Cyber attacks on infrastructure more critical, and damaging, says Panetta

Defense Secretary Leon Panetta

Electronic attacks on critical infrastructure are becoming more damaging and perilous, according to Defense Secretary Leon Panetta, who described a recent, cyber attack on Saudi oil company ARAMCO possibly backed by Iranian hackers.

In an Oct. 11 speech at the Business Executives for National Security meeting in New York aboard the USS Intrepid Museum, Panetta warned that the U.S. faces another catastrophic attack that could paralyze the nation.

In his speech, according to the Department of Defense’s Armed Forces Press Service, Panetta pointed to the distributed denial of service (DDoS) attacks that have plagued U.S. banks in recent weeks, as well a more serious attack on oil company facilities in Saudi Arabia, as more evidence the cyber threat is mounting.

The attack on Saudi Arabian state oil company ARAMCO was conducted with what the Defense Department said was a sophisticated virus called “Shamoon” that infected computers at the company.  “Shamoon included a routine called a ‘wiper,’ coded to self-execute,” said Panetta. “This routine replaced crucial system files with an image of a burning U.S. flag. It also put additional ‘garbage’ data that overwrote all the real data on the machine. The more than 30,000 computers it infected were rendered useless, and had to be replaced.”

Panetta said a similar attack followed in Qatar. “All told, the Shamoon virus was probably the most destructive attack that the private sector has seen to date,” he said.

Panetta warned that U.S. enemies continue to target computer control systems that operate chemical, electricity and water plants, and guide transportation networks.

“We also know they are seeking to create advanced tools to attack these systems and cause panic, destruction and even the loss of life,” he said.

“An aggressor nation or extremist group could gain control of critical switches and derail passenger trains, or trains loaded with lethal chemicals,” he said. “They could contaminate the water supply in major cities, or shut down the power grid across large parts of the country.”

Panetta didn’t directly accuse Iran of backing the ARAMCO and Qatar attacks, but made it clear that DoD has dedicated millions to be able to track and respond to Cyber attack and is working to change the rules for Cyber engagement.

“Potential aggressors should be aware that the United States has the capacity to locate them and hold them accountable for actions that harm America or its interests,” he said.

“If we detect an imminent threat of attack that will cause significant physical destruction or kill American citizens, we need to have the option to take action to defend the nation when directed by the President,” Panetta said. “For these kinds of scenarios, the Department has developed the capability to conduct effective operations to counter threats to our national interests in cyberspace.”

“Let me be clear that we will only do so to defend our nation, our interests, or our allies,” he said. “And we will only do so in a manner consistent with the policy principles and legal frameworks that the Department follows for other domains, including the law of armed conflict.”