The threats of train derailment, contaminated water supplies, a crippled power grid and other infrastructure nightmares in the United States loom on the horizon, Defense Secretary Leon Panetta said yesterday (Oct. 11).
In what he described as a "cyber-Pearl Harbor," Panetta said the recent attacks against the websites of major U.S. banks were further evidence that the nation is becoming increasingly vulnerable to crippling attacks delivered digitally.
The secretary said he fears that similar instances, such as August's Shamoon attack that destroyed 30,000 computers at an oil company in Saudi Arabia, could occur at home.
"Imagine the impact an attack like this would have on your company," he said. "While this kind of tactic isn't new, the scale and speed with which it happened was unprecedented."
Panetta's speech at the Intrepid Sea, Air and Space Museum in New York comes after Democratic senators failed to muster the 60 votes required to defeat a proposed Republican filibuster against the Cybersecurity Act of 2012.
Under that legislation, operators of private-sector infrastructure deemed critical would have to adopt a set of standards established, in part, by the government.
The proposed order could affect energy, water, transportation operations or any other systems that, if compromised, could result in catastrophic death or damage.
Panetta reprimanded Congress for failing to pass the legislation, which was sponsored by Sen. Joe Lieberman, I-Conn., and strongly backed by the White House.
"If we detect an imminent threat of attack that will cause significant physical destruction in the United States, or kill American citizens, we need to have the option to take action against those who would attack us, to defend this nation when directed by the president," Panetta said. "The fact is, that to fully provide the necessary protection in our democracy, cybersecurity [legislation] must be passed by the Congress."
In spite of his dire warning, Panetta said the U.S. had made "significant advances" in detecting the origins of cyberattacks.
"Potential aggressors should be aware that the United States has the capacity to locate them and hold them accountable for actions that harm America or its interests," he said.
Panetta blamed Iran for the Shamoon attack on the Saudi computers. Lieberman has blamed Iran for the attacks on American banking websites.
Both accusations may be premature. There is more evidence that the U.S. and Israel have attacked Iran with cyberweapons at least twice in the past five years, first with the Flame spyware and then with the Stuxnet worm that sabotaged an Iranian uranium-processing facility.
Follow Ben on Twitter.