Battleland

Panetta Sounds Alarm on Cyber-War Threat

  • Share
  • Read Later
dod photo / Erin A. Kirk-Cuomo

Defense Secretary Leon Panetta warns of the threat of cyber attack Thursday night in New York City.

Defense Secretary Leon Panetta issued what he said is a “clarion call” Thursday for Americans to wake up to the growing threat posed by cyber war.

“The whole point of this is that we simply don’t just sit back and wait for a goddamn crisis to happen,” Panetta told Time. “In this country we tend to do that, and that’s a concern.”

Panetta came to the nation’s financial hub – New York City – to issue his battle cry. The city is the brightest bulls-eye on the American target for foes wishing to cripple the U.S. economy with computerized “worms” and “malware” that can infect computer networks via the Internet or insider sabotage.

“It is the kind of capability that can basically take down a power grid, take down a water system, take down a transportation system, take down a financial system,” he told Time editors. “We are now in a world in which countries are developing the capability to engage in the kind of attacks that can virtually paralyze a country.”

Aware his alarmn might be drowned out by Thursday night’s vice presidential debate, Panetta stopped by the magazine’s midtown offices Thursday afternoon to detail his concerns to a Time editorial board gathering.

“Everybody knows what their iPhone can do, everybody knows what their computer can do, but I think there are too few people out there who understand the potential for the kind of attack that could cripple this country,” Panetta said. “The American people just have to be made aware of that.”

Panetta cited a series of “disruptive” attacks against U.S. companies, and detailed the far more serious so-called “Shamoon” virus attack on the Saudi Arabian state oil company, Aramco. That August strike wiped out 30,000 of the companies computers. It created the image of a U.S. flag in flames on the infected computers and “it basically burned [the computers] up,” Panetta said. It marked, he said, a significant escalation in cyber warfare.

In the hour-long session with the magazine’s editors, he also said:

– “We are facing the threat of a new arena in warfare that could be every bit as destructive as 9/11 — the American people need to know that. We can’t hide this from the American people any more than we should have hidden the terrorism-attack threat from the American people.”

– “The three potential adversaries out there that are developing the greatest capabilities are Russia, China, Iran.”

– “Out of a scale of 10, we’re probably 8 [in cyber-war skills. But potential foes] are moving up on the scale – probably the others are about a 3, somewhere in that vicinity, but they’re beginning to move up.”

He also said the U.S. military is stepping up its offensive cyber war capability:

– “I think we have to develop the ability to conduct counter-operations against a country we know, or anticipate, that they’re going to launch that kind of attack. So we have to have both defensive and offensive capabilities.”

Beyond merely shutting down enemy systems, the U.S. military is crafting a witch’s brew of stealth, manipulation and falsehoods designed to lure the enemy into believing he is in charge of his forces when, in fact, they have been secretly enlisted as allies of the U.S. military. The U.S. already has deployed a cyber-war offensive technology against Iran’s nuclear program, the New York Times has reported.

But the U.S. is also a target. Panetta said “potential aggressors” are probing for weaknesses in the nation’s cyber defenses. “They’re beginning to exploit transportation systems, power systems, energy systems,” he said. “Our concern is that in doing that kind of exploration, they’re doing it for purposes of determining how could they attack.”

The defense chief added that the Pentagon’s still-fuzzy rules of engagement for waging war in cyber space are being tightened, and will allow the Pentagon to defend other U.S. networks, in and out of government. But such technology isn’t cheap: major defense contractors see cyber defense as the next post-9/11 money pot – annual cyber spending is about $12 billion.

In his speech Thursday night before Business Executives for National Security from the hangar deck of the Intrepid Sea, Air and Space Museum, Panetta warned of cyber terrorists derailing U.S. passenger trains – as well as trains laden with lethal chemicals. He told Time’s editors that both Congress and U.S. businesses have been hesitant to pass legislation – and make the investments necessary – to defend the nation’s critical cyber infrastructure from attack. Part of the reason for speaking out, he said, is to generate public pressure on lawmakers to act.

That’s one reason President Obama designated October as National Cybersecurity Awareness Month. Private-sector companies wonder if the government is exaggerating the threat. They seem willing to wait for an “electronic Pearl Harbor” to justify the investments they would need to make to protect their info-infrastructure. But Panetta and others fear that could be too late.

“Government depends on these networks to defend this country,” Army General Keith Alexander, chief of U.S. Cyber Command, told the U.S. Chamber of Commerce Oct. 4. “And it depends on the power grid to operate. So we have a vested interest in making sure that that works.”

Panetta said his prior job – running the CIA – gave him a close-up look at the damage a cagey cyber-warrior could do to the U.S. “I can tell you from my old job, the level of expertise that I saw – and I don’t consider myself to be schooled in the art of knowing what the hell cyber systems [do] and how it all works –- I’m not close to being there — but I saw people that are extremely bright, extremely able,” he said

“They can develop the kind of malware that has tremendous potential to bring down systems very effectively,” Panetta continued, making clear the U.S. is exploring offensive cyber weapons. “Frankly, in my past capacity, having seen that potential — and now, as secretary of defense, I’m now beginning to see how that is beginning to get in to the arena of other countries that are saying: `Whoa, this has got some great potential.’”

34 comments
James Beck
James Beck

You can only get to a computer through the Internet if it is ON the Internet.  No critical system should ever be exposed to an outside network.  Any engineering firm that has a power plant's control system exposed to the Internet should be fired, then sued.

PurpAv
PurpAv

Why mission critical aspects of water, power, transport, etc would even be connected to the Internet remains a mystery to me.   Its stupid and reckless

Physically isolated systems can't be hacked remotely.  If they need a remote connectivity, do it with callback modems that will only connect to a very specific set of phone numbers.

TJJackson1
TJJackson1

Wonder if Panetta is laying the ground work for why the economy collapses if Bo-rock loses...Just saying...

Sophia41
Sophia41

WHO are "THEY"? You need to be SPECIFIC!

If "THEY" are comitting crimes against American, then PUT "THEM" IN PRISON, or TAKE THEM FISHING!

Sophia41
Sophia41

Then ADDRESS POLICIES AIMED AT CRIMINAL LENIENCY!!!!

THIS is where the REAL PROBLEM EXISTS!!!

THOSE who ARE committing these crimes should be IN PRISON where they belong...the very fact that CRIMINALS have ACCESS to computers is BEYOND REASON! They are given EVERYTHING while law abiding citizens RIGHTS are STOLEN!

CRIMINAL LENIENCY and FAILURES by the FBI to hire TRULY ADEPT INVESTIGATORS, ABSENT OF CORRUPTION also contribute even GREATER DEMISE to our nation!

Solius Symbiosus
Solius Symbiosus

Rule of the Interwebs # 142: Caplock posts are indicative of unstable individuals.

Sophia41
Sophia41

I say that defence policy might need to include "specific extraction" policies, IF this is really the case!

If other actors are TRULY trying to destroy us, then the only way you will get the public support you need to FURTHER take away AMERICAN rights, is to PROVE IT TO US with REAL WORDS, NOT words like "potential aggressors" and "political agressors."

GIVE US HARD FACTS, and let US judge those facts! WE the PEOPLE want to know WHO IS THREATENING US!!!

Sophia41
Sophia41

How can we support policies when it is NOT BEING MADE CLEAR what policies ARE being pursued? Too many "policies" and politican agendae are requiring LAW ABIDING AMERICANS to GIVE UP their FREEDOM AND SECURITY, namely by a POLICY that ALLOWS illegal foreign CRIMINALS in here in the first place, many of whom are hell bent on destroying us! Talk about the need for a CLARION CALL for POLICY FAILURES!!! This is beyond "Maplandia."

We have many foreigners here who are NOT criminals, and they end up taking the brunt of this FAILED POLICY like the rest of us!

If the "agression" DOES EXIST, tells us about it, but don't CREATE FEAR unless you are afraid to reveal the President's REAL policy agenda!

Capitalist policies that ONCE PROTECTED and MADE THIS NATION GREAT are being replaced by socialist agendae that are DEGRADING OUR VALUE as a country...THAT is more threatening to our way of life and AMERICAN FREEDOM! These policies towards illegals and the FAILURES to FULLY INVESTIGATE THE BACKGROUNDS of those detrimental criminals like Atta and TEN RUSSIAN AGENTS you let in here ARE A BIGGER THREAT to this nation!

Sophia41
Sophia41

The CLARION CALL should be about FAILED POLICIES and SCAPEGOATING FACTS!

Increasing criminal elements and more violent crimes against completely innocent people, facilitated by judicial leniency, where it PROMOTES criminal activity, instead of deterring it.

Corruption at every level of police and government that is NOT being confronted, and the DISHONESTY towards the American people, failed investigations, etc.

I think Reza Kahlili made a CLARION CALL himself recently...what's that looming Nov. 6th "event" all about?

Sophia41
Sophia41

Leon...it's not JUST threats  from the OUTSIDE! You have INSIDERS who are hell bent at destroying us from within too, even our own citizens who don't agree with policies, but consider anarchy and/or corruption their "way out" of personal responsibility on Main St AND Wall St.!

The 1+% of anti-war activists and protestors on MAIN STREET sounded like some of them really WANTED to see the US weakened for their own socialist agenda, and that is just as scay as Russian students coming to the US and ringing the a Communist ALARM Bell on Capitalism that DOES provide jobs for Americans, and even for foreigners!

Sophia41
Sophia41

Who ARE the "political agressors" to whom Mr. Panetta is referring?

Sophia41
Sophia41

WHO ARE the "political agressors"? PLEASE enlighten us Leon!

Sophia41
Sophia41

WHO ARE the "political agressors"? PLEASE enlighten us Leon!

GW Field
GW Field

For those of you putting down your country and the sitting president you should be ashamed of yourselves.

PurpAv
PurpAv

 Yea, we should celebrate failure.

Sophia41
Sophia41

ASHAMED of the TRUTH?

Those who are LYING to promote socialist policies against LAW ABIDING AMERICANS should be MORE ashamed!

Solius Symbiosus
Solius Symbiosus

Perhaps, your caplock button got stuck? Maybe, one of those Teabaggers? Perhaps, something else? Do you know the definition of "socialism"? It includes veteran benefits, police services, and schools(and many others)... just so you know. Do you eliminate the those that protect us, and those that educate us? Curious, I am.

[em]EDIT: spelling[/em]

Paulo Sérgio Martins
Paulo Sérgio Martins

It's interesting that US companies have been reporting increasing breaches of their secure networks, on which they store the very information that secures their existence, and the best comments people can make is that the US is the usual warmonger.

DonQuixotic
DonQuixotic

We have had many, many breaches into our network security for years - typically stemming from China.  It is a real problem; why wage a costly war when you can dismantle your enemy's resources from the inside?

AfGuyReturns
AfGuyReturns

Lots of chips we use made over there, too.

Wonder what sort of "additional features" are included with those?

forgottenlord
forgottenlord

National Entities, while having very different objectives, have nothing on the organized crime groups that have been at the forefront of cyberwar issues since the Internet really took off.  Nearly every advancement in anti-virus work is because organized crime was able to be so effective.  The reality is that Leon Panetta's claims are going to fall on deaf ears (aside from, possibly, an argument that more needs to be done at the national and state government levels).  Most companies are very aware of security risks and a lot of energy and effort is devoted to studying and understanding security issues in all areas of the tech world.

The reality is that the lines of cyber-security are pretty much already drawn.  Those that are freaked out were freaked out by the work of organized crime already so they don't need further persuading   The people that absolutely ignored it when it was organized crime are going to ignore it just as much when it's foreign entities.  One needs to only look at the likes of Citibank (who had, by far, the biggest gap between importance of data and level of security provided ever exposed: anyone on the planet could get access to any Citibank customer and send their money wherever they wanted so long as they had access to a Citibank account) or Sony (whose PSN network breach was an extension of their arrogant belief that they can build DRM that will never be broken - a claim repeated over and over by many companies only to always be proven blindingly false) and see that the problem is with individual programmers or companies just not following industry practices on how to protect data.

On a side note, it has been demonstrated that modern concepts of password protection are just plain stupid.  See http://xkcd.com/936/

destor23
destor23

Seems like scare mongering to give the government even more power of surveillance and control over the Internet than it already has.  Where's the skepticism, Mark?

Arimathean
Arimathean

After Israel and the US used these types of attacks to cripple Iran's nuclear program (by using STUX-NET), it should be evident to anyone that these attacks are possible and increasingly probably.

pafaye
pafaye

Not so sure what the average American is suppose to do with this information except worry, perhaps. Is Panetta suggesting that we write our congressmen and ask them to throw money at something that is so removed from Joe Q. citizen he has no clue and nor does his congressman? Are we to insist that all our children major in Computer Science  just in case he or she might be the one to develop some deadly computer weapon? ......or, seeing the future better than we can, is he letting us know so that when the sh** hits the fan, he can say, "I told you so!"

ifthethunderdontgetya™³²®©
ifthethunderdontgetya™³²®©

As usual, the U.S. is the chief war-monger.

~

Solius Symbiosus
Solius Symbiosus

Iraq was a clusterfuck! Afghanistan is righteous justice to the murderous thugs that murdered 3000 people from 60 different countries. Why you like murderers?

LastWaltz
LastWaltz

Next SECDEF will be after bloggers on Battleland and Stars and Stripes.  Looks like a Trojan Horse for the average American human rights activists/advocates.

arvay
arvay

Well, Leon -- people like you started this. And Americans at large may pay for it, as others strike back. 

These are the whiny simperings of the big bully, now afraid that people he's shoved are going to bloody his nose. If there is a funny aspect to this, it will be the right-wing a-holes who rejoice when the US does stupid things like Stuxnet -- blocking any moves to protect our networks because it  will "over--regulate" business. 

smedleybutlersociety
smedleybutlersociety

Next up: Panetta sounds alarm on drone-war threat.

arvay
arvay

I know -- do these supposedly smart people think we can just strike people like this and not get blowback? I  mean the Iranians -- who have not attacked us. 

I don't have any problem with zapping someone like Osama bin Laden, who actually attacked us. 

But what we've done to Iran is pure aggression, and these are very smart and technically advanced people. Hizbollah has started flying Iranian drones, a gift of technology from us to them -- and they'll get better at it as time goes on. 

arvay
arvay

To PurpAv

The US overthrew their freely elected government and put in the Shah

open your American brain to some facts

PurpAv
PurpAv

 Iranian sponsored terrorists have murdered plenty of Americans over the years.  Open your eyes

Jason Druthers
Jason Druthers

If the United States government wants to be able to count on the goodwill of computer nerds to enlist their expertise to defend the government of the United States against foreign cyber attacks, it will have to stop prosecuting Hollywood's war against the information age against those same nerds. While the United States is busy trying to get Julian Assange arrested on trumped up charges in Sweden, and while they're using tax dollars to enforce the RIAA and MPAA's contractual agreements with their customers, that same United States is not going to get any sympathy from the domestic hacking community.

Awesomus
Awesomus

You made a typo 

"...Aware his alarmn might be drowned out by Thursday night’s vice presidential debate..." 

Also what does the scale of 1-10 in Panetta's quote " “Out of a scale of 10, we’re probably 8. [But potential foes] are moving up on the scale – probably the others are about a 3, somewhere in that vicinity, but they’re beginning to move up.”"