US can trace cyberattacks, mount pre-emptive strikes, Panetta says

THANKS FOR Advanced data source By CHRIS CARROLL

Stars and Stripes
Published: October 11, 2012

WASHINGTON — The U.S. military now has the ability to trace a cyberattack back to its source and mount pre-emptive operations when an impending assault is detected, Defense Secretary Leon Panetta declared Thursday.

In his first cyberpolicy speech, Panetta spoke in unprecedentedly stark language about potential military responses to cyberattacks that threaten national security.

The United States is now in a “pre-9/11 moment,” Panetta said, at risk of crippling online attacks against public utilities, trains or chemical factories. And the Pentagon, he said, is in the final stages of preparing new rules of engagement that could be invoked if cyberweapons threaten the country.


Defense alone won’t prevent attacks, Panetta said, seemingly acknowledging advanced U.S. cyber offensive capabilities — until now a secrecy-shrouded topic that officials have been loath to mention. “Potential aggressors should be aware that the United States has the capacity to locate them and to hold them accountable for actions that may try to harm America,” the defense secretary told the Business Executives for National Security Group aboard the decommissioned USS Intrepid aircraft carrier in New York. “For these kinds of scenarios, the department has developed the capability to conduct effective operations to counter threats to our national interests in cyberspace.”

But Panetta did not clearly specify whether a damaging computer network attack would prompt a reciprocal cyberstrike or an assault with conventional arms or other means. Responses to cybersecurity threats, he said, would follow accepted legal frameworks, including the law of armed conflict.

The United States has already attributed thousands of minor cyberattacks to criminal gangs, foreign nations and individuals, a senior defense official said Thursday, speaking on condition of anonymity.

“Conventional wisdom about cyberspace right now is that it’s impossible to attribute attacks to any specific individual or nation-state, [but] we have invested a lot in the [Defense] Department in developing that capability,” the official said. “And it has improved tremendously.”

China and Russia are the nations frequently cited as the biggest challenges to American cyber security, with Iran and North Korea also developing their own capabilities. Terrorists, who could try to carry out a deadly attack that would make little strategic sense for a nation-state, are another growing concern.

Panetta revealed that investigators have uncovered instances where online intruders gained access to control systems for chemical, water and electrical plants, as well as public transportation control software. Attacks on public utilities could spark the “cyber Pearl Harbor” that the defense secretary has often referred to.

He painted an explicit picture of how attacks could unfold.

“An aggressor nation or extremist group could use these kinds of cybertools to gain control of critical switches… [and] derail passenger trains, or even more dangerous, trains loaded with lethal chemicals,” he said “They could contaminate the water supply in major cities, or shut down the power grid across large parts of the country.”

The most damaging attacks could combine a multi-pronged attack: knocking civil and military computer systems offline, with a physical attack on the country.

The business community and the government, including DOD, the Department of Homeland Security and the Department of Justice, must work together to share information about threats and develop “baseline standards” for protecting critical private-sector infrastructure from cyberattack, Panetta said. Overseas allies need to be in the loop as well, he said.

“The private sector, government, military, our allies all share the same global infrastructure – and we all share the responsibility to protect it,” he said.

Panetta criticized a deadlocked Congress for failing to deliver legislation that would codify a government-private industry collaboration to secure private-sector networks. Short of that, defense officials said earlier Thursday, Panetta would welcome an executive order President Barack Obama has considered issuing to accomplish the same objectives.

“There is no substitute for comprehensive legislation, [but] we need to move as far as we can in the meantime,” Panetta said. “We have no choice because the threat we face, as I’ve said, is already here.”

Twitter: @ChrisCarroll_