Defense Secretary warns the government would tap new forensics abilities, and experts say the time is right to use new tech to strike first It is not as though warnings of a “digital Pearl Harbor” are new. The concept goes back at least to 1991, when author and cyber terrorism expert Winn Schwartau called it “electronic Pearl Harbor.” Former counter-terrorism czar Richard A. Clarke mentioned it a dozen years ago.Since then, the image has been invoked hundreds of times by political leaders, government officials and security experts. It even made its way into the Republican Party platform this year.But, it tends to get a bit more mainstream notice when the U.S. Secretary of Defense says it, as Leon Panetta did last week in a speech in New York to the Business Executives for National Security (BENS).The results of cyberttacks by a hostile nation-state on critical infrastructure like transportation, water supply or the electric grid “could be a cyber Pearl Harbor — an attack that would cause physical destruction and the loss of life,” Panetta said. “In fact, it would paralyze and shock the nation and create a new, profound sense of vulnerability.” Panetta also invoked the image of a cyberattack on the level of 9/11. “Before September 11, 2001, the warning signs were there. We weren’t organized. We weren’t ready and we suffered terribly for that lack of attention. We cannot let that happen again. This is a pre-9/11 moment,” he said.[Bill Brenner in Salted Hash: Who better for cybersecurity – Obama or Romney?] Joel Harding, a retired military intelligence officer and information operations expert, welcomed the speech, but said, “The problem is both government and industry have been saying exactly the same thing for years and it took the Secretary of Defense to speak on the matter for many to notice.”Panetta has used that image before. What was new this time was that, while he urged both the private and public sector to cooperate in blocking and defending against such attacks, he went beyond that.He used some of the most aggressive language yet in the four years of the Obama administration to declare that if threatened by a catastrophic cyberattack, the U.S. would not only strike back hard, but might strike first, both for protection and deterrence.“We won’t succeed in preventing a cyberattack through improved defenses alone,” he said. “If we detect an imminent threat of attack that will cause significant, physical destruction in the United States or kill American citizens, we need to have the option to take action against those who would attack us to defend this nation when directed by the president.”For an administration generally critical of saber rattling, this was some serious cyber rattling. Jack Goldsmith, writing at the Lawfare blog, “[Panetta] makes plain that the [Department of Defense] has the capabilities and desire to engage in a preemptive attacks against imminent cyber threats.”The Secretary said that is partially because Defense now believes it can do so accurately. One of the greatest dangers of retaliation after a cyberattack is that it has been so easy for the perpetrators to cover their tracks. They can make it look like it came from a country or organization that had nothing to do with it. Panetta said, however: “The department has made significant advances in solving a problem that makes deterring cyber adversaries more complex: the difficulty of identifying the origins of that attack. Over the last two years, [Defense] has made significant investments in forensics to address this problem of attribution and we’re seeing the returns on that investment.”The threats are increasingly serious, Panetta said. He noted the Shamoon virus attack in August against the Saudi Arabian oil company Aramco that essentially destroyed 30,000 computers, and then a similar attack on RasGas, a liquefied natural gas producer in Qatar.Panetta called the Shamoon attack “probably the most destructive attack that the private sector has seen to date,” and added that U.S. intelligence knows that “foreign cyber actors are probing America’s critical infrastructure networks.”“They are targeting the computer control systems that operate chemical, electricity and water plants and those that guide transportation throughout this country,” he warned. “We also know that they are seeking to create advanced tools to attack these systems and cause panic and destruction and even the loss of life.” The security community’s response to Panetta’s warnings are mostly positive. Goldsmith noted that Panetta did not say how good or fast the the Defense Department is at attribution — only that it has improved, writing, “and he may to some unknown degree be puffing. Nonetheless, this is a potentially big deal for cyber deterrence.”C. Robert Kline, founder and president of Kline Technical Consulting, welcomed the comments. “Our work has been focused on cyber offense — studying and tracking the large attackers, working with others to define, design, build, and field better ‘sentries’ on the one hand and better counterattack forces to destroy the attack,” he wrote in blog post.A cyber Pearl Harbor “is a real threat,” Kline wrote. “Even small groups, backed by a government bent on destruction or disruption (economic, property, spirit) of an enemy can do extraordinary damage.”Harding said that “ascertaining attribution has improved significantly in the classified world.”And Harding believes forensics abilities should be put to use. “The US needs to take offensive actions in cyberspace to stop pending cyber attacks, but more importantly, to send a statement,” he said. “Attack the U.S. economy and we will defend ourselves.”“If we have good indications before the attack that you are about to attack our economy, steal our intellectual property, attack our military, attack any part of our nation, we will not only stop you but we will also make you pay a price,” Harding said. “The days of the United States of America enduring withering attacks without striking back is over.”There is general agreement that Panetta may have been sending a veiled warning to Iran, seen as eager to attack the U.S., since it blames both the U.S. and Israel for the Stuxnet worm that destroyed an estimated 1,000 centrifuges in Iran’s nuclear program.But another perceived problem with confronting and even preempting an Iranian attack is public perception. “Even if our attribution skills are fast and accurate (which they won’t always be), any responsive cyberattack that has public effects must be accompanied by public evidence that the attack was warranted — something very hard to do when attribution is based on sophisticated and fragile intelligence tools,” Jack Goldsmith wrote. “To the extent [the U.S. government) cannot prove attribution publicly, its threats of a cyberattack are diminished.”Harding has fewer reservations. “Every now and then we need to say ‘we just attacked you in cyberspace because you did this or are about to do that’. It’s using the carrot and stick, every now and then we need to use the stick and let them know we will use it when necessary,” he said. Related content news UK CSO 30 Awards 2023 winners announced By Romy Tuin Dec 05, 2023 4 mins CSO and CISO C-Suite Roles news analysis Deepfakes emerge as a top security threat ahead of the 2024 US election As the US enters a critical election year, AI-generated threats, particularly deepfakes, are emerging as a top security issue, with no reliable tools yet in place to combat them. By Cynthia Brumfield Dec 05, 2023 7 mins Election Hacking Government Security Practices feature How cybersecurity teams should prepare for geopolitical crisis spillover CISOs can anticipate and prepare for cyberattacks conducted by participants in geopolitical conflict such as the Israel/Hamas war by understanding the threat actors' motivations and goals. By Christopher Whyte Dec 05, 2023 12 mins Advanced Persistent Threats Threat and Vulnerability Management Risk Management news analysis P2Pinfect Redis worm targets IoT with version for MIPS devices New versions of the worm include some novel approaches to infecting routers and internet-of-things devices, according to a report by Cado Security. By Lucian Constantin Dec 04, 2023 5 mins Botnets Hacker Groups Security Practices Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe