Against the backdrop of a slew of recent cyber attacks against U.S. banks, Defense Secretary Leon Panetta this week warned about the cyber threat and said the U.S. may need to aggressively hit back at cyber evildoers.
The comments marked some of the clearest remarks by Panetta about the evolving and rising cyber threat, which has been on full display in recent months through a high-profile attack on Saudi Arabia’s state oil company and recent ones on U.S. banks like Bank of America (BAC) and Wells Fargo (WFC).
“A cyber attack perpetrated by nation states or violent extremist groups could be as destructive as the terrorist attack of 9/11,” Panetta said in a speech to the Business Executives for National Security meeting in New York on Thursday. “Such a destructive cyber terrorist attack could paralyze the nation.”
While he didn’t call out Iran for a specific role in any recent attack, previous reports indicate some U.S. officials blame Iran for the bank attacks and cyber security experts see Iranian fingerprints on the Saudi Aramco intrusion.
“It's no secret that Russia and China have advanced cyber capabilities. Iran has also undertaken a concerted effort to use cyberspace to its advantage,” Panetta said.
Panetta spoke out about the potential need for the U.S. to retaliate or deter a future cyber attack.
“In the past, we have done so through operations on land and at sea, in the skies and in space. In this new century, the United States military must help defend the nation in cyberspace as well,” he said.
Panetta warned that “this is a pre-9/11 moment” and said “the attackers are plotting.”
The Defense Secretary also appeared to declassify some new information, warning that intruders infiltrated computer control systems that “operate chemical, electricity and water plants and those that guide transportation throughout the country.” It’s not clear who was behind this attack.
Panetta expressed concern that an “aggressor nation or extremist group” could deploy cyber weapons to derail passenger trains, contaminate the water supply, shut down the power grid or amplify a physical attack.
“These attacks delayed or disrupted services on customer websites. While this kind of tactic isn't new, the scale and speed with which it happened was unprecedented,” he said.
Likewise, Panetta detailed the Shamoon virus that infected computers in Saudi Aramco, destroying about 30,000 systems. There was a similar attack on RasGas of Qatar, another major energy company in the region, just days later.
“All told, the Shamoon virus was probably the most destructive attack that the private sector has seen to date,” Panetta said.
Panetta said the Department of Defense has developed the “world’s most sophisticated system” to detect cyber attacks but is also thinking about a response.
To prepare for this threat, Panetta said the DOD is developing new capabilities by investing $3 billion a year in cyber security because “we need to build and maintain the finest cyber force and operations.”
The DOD is also finalizing a major upgrade to its rules of engagement in cyber space and working toward building stronger partnerships, including with the private sector.
“The private sector, government, military, our allies -- all share the same global infrastructure and we all share the responsibility to protect it,” Panetta said.
The Defense secretary called on Congress to pass cyber legislation in order to ensure that information sharing is “timely and comprehensive.” He said the legislation should be like the stalled bipartisan bill co-sponsored by U.S. Sens. Joseph Lieberman and Diane Feinstein.