Panetta Warns Attacks on Critical Infrastructure "Could Paralyze the Nation"

Anthony Freed
By | October 12, 2012

Posted in: Network Security Trends

Secretary of Defense Leon Panetta reiterated his concerns over vulnerabilities in systems governing the nation's critical infrastructure that could result in catastrophic events should those networks be targeted my malicious actors.

“A cyber attack perpetrated by nation states or violent extremist groups could be as destructive as the terrorist attack of 9/11. Such a destructive cyber terrorist attack could paralyze the nation,” Panetta warned. The statements were made during a speech delivered to the Business Executives for National Security meeting in held at the USS Intrepid Museum in New York Thursday.

Panetta pointed to the recent barrage of Distributed Denial of Service (DDoS) attacks American financial institutions over the last few weeks, as well as the malware attacks against oil and gas giant Saudi Aramco last August that utilized the Shamoon Trojan, as being examples of such destructive attacks.

“Shamoon included a routine called a ‘wiper,’ coded to self-execute. This routine replaced crucial system files with an image of a burning U.S. flag. It also put additional ‘garbage’ data that overwrote all the real data on the machine. The more than 30,000 computers it infected were rendered useless, and had to be replaced... All told, the Shamoon virus was probably the most destructive attack that the private sector has seen to date,” Panetta explained.

The Defense chief went on to specifically discuss threats to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems (ICS), such as those targeted in Iran's nuclear program by the Stuxnet virus, creating the potential for a “cyber Pearl Harbor."

“An aggressor nation or extremist group could gain control of critical switches and derail passenger trains, or trains loaded with lethal chemicals. They could contaminate the water supply in major cities, or shut down the power grid across large parts of the country," Panetta said.

Stuxnet is a sophisticated designer-virus that infected systems which provided operations control for production networks, and is widely thought to have caused damage to equipment at Iran's uranium enrichment facilities.

Stuxnet was considered a game changer because the infection did not merely affect the targeted systems, but actually inflicted kinetic damage on the equipment those systems controlled, a consequence that had not previously been seen as far as malware attacks are concerned.

Panetta is concerned that this new generation of destructive malware, exemplified by Shamoon and Stuxnet, could produce “an attack that would cause physical destruction and loss of life, paralyze and shock the nation and create a profound new sense of vulnerability.”

The key to a strong cyber defense, Panetta says, is in the ability to prevent attacks of this magnitude through effective deterrence, and the ability to accurately attribute an attack to a specific actor is central to the strategy.

“Our cyber adversaries will be far less likely to hit us if they know we will be able to link them to the attack, or that their effort will fail against our strong defenses. The Department has made significant advances in solving a problem that makes deterring cyber adversaries more complex: the difficulty of identifying the origins of an attack... Potential aggressors should be aware that the United States has the capacity to locate them and hold them accountable for actions that harm America or its interests,” Panetta insisted.

You May Also Be Interested In: