Panetta on cyber threats to the US: ‘ This is a pre-9/11 moment’

"DoD is already in an intense daily struggle against thousands of cyber actors"

From Leon Panetta, Department of Defense:  [T]he greater danger facing us in cyberspace goes beyond crime and it goes beyond harassment.  A cyber attack perpetrated by nation states are violent extremists groups could be as destructive as the terrorist attack on 9/11.   Such a destructive cyber-terrorist attack could virtually paralyze the nation.

Let me give you some examples of the kinds of attacks that we have already experienced.

In recent weeks, as many of you know, some large U.S. financial institutions were hit by so-called Distributed Denial of Service attacks.  These attacks delayed or disrupted services on customer websites.  While this kind of tactic isn’t new, the scale and speed with which it happened was unprecedented.

But even more alarming is an attack that happened two months ago when a very sophisticated virus called Shamoon infected computers in the Saudi Arabian State Oil Company Aramco.  Shamoon included a routine called a ‘wiper’, coded to self-execute.  This routine replaced crucial systems files with an image of a burning U.S. flag.  But it also put additional garbage data that overwrote all the real data on the machine.  More than 30,000 computers that it infected were rendered useless and had to be replaced.  It virtually destroyed 30,000 computers.

Then just days after this incident, there was a similar attack on RasGas of Qatar, a major energy company in the region.  All told, the Shamoon virus was probably the most destructive attack that the private sector has seen to date. . . .

The most destructive scenarios involve cyber actors launching several attacks on our critical infrastructure at one time, in combination with a physical attack on our country.  Attackers could also seek to disable or degrade critical military systems and communication networks.

The collective result of these kinds of attacks could be a cyber Pearl Harbor; an attack that would cause physical destruction and the loss of life.  In fact, it would paralyze and shock the nation and create a new, profound sense of vulnerability. 

As director of the CIA and now Secretary of Defense, I have understood that cyber attacks are every bit as real as the more well-known threats like terrorism, nuclear weapons proliferation and the turmoil that we see in the Middle East. . . .

We are acting aggressively to get ahead of this problem, putting in place measures to stop cyber attacks dead in their tracks.  We are doing this as part of a broad whole of government effort to confront cyber threats. . . .

DoD is investing more than $3 billion annually in cybersecurity because we have to retain that cutting edge capability in the field. . . .

Our most important investment is in skilled cyber warriors needed to conduct operations in cyberspace.

Just as DoD developed the world’s finest counterterrorism force over the past decade, we need to build and maintain the finest cyber force and operations.  We’re recruiting, we’re training, we’re retaining the best and the brightest in order to stay ahead of other nations.

It’s no secret that Russia and China have advanced cyber capabilities.  Iran has also undertaken a concerted effort to use cyberspace to its advantage.

Moreover, DoD is already in an intense daily struggle against thousands of cyber actors who probe the Defense Department’s networks, millions of time a day.  Throughout the innovative efforts of our cyber operators, we’ve been trying to enhance the department’s cyber-defense programs. . . .

As I’ve made clear, securing cyberspace is not the sole responsibility of the United States military or even the sole responsibility of the United States government.  The private sector, government, military, our allies – all share the same global infrastructure and we all share the responsibility to protect it. 

Therefore, we are deepening cooperation with our closest allies with the goal of sharing threat information, maximizing shared capabilities and determining malicious activities.  The president, the vice president, Secretary of State and I have made cyber a major topic of discussion in nearly all of our bilateral meetings with foreign counterparts. . . .

Before September 11, 2001, the warning signs were there.  We weren’t organized.  We weren’t ready and we suffered terribly for that lack of attention. 

We cannot let that happen again.  This is a pre-9/11 moment.

The attackers are plottingOur systems will never be impenetrable just like our physical defenses are not perfect, but more can be done to improve them.  We need Congress and we need all of you to help in that effort.

Excerpt from remarks by Secretary Leon Panetta on Cybersecurity to the Business Executives for National Security, New York City.   (photo: BBC)

Image: bbc%2010%2012%2012%20Panetta.jpg