recommended reading

Panetta: Intruders ‘successfully gained access’ to critical control systems

Virginia Mayo/AP

Defense Secretary Leon Panetta late Thursday said outsiders are known to have breached the computers that control U.S. chemical, electricity or water utilities. And he announced the Pentagon is finalizing the most comprehensive changes to its offensive rules of engagement in cyberspace to protect civilian networks, for the first time in seven years.

The comments marked a rare occasion in which government officials have confirmed that adversaries are not just probing critical infrastructure systems but penetrating those machines’ safeguards. Panetta, who was addressing business executives in New York City, also disclosed that the severity of recent disruptions to U.S financial services websites and a Saudi oil company is unparalleled.

“We know that foreign cyber actors are probing America’s critical infrastructure networks. They are targeting the computer control systems that operate chemical, electricity and water plants, and those that guide transportation throughout the country. We know of specific instances where intruders have successfully gained access to these control systems,” Panetta said.

U.S. cybersecurity is the responsibility of the Homeland Security Department, with the Pentagon and the FBI playing supporting roles to protect civilian systems. To further that support, “the department has developed the capability to conduct effective operations to counter threats to our national interests in cyberspace,” Panetta said. “Potential aggressors should be aware that the United States has the capacity to locate them and hold them accountable for actions that harm America or its interests.”

He added that the new rules of engagement “will make clear that the department has a responsibility not only to defend DoD’s networks, but also to be prepared to defend the nation and our national interests against an attack in or through cyberspace.”

Panetta sits on the more provocative side of a debate over the ability of aggressors to wage network attacks that could cripple American society. While most experts agree that terrorist groups and enemy states may be trying to buy or build such capabilities, they are divided over the imminent risk of a cyber assault “that could be the equivalent of Pearl Harbor,” to quote Panetta’s oft-used axiom.

Panetta on Thursday again depicted images of simultaneous cyberattacks that derail trains loaded with lethal chemicals, contaminate the water supply in major cities, and degrade critical military systems -- combined with a physical attack -- that could culminate in a “cyber Pearl Harbor.”

It is clear that bad actors currently are able to engineer malicious software that steals substantial monetary funds, intellectual property and national security secrets. Disruptive malware that destroys electronics and software already is emerging.

Panetta pointed to an August strike on internal network services at Saudi Aramco, the Saudi Arabian state oil company, that corrupted 30,000 employee workstations.

The so-called Shamoon virus “replaced crucial system files with an image of a burning U.S. flag. It also put additional garbage data that overwrote all the real data on the machine,” Panetta said. “The Shamoon virus was probably the most destructive attack that the private sector has seen to date.”

Aramco’s computers have since been cleaned of the malware and restored to service, the firm stated in late August. None of the company’s oil and gas operations were affected by the infection, according to Aramco officials.

More recently, a string of computer incidents temporarily disabled customer sites at major U.S. banks, including Capital One and SunTrust Banks. An activist group calling itself “Cyber fighters of Izz ad-din Al qassam” took credit for planning floods of network traffic to paralyze the sites’ servers, known as denial of service attacks.

On Thursday, Panetta said, “While this kind of tactic isn’t new, the scale and speed was unprecedented,” adding that the online bank disturbances and the Saudi Arabia hit “mark a significant escalation of the cyber threat.”

The Pentagon -- with a $3 billion purse -- is continuing to increase key investments in cybersecurity even in times of fiscal constraint. “Our most important investment is in the skilled cyber warriors needed to conduct operations in cyberspace,” Panetta said. 

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

    Download
  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

    Download
  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

    Download
  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

    Download

When you download a report, your information may be shared with the underwriters of that document.