U.S. Defense Secretary Leon Panetta said the Pentagon and American intelligence agencies are seeing an increase in cyber threats that could become as devastating as the Sept. 11, 2001, attacks if they aren’t stopped.
“A cyber attack perpetrated by nation states or violent extremist groups could be as destructive as the terrorist attack of 9/11,” Panetta said last night. “Such a destructive cyber terrorist attack could paralyze the nation.”
The Defense Department is drafting new rules that will allow the military to defend U.S. “national interests” in addition to its own computer networks, Panetta said in prepared remarks delivered in New York on board the USS Intrepid, an aircraft carrier that’s now a museum.
Panetta offered the highest-level confirmation to date of recent cyber attacks on U.S. and international computer networks and faulted Congress for failing to pass comprehensive cybersecurity legislation this year. In the absence of such a law, President Barack Obama’s administration may issue an executive order, Panetta said.
Attackers “are targeting the computer control systems that operate chemical, electricity and water plants, and those that guide transportation throughout the country,” he told the annual awards dinner of Business Executives for National Security, a non-profit group that applies business practices to national security.
“We know of specific instances where intruders have successfully gained access to these control systems,” Panetta said. “We also know they are seeking to create advanced tools to attack these systems and cause panic, destruction, and even the loss of life.”
Contaminate Water
“An aggressor nation or extremist group could gain control of critical switches and derail passenger trains, or trains loaded with lethal chemicals,” Panetta said. “They could contaminate the water supply in major cities, or shut down the power grid across large parts of the country.”
In recent weeks, he said, some large U.S. financial institutions were hit by attacks that delayed or disrupted services on customer websites. While this tactic, called a Distributed Denial of Service attack, isn’t new, the scale and speed of the bank assaults, which continued this week, were unprecedented, he said.
Even more alarming, Panetta said, was an attack two months ago in which a sophisticated virus called Shamoon infected computers at the Saudi Arabian Oil Co., known as Saudi Aramco, and then Ras Gas of Qatar. More than 30,000 Aramco computers were rendered useless, and had to be replaced, he said.
‘Garbage Data’
“Shamoon included a routine called a ‘wiper,’ coded to self-execute,” he said. “This routine replaced crucial system files with an image of a burning U.S. flag. It also put additional ‘garbage’ data that overwrote all the real data on the machine.”
Aramco said the attack had no significant impact on its administrative operations and that it had reinforced its network security systems, according to a statement posted on the company’swebsite last month.
Panetta discussed specific attacks whose details were declassified to allow public disclosure because cyber threats have become as serious as conventional and nuclear threats, a senior defense official said, speaking on the condition of anonymity to discuss internal deliberations.
The Defense Department is working on new rules that will clarify the Pentagon’s role in defending the country from cyber attacks without violating privacy laws and citizens’ rights, the official said.
Bloomberg has the full article
