recommended reading

Panetta: Intruders ‘successfully gained access’ to critical control systems

Virginia Mayo/AP

Defense Secretary Leon Panetta late Thursday said outsiders are known to have breached the computers that control U.S. chemical, electricity or water utilities. And he announced the Pentagon is finalizing the most comprehensive changes to its offensive rules of engagement in cyberspace to protect civilian networks, for the first time in seven years.

The comments marked a rare occasion in which government officials have confirmed that adversaries are not just probing critical infrastructure systems but penetrating those machines’ safeguards. Panetta, who was addressing business executives in New York City, also disclosed that the severity of recent disruptions to U.S financial services websites and a Saudi oil company is unparalleled.

“We know that foreign cyber actors are probing America’s critical infrastructure networks. They are targeting the computer control systems that operate chemical, electricity and water plants, and those that guide transportation throughout the country. We know of specific instances where intruders have successfully gained access to these control systems,” Panetta said.

U.S. cybersecurity is the responsibility of the Homeland Security Department, with the Pentagon and the FBI playing supporting roles to protect civilian systems. To further that support, “the department has developed the capability to conduct effective operations to counter threats to our national interests in cyberspace,” Panetta said. “Potential aggressors should be aware that the United States has the capacity to locate them and hold them accountable for actions that harm America or its interests.”

He added that the new rules of engagement “will make clear that the department has a responsibility not only to defend DoD’s networks, but also to be prepared to defend the nation and our national interests against an attack in or through cyberspace.”

Panetta sits on the more provocative side of a debate over the ability of aggressors to wage network attacks that could cripple American society. While most experts agree that terrorist groups and enemy states may be trying to buy or build such capabilities, they are divided over the imminent risk of a cyber assault “that could be the equivalent of Pearl Harbor,” to quote Panetta’s oft-used axiom.

Panetta on Thursday again depicted images of simultaneous cyberattacks that derail trains loaded with lethal chemicals, contaminate the water supply in major cities, and degrade critical military systems -- combined with a physical attack -- that could culminate in a “cyber Pearl Harbor.”

It is clear that bad actors currently are able to engineer malicious software that steals substantial monetary funds, intellectual property and national security secrets. Disruptive malware that destroys electronics and software already is emerging.

Panetta pointed to an August strike on internal network services at Saudi Aramco, the Saudi Arabian state oil company, that corrupted 30,000 employee workstations.

The so-called Shamoon virus “replaced crucial system files with an image of a burning U.S. flag. It also put additional garbage data that overwrote all the real data on the machine,” Panetta said. “The Shamoon virus was probably the most destructive attack that the private sector has seen to date.”

Aramco’s computers have since been cleaned of the malware and restored to service, the firm stated in late August. None of the company’s oil and gas operations were affected by the infection, according to Aramco officials.

More recently, a string of computer incidents temporarily disabled customer sites at major U.S. banks, including Capital One and SunTrust Banks. An activist group calling itself “Cyber fighters of Izz ad-din Al qassam” took credit for planning floods of network traffic to paralyze the sites’ servers, known as denial of service attacks.

On Thursday, Panetta said, “While this kind of tactic isn’t new, the scale and speed was unprecedented,” adding that the online bank disturbances and the Saudi Arabia hit “mark a significant escalation of the cyber threat.”

The Pentagon -- with a $3 billion purse -- is continuing to increase key investments in cybersecurity even in times of fiscal constraint. “Our most important investment is in the skilled cyber warriors needed to conduct operations in cyberspace,” Panetta said. 

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.