03:00 AM ET

By Pam Benson

The United States must beef up its cyber defenses or suffer as it did on September 11, 2001 for failing to see the warning signs ahead of that devastating terrorist attack, the Secretary of Defense told a group of business leaders in New York Thursday night.

Calling it a “pre-9/11 moment,” Leon Panetta said he is particularly worried about a significant escalation of attacks.

In a speech aboard a decommissioned aircraft carrier, Panetta reminded the Business Executives for National Security about recent distributed denial of service attacks that hit a number of large U.S. financial institutions with unprecedented speed, disrupting services to customers.

And he pointed to a cyber virus known as Shamoon which infected the computers of major energy firms in Saudi Arabia and Qatar this past summer. More than 30-thousand computers were rendered useless by the attack on the Saudi state oil company ARAMCO. A similar incident occurred with Ras Gas of Qatar. Panetta said the attacks were probably the most devastating to ever hit the private sector.

The secretary did not say who is believed responsible for those attacks, but senior defense officials who briefed reporters on the speech, said the United States knows, however they would not divulge the suspect.

And he warned America's critical infrastructure - its electrical power grid, water plants and transportation systems - are threatened by foreign actors.

"We know of specific instances where intruders have successfully gained access to these control systems," Panetta said. "We also know they are seeking to create advanced tools to attack those systems and cause panic, destruction and even loss of life."

For its part, Panetta said the Defense Department is "aggressively ... putting in place measures to stop cyber attacks dead in their tracks." The steps he outlined included both defensive and offensive responses.

He cited efforts to stop malicious code before it infects systems and investments in forensics to help track down who is responsible.

But defense isn't the only answer. "If we detect an imminent threat of attack that will cause significant physical destruction or kill American citizens, we need to have the option to take action to defend the nation when directed by the president," Panetta said.

Panetta also said the Defense Department is in the process of finalizing rules of engagement in cyberspace. In a telephone briefing with reports, a senior defense official would not provide any details about the proposed rules but did stress they involve what the response would be to a cyber attack on the United States "that would rise under international law to the level of armed attack."

Panetta's comments never used the word "offensive" and the senior defense officials who briefed reports about the speech under the condition of anonymity, were also reluctant to use the word. One official said it was important "to keep the maximum number of options on the table." Another official stressed the United States was prepared to take action if threatened, but added the Pentagon had previously acknowledged it has offensive cyber capabilities.

Cyber security is ultimately a team effort, and Panetta said the Defense Department was working closely with the State Department, the Department of Homeland Security, the FBI and others to protect the nation. He called on Congress to pass comprehensive cyber-security legislation now.

Over the summer, the Senate came up short when opponents of the Lieberman-Collins cyber bill blocked it from coming up for a final vote. A group of mostly Republican senators and the Chamber of Commerce opposed the bill because they believed it required too much of the private sector.

Panetta urged the business leaders to work with government to support stronger cyber defenses.

"We must share information between the government and the private sector about threats to cyberspace," Panetta said, adding everything would be done to protect civil liberties and privacy.