US threatens pre-emptive strike to stop cyber threats
The US military could act pre-emptively if it detects an imminent threat of cyber attack, according to Defence Secretary Leon Panetta.
In what was described by US officials as the first major policy speech on cyber security by a defence secretary, Panetta lamented under-investment by America’s private sector and political gridlock in Washington that had stymied cyber security legislation. He said a presidential executive order was being considered “while we wait for Congress to act.”
Addressing a gathering of business leaders in New York, Panetta warned that unnamed foreign actors were targeting computer control systems that operate chemical, electricity and water plants and those that guide transportation.
The fears are nothing new, but rolling out the big guns suggests an escalation of concerns.
“We know of specific instances where intruders have successfully gained access to these control systems. We also know that they are seeking to create advanced tools to attack these systems and cause panic, and destruction, and even the loss of life,” Panetta said.
Potential aggressors should be aware that the United States has the capacity to locate them and to hold them accountable for actions that may try to harm America
Aggressors could derail passenger trains, contaminate the water supply or shut down the power grid in much of the country, he said.
Business sector slacking
According to Panetta, although awareness of the threat in America’s private sector had grown, “the reality is that too few companies have invested in even basic cyber security”.
To underscore the degree of concern, Panetta pointed to the August cyber attack on Saudi Arabian state oil company, ARAMCO, blamed on the “Shamoon” virus, and a similar one days later that struck Qatar’s natural gas firm, Rasgas.
“All told, the Shamoon virus was probably the most destructive attack that the private sector has seen to date,” he said.
Panetta called the “Shamoon” virus sophisticated and noted that in Saudi Arabia it replaced crucial system files with an image of a burning US flag.
“More than 30,000 computers that it infected (at ARAMCO) were rendered useless, and had to be replaced,” he said.
He also pointed to recent denial-of-service attacks on major US banks, which delayed or disrupted services on customer websites.
One US official, briefing reporters before the speech on condition of anonymity, said the United States knew who carried out the attacks cited in Panetta’s speech, but declined to disclose that information.
Watching the watchers
The US has long been concerned about cyber warfare capabilities in China, Russia and increasingly from Iran. But one problem has been the difficulty in knowing with certainty where a cyber attack hails from – making potential retaliation difficult.
Panetta said the US had made significant investments in cyber forensics to address that problem “and we are seeing returns on those investments.”
“Potential aggressors should be aware that the United States has the capacity to locate them and to hold them accountable for actions that may try to harm America,” Panetta said, adding the Pentagon was finalising the most comprehensive change to the rules of engagement in cyberspace in seven years.
He said that the Department of Defence had a mission to defend the country and would be ready to respond to attacks – or even the emergence of a concrete threat. Such pre-emptive action would occur only under certain, dire scenarios, he said.
“If we detect an imminent threat of attack that will cause significant physical destruction in the United States or kill American citizens, we need to have the option to take action against those who would attack us,” he said.
Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.