Want CNET to notify you of price drops and the latest stories?

Pre-emptive cyberattack defense possible, Panetta warns

Defense Secretary Leon Panetta uses stark language to describe a "cyber-Pearl Harbor" that could cripple the nation's power grid, transportation system, financial networks, and government.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Steven Musil
2 min read
Leon Panetta
Defense Secretary Leon Panetta talks cybersecurity during the Business Executives for National Security meeting in New York today. DOD photo by Erin A. Kirk-Cuomo

The U.S. military has the ability to act pre-emptively when it detects an imminent cyberattack threat, Defense Secretary Leon Panetta said today.

During his first major policy speech on cybersecurity, Panetta echoed previous statements that the United States was facing the possibility of a "cyber-Pearl Harbor" perpetrated by foreign hackers, painting a grim portrait of the destructive power wielded by unnamed agents.

"A cyber attack perpetrated by nation states or violent extremist groups could be as destructive as the terrorist attack of 9/11," he said in prepared remarks during a speech at the Intrepid Sea, Air and Space Museum in New York. "Such a destructive cyber terrorist attack could paralyze the nation."

In unusually stark and dire language, Panetta warned that such attacks could cripple the nation's power grid, transportation system, financial networks, and government.

"An aggressor nation or extremist group could gain control of critical switches and derail passenger trains, or trains loaded with lethal chemicals," Panetta said. "They could contaminate the water supply in major cities, or shut down the power grid across large parts of the country."

To illustrate the threat, Panetta cited the Shamoon virus, which was blamed for a cyberattack on Saudi Arabian oil company Saudi Aramco and Qatar's natural gas firm Rasgas in mid-August.

"All told, the Shamoon virus was probably the most destructive attack that the private sector has seen to date," Panetta said. "More than 30,000 computers that it infected (at ARAMCO) were rendered useless, and had to be replaced."

Noting that adversaries will be less likely to mount an attack if the knew they could be traced, Panetta also boasted that the U.S. military has made "significant advances" in identifying the origins of a cyberattack.

"Potential aggressors should be aware that the United States has the capacity to locate them and hold them accountable for actions that harm America or its interests," he said.

However, Panetta said the government's significant investments in cyber forensics alone are not enough to prevent all cyberattacks.

"If we detect an imminent threat of attack that will cause significant physical destruction or kill American citizens, we need to have the option to take action to defend the nation when directed by the President," Panetta said. "For these kinds of scenarios, the Department has developed the capability to conduct effective operations to counter threats to our national interests in cyberspace."

Panetta, who is pushing for legislation that would require new standards at critical private-sector infrastructure facilities, blamed Congress for allowing the bipartisan Cybersecurity Act of 2012 to fall "victim to legislative and political gridlock."

"That is unacceptable to me, and it should be unacceptable to anyone concerned with safeguarding our national security," he said.