Cyber-Threats: a Pre-9/11 Moment
By Tim Moran
Since 1982, BENS (Business Executives for National Security) has been supporting the U.S. government with best business-practice solutions to its most difficult national security problems. The group is nonpartisan, and, according to its site, aims to be "the primary channel through which senior American business leaders contribute special experience and talent to help build a more secure nation."
Recently, Department of Defense Secretary Leon Panetta was honored by BENS for his commitment to national security. In his remarks at the awards dinner, held at the Intrepid Sea, Air & Space Museum, in New York, Panetta urged business leaders to shore up their corporate cyber-defenses, offering a "three-pronged approach to defend the nation in cyber-space: Develop new capabilities; create policies and organizations to help execute against the plan; and build greater partnerships between industry and industrial partners."
What's interesting about Panetta's speech is the degree to which he believes the "cyber-threat" is becoming a real and present danger to U.S. businesses and the government. While acknowledging the damage that can be done by identity thieves and scammers, he explained that "the even greater danger facing us in cyber-space goes beyond crime and harassment. A cyber-attack perpetrated by nation states or violent extremist groups could be as destructive as the terrorist attack of 9/11. Such a destructive cyber-terrorist attack could paralyze the nation."
Panetta then provided examples, which, according to some sources, was the first time a government official acknowledged these attacks. He said some U.S. financial institutions were hit recently by distributed denial of service attacks. While such attacks are not new, he said, "the scale and speed [of these] was unprecedented."
He went on to say: "But even more alarming is an attack that happened two months ago, when a sophisticated virus called "Shamoon" infected computers at the Saudi Arabian state oil company, ARAMCO. Shamoon included a routine called a 'wiper,' coded to self-execute. This routine replaced crucial system files with an image of a burning U.S. flag. It also put additional 'garbage' data that overwrote all the real data on the machine."
More than 30,000 computers, he noted, were rendered useless and had to be replaced. He went on to say that there was a similar attack on Ras Gas of Qatar, a major energy company in the region. "All told," he said, "the Shamoon virus was probably the most destructive attack that the private sector has seen to date. Imagine the impact an attack like this would have on your company."
These attacks, he told the BENS audience, indicate a major escalation of the cyber-threat, and the worst is yet to come. He revealed that the government knows that "foreign cyber-actors are probing America's critical infrastructure networks. They are targeting the computer control systems that operate chemical, electricity and water plants, and those that guide transportation throughout the country.
“We know of specific instances where intruders have successfully gained access to these control systems. We also know they are seeking to create advanced tools to attack these systems, and cause panic, destruction and even the loss of life."
So, think about it: What chance would your company have against destructive and sophisticated attacks such as these? While I am not a security expert or geopolitical watchdog, it has always seemed to me that the Internet is where terrorists—of every stripe—will ultimately do the most damage to our country and others around the world.
While you are standing on the interminable security line at the airport with your pants falling down because your belt is in the tray on the conveyor … and your socks are picking up all sorts of debris from the dirty floor … and you are spread-eagled, hands above your head in the new whole-body imaging device … and you are worried that you have more than three ounces of shampoo in your bag, think about what Panetta is saying. Where is the real threat going to come from?
His closing: "Before September 11, 2001, the warning signs were there. We weren't organized. We weren't ready. And we suffered terribly for that. We cannot let that happen again. This is a pre-9/11 moment. The attackers are plotting. Our systems will never be impenetrable, just like our physical defenses are not perfect."
Sobering words indeed. And all I am doing is what they suggest: I saw something and said something.