The man who spearheaded the execution of terrorist mastermind Osama Bin-Laden gave a stark speech on the new form of threat facing business and people today: a cyber Pearl Harbor.
Panetta, who was on the board of directors of the New York Stock Exchange during the 9/11 attacks, called cybercrime the “very nexus of business and national security” He was speaking at the Business Executives for National Security (BENS) event in New York where he said the people and businesses have to “address a new domain” to secure peace and prosperity in the world of tomorrow.
“Cyberspace has fundamentally transformed the global economy. It’s transformed our way of life, providing two billion people across the world with instant access to information to communication, to economic opportunities. Cyberspace is the new frontier, full of possibilities to advance security and prosperity in the 21st century. And yet, with these possibilities, also come new perils and new dangers,” Panetta said.
He added that the Internet is open and highly accessible and while that would provide many benefits to businesses and people it also a new terrain for warfare.
“It is a battlefield of the future where adversaries can seek to do harm to our country, to our economy, and to our citizens. I know that when people think of cyber security today, they worry about hackers and criminals, who prowl the Internet, steal people’s identities, steal sensitive business information, and steal even national security secrets. Those threats are real and they exist today,” Panetta said.
But there is even a greater danger beyond the cyber crook. Cyber attacks can come from organized and resourceful nation states that harbor violent extremists groups. And, Panetta believes these groups could launch a cyber Pearl Harbor attack that could be as destructive as the terrorist attack on 9/11. What’s worse Panetta continued is that these cyber-terrorist attacks could virtually paralyze the nation.Panetta offered these two examples:
*Financial institutions hit with Distributed Denial of Service attacks.
*The Shamoon virus infected computers in the Saudi Arabian state oil company Aramco. The Shamoon wiper code replaced crucial systems files with an image of a burning U.S. flag. This virus virtually destroyed 30,000 computers.
“Imagine the impact of an attack like that would have on your company or your business,” he said.
During his time as U.S. Secretary of Defense, Panetta has seen these cyber attacks significant escalate, which led him to the conclusion that there will still be more destructive scenarios that could unfold such as targeting the computer control systems that operate chemical, electricity and water plants and those that guide transportation throughout this country.
“We know of specific instances where intruders have successfully gained access to these control systems. We also know that they are seeking to create advanced tools to attack these systems and cause panic and destruction and even the loss of life,” he added.
Panetta then went on to explain how a cyber Pearl Harbor could unfold. He said: “An aggressor nation or extremist group could use these kinds of cyber tools to gain control of critical switches. They could, for example, derail passenger trains or even more dangerous, derail trains loaded with lethal chemicals. They could contaminate the water supply in major cities or shutdown the power grid across large parts of the country.”
These cyber attacks could also come in combination with a physical attack, the Secretary fears. “Attackers could also seek to disable or degrade critical military systems and communication networks. The collective result of these kinds of attacks could be a ‘cyber Pearl Harbor’. An attack that would cause physical destruction and the loss of life. In fact, it would paralyze and shock the nation and create a new, profound sense of vulnerability.”
He went as far to label cyber-terrorism equal to conventional terrorism, nuclear weapons proliferation and the turmoil in the Middle East.
Panetta did offer the crowd at the BENS event some good news. He said that the government is well aware of this potential cyber Pearl Harbor and has its collective eyes wide open. “We are a nation that, thank God, is on the cutting edge of this new technology. We are the best and we have to stay there,” he said.
Currently, the Department of Defense, in large part through the capabilities of the National Security Agency, has developed one of the world’s most sophisticated systems to detect cyber intruders and attackers. Panetta added that his department is acting aggressively to get ahead of this problem, putting in place measures to stop cyber attacks dead in their tracks. “We are doing this as part of a broad whole of government effort to confront cyber threats.”But these efforts will not mean a full-scale monitoring of U.S. citizens’ personal computers, Panetta assured the crowd. “We’re not interested in personal communication or in e-mails or in providing the day to day security of private and commercial networks. That is not our goal. That is not our job. That is not our mission. Our mission is to defend the nation. We defend. We deter, and if called upon, we take decisive action to protect our citizens. In the past, we have done so thorough operations on land and at sea, in the skies and in space. In this century, the United States military must help defend the nation in cyberspace as well.”
According to Panetta, if a foreign adversary attacked U.S. soil, the American people have every right to expect their national defense forces to respond. If a crippling cyber attack were launched against the U.S., the American people must be protected. And if the Commander in Chief orders a response, the Defense Department must be ready to obey that order and to act.
To ensure this Panetta said his department is focusing on three main tracks.
1. Developing new capabilities.
2. Putting in place the policies and organizations we need to execute our mission.
3. Building much more effective cooperation with industry and with our international partners. With these three focus areas; DoD is investing more than $3 billion annually in cyber-security. Over the last two years, DoD has also made significant investments in forensic. The department will also undertake a comprehensive change to its rules of engagement in cyberspace. Panetta admitted that this policy has not been update in the past seven years. The new rules will make clear that the department has a responsibility, not only to defend DoD’s networks, but also to be prepared to defend the nation and our national interests against an attack in or through cyberspace. These new rules make the department more agile and provide us with the ability to confront major threats quickly, he said.
“Our most important investment is in skilled cyber warriors needed to conduct operations in cyberspace. Just as DoD developed the world’s finest counterterrorism force over the past decade, we need to build and maintain the finest cyber force and operations. We’re recruiting, we’re training, and we’re retaining the best and the brightest in order to stay ahead of other nations. It’s no secret that Russia and China have advanced cyber capabilities. Iran has also undertaken a concerted effort to use cyberspace to its advantage,” he said.
From a security software vendor perspective, Panetta said one of the goals is to work closer with the private sector companies that develop security solutions.
“We’ve made real progress in sharing information with the private sector. But very frankly, we need Congress to act to ensure that this sharing is timely and comprehensive. Companies should be able to share specific threat information with the government, without the prospect of lawsuits hanging over their head. And a key principle must be to protect the fundamental liberties and privacy in cyberspace that we are all duty bound to uphold,” he said.
In closing, Panetta said the warning signs for the 9/11 attacks were there. He added that the U.S. weren’t organized, nor where they ready and we suffered terribly for that lack of attention.
“We cannot let that happen again. This is a pre-9/11 moment. The attackers are plotting. Our systems will never be impenetrable just like our physical defenses are not perfect, but more can be done to improve them. We need Congress and we need all of you to help in that effort. I want you to know the Department of Defense is doing our part.”