Defense Secretary Leon Panetta issued what he said is a “clarion call” Thursday for Americans to wake up to the growing threat posed by cyber war.
“The whole point of this is that we simply don’t just sit back and wait for a goddamn crisis to happen,” Panetta told Time. “In this country we tend to do that, and that’s a concern.”
Panetta came to the nation’s financial hub – New York City – to issue his battle cry. The city is the brightest bulls-eye on the American target for foes wishing to cripple the U.S. economy with computerized “worms” and “malware” that can infect computer networks via the Internet or insider sabotage.
“It is the kind of capability that can basically take down a power grid, take down a water system, take down a transportation system, take down a financial system,” he told Time editors. “We are now in a world in which countries are developing the capability to engage in the kind of attacks that can virtually paralyze a country.”
Aware his alarmn might be drowned out by Thursday night’s vice presidential debate, Panetta stopped by the magazine’s midtown offices Thursday afternoon to detail his concerns to a Time editorial board gathering.
“Everybody knows what their iPhone can do, everybody knows what their computer can do, but I think there are too few people out there who understand the potential for the kind of attack that could cripple this country,” Panetta said. “The American people just have to be made aware of that.”
Panetta cited a series of “disruptive” attacks against U.S. companies, and detailed the far more serious so-called “Shamoon” virus attack on the Saudi Arabian state oil company, Aramco. That August strike wiped out 30,000 of the companies computers. It created the image of a U.S. flag in flames on the infected computers and “it basically burned [the computers] up,” Panetta said. It marked, he said, a significant escalation in cyber warfare.
In the hour-long session with the magazine’s editors, he also said:
– “We are facing the threat of a new arena in warfare that could be every bit as destructive as 9/11 — the American people need to know that. We can’t hide this from the American people any more than we should have hidden the terrorism-attack threat from the American people.”
– “The three potential adversaries out there that are developing the greatest capabilities are Russia, China, Iran.”
– “Out of a scale of 10, we’re probably 8 [in cyber-war skills. But potential foes] are moving up on the scale – probably the others are about a 3, somewhere in that vicinity, but they’re beginning to move up.”
– “I think we have to develop the ability to conduct counter-operations against a country we know, or anticipate, that they’re going to launch that kind of attack. So we have to have both defensive and offensive capabilities.”
Beyond merely shutting down enemy systems, the U.S. military is crafting a witch’s brew of stealth, manipulation and falsehoods designed to lure the enemy into believing he is in charge of his forces when, in fact, they have been secretly enlisted as allies of the U.S. military. The U.S. already has deployed a cyber-war offensive technology against Iran’s nuclear program, the New York Times has reported.
But the U.S. is also a target. Panetta said “potential aggressors” are probing for weaknesses in the nation’s cyber defenses. “They’re beginning to exploit transportation systems, power systems, energy systems,” he said. “Our concern is that in doing that kind of exploration, they’re doing it for purposes of determining how could they attack.”
The defense chief added that the Pentagon’s still-fuzzy rules of engagement for waging war in cyber space are being tightened, and will allow the Pentagon to defend other U.S. networks, in and out of government. But such technology isn’t cheap: major defense contractors see cyber defense as the next post-9/11 money pot – annual cyber spending is about $12 billion.
In his speech Thursday night before Business Executives for National Security from the hangar deck of the Intrepid Sea, Air and Space Museum, Panetta warned of cyber terrorists derailing U.S. passenger trains – as well as trains laden with lethal chemicals. He told Time’s editors that both Congress and U.S. businesses have been hesitant to pass legislation – and make the investments necessary – to defend the nation’s critical cyber infrastructure from attack. Part of the reason for speaking out, he said, is to generate public pressure on lawmakers to act.
That’s one reason President Obama designated October as National Cybersecurity Awareness Month. Private-sector companies wonder if the government is exaggerating the threat. They seem willing to wait for an “electronic Pearl Harbor” to justify the investments they would need to make to protect their info-infrastructure. But Panetta and others fear that could be too late.
“Government depends on these networks to defend this country,” Army General Keith Alexander, chief of U.S. Cyber Command, told the U.S. Chamber of Commerce Oct. 4. “And it depends on the power grid to operate. So we have a vested interest in making sure that that works.”
Panetta said his prior job – running the CIA – gave him a close-up look at the damage a cagey cyber-warrior could do to the U.S. “I can tell you from my old job, the level of expertise that I saw – and I don’t consider myself to be schooled in the art of knowing what the hell cyber systems [do] and how it all works –- I’m not close to being there — but I saw people that are extremely bright, extremely able,” he said
“They can develop the kind of malware that has tremendous potential to bring down systems very effectively,” Panetta continued, making clear the U.S. is exploring offensive cyber weapons. “Frankly, in my past capacity, having seen that potential — and now, as secretary of defense, I’m now beginning to see how that is beginning to get in to the arena of other countries that are saying: `Whoa, this has got some great potential.’”