US can trace cyberattacks, mount pre-emptive strikes, Panetta says
By CHRIS CARROLL | STARS AND STRIPES Published: October 11, 2012
WASHINGTON — The United States is in a “pre-9/11 moment,” Defense Secretary Leon Panetta said Thursday, citing the risk of crippling online attacks against public utilities, trains or chemical factories.
The Pentagon, he said, is in the final stages of preparing new rules of engagement that could be invoked if cyberweapons threaten the country.
The military now has the ability to trace an attack on a computer network back to its source as well as to mount pre-emptive operations when an impending assault is detected, Panetta declared Thursday in his first cyberpolicy speech, acknowledging advanced U.S. cyberoffensive capabilities — until now a secrecy-shrouded topic that officials have been loath to mention.
“Potential aggressors should be aware that the United States has the capacity to locate them and to hold them accountable for actions that may try to harm America,” the defense secretary told the Business Executives for National Security Group aboard the decommissioned USS Intrepid aircraft carrier in New York. “For these kinds of scenarios, the department has developed the capability to conduct effective operations to counter threats to our national interests in cyberspace.”
Panetta did not specify whether a damaging computer network attack would prompt a reciprocal cyberstrike or an assault with conventional arms or other means. Responses to cybersecurity threats, he said, would follow accepted legal frameworks, including the law of armed conflict.
The United States has attributed thousands of minor cyberattacks to criminal gangs, foreign nations and individuals, a senior defense official said Thursday, speaking on condition of anonymity.
“Conventional wisdom about cyberspace right now is that it’s impossible to attribute attacks to any specific individual or nation state, [but] we have invested a lot in the [Defense] Department in developing that capability,” the official said. “And it has improved tremendously.”
China and Russia are frequently cited as the biggest challenges to American cybersecurity, with Iran and North Korea also developing capabilities. Terrorists are another growing concern. So far, most cyberintrusions have been aimed at harassment, theft or spying rather than destruction.
Panetta revealed that investigators have uncovered instances where online intruders gained access to control systems for chemical, water and electrical plants, as well as public transportation control software. Attacks on public utilities could spark the “cyber Pearl Harbor” that the defense secretary has often referred to.
He painted an explicit picture of how attacks could unfold.
“An aggressor nation or extremist group could use these kinds of cybertools to gain control of critical switches ... [and] derail passenger trains, or even more dangerous, trains loaded with lethal chemicals,” he said “They could contaminate the water supply in major cities, or shut down the power grid across large parts of the country.”
The most damaging attacks could be multipronged operations that knock civil and military computer systems offline just as an adversary mounts a physical attack on the country.
The business community and the government, including the DOD, the Department of Homeland Security and the Department of Justice, must share information about threats and develop “baseline standards” for protecting critical private-sector infrastructure, Panetta said. Overseas allies, he said, also need to be in the loop.
“The private sector, government, military, our allies all share the same global infrastructure, and we all share the responsibility to protect it,” he said.
Panetta criticized a deadlocked Congress for failing to deliver legislation to codify a government-private industry collaboration to secure private-sector networks. Short of that, defense officials said earlier Thursday, Panetta would welcome an executive order that President Barack Obama has considered issuing to accomplish the same objectives.
“There is no substitute for comprehensive legislation, [but] we need to move as far as we can in the meantime,” Panetta said. “We have no choice because the threat we face, as I’ve said, is already here.”