US threatens pre-emptive strike to stop cyber threats
Posted on 12 Oct 2012 at 10:01
The US military could act pre-emptively if it detects an imminent threat of cyber attack, according to Defence Secretary Leon Panetta.
In what was described by US officials as the first major policy speech on cyber security by a defence secretary, Panetta lamented under-investment by America's private sector and political gridlock in Washington that had stymied cyber security legislation. He said a presidential executive order was being considered "while we wait for Congress to act."
Addressing a gathering of business leaders in New York, Panetta warned that unnamed foreign actors were targeting computer control systems that operate chemical, electricity and water plants and those that guide transportation.
The fears are nothing new, but rolling out the big guns suggests an escalation of concerns.
"We know of specific instances where intruders have successfully gained access to these control systems. We also know that they are seeking to create advanced tools to attack these systems and cause panic, and destruction, and even the loss of life," Panetta said.
Potential aggressors should be aware that the United States has the capacity to locate them and to hold them accountable for actions that may try to harm America
Aggressors could derail passenger trains, contaminate the water supply or shut down the power grid in much of the country, he said.
Business sector slacking
According to Panetta, although awareness of the threat in America's private sector had grown, "the reality is that too few companies have invested in even basic cyber security".
To underscore the degree of concern, Panetta pointed to the August cyber attack on Saudi Arabian state oil company, ARAMCO, blamed on the "Shamoon" virus, and a similar one days later that struck Qatar's natural gas firm, Rasgas.
"All told, the Shamoon virus was probably the most destructive attack that the private sector has seen to date," he said.
Panetta called the "Shamoon" virus sophisticated and noted that in Saudi Arabia it replaced crucial system files with an image of a burning US flag.
"More than 30,000 computers that it infected (at ARAMCO) were rendered useless, and had to be replaced," he said.
He also pointed to recent denial-of-service attacks on major US banks, which delayed or disrupted services on customer websites.
One US official, briefing reporters before the speech on condition of anonymity, said the United States knew who carried out the attacks cited in Panetta's speech, but declined to disclose that information.
Watching the watchers
The US has long been concerned about cyber warfare capabilities in China, Russia and increasingly from Iran. But one problem has been the difficulty in knowing with certainty where a cyber attack hails from - making potential retaliation difficult.
Panetta said the US had made significant investments in cyber forensics to address that problem "and we are seeing returns on those investments."
"Potential aggressors should be aware that the United States has the capacity to locate them and to hold them accountable for actions that may try to harm America," Panetta said, adding the Pentagon was finalising the most comprehensive change to the rules of engagement in cyberspace in seven years.
He said that the Department of Defence had a mission to defend the country and would be ready to respond to attacks - or even the emergence of a concrete threat. Such pre-emptive action would occur only under certain, dire scenarios, he said.
"If we detect an imminent threat of attack that will cause significant physical destruction in the United States or kill American citizens, we need to have the option to take action against those who would attack us," he said.
In my opinion, the Defence Secretary received information that exaggerates the threat of the Shamoon malware. According to Kaspersky the Shamoon malware was the work of copycat amateur programmers. The malware is sophisticated in design but the programmers were amateur enough not to test it thoroughly, resulting in the malware leaving behind information for companies like Kaspersky to find.
It is over-reacting when it is stated that Saudi Aramco needed to replace all 30,000 computers. I would imagine what is meant here is that 30,000 new hard disks were bought. Obviously they didn’t have tools that completely wipe all areas of a hard disk (or may be the time to use such tools, may be it was cheaper to dump the hard disks in favour of new ones?). I am not talking about multi-pass data free-space wipers but wiping/repairing key areas such as the MBR, boot sector and BCD (of a Windows PC).
They could have used the Bootrec.exe tool to repair these areas back to a clean state or used the diskpart clean command to return the disk to a completely blank state with none of the above critical boot components remaining. They could then restore from a backup image over the blank hard disk and be back to normal.
My point to including all of the above is that the threat and the damage caused is exaggerated.
By Jimbo762 on 12 Oct 2012
Where have we seen before that Americans react pre-emptively to an exaggerated threat?....
There's a great article written by a grizzled net-head, who very clearly predicts that then end of the web will not come because of cyberattacks, but because of the measures put in place to prevent them going wrong... I'll go dig it out.
By TigerUnleashed on 12 Oct 2012
How will this group/army work?
I just wonder what the RoE are?
I bet there are a lot of groups esp none military ones just waiting and lining up to have a go at this new army group.
Will this new army group attack or even practice on groups (anonymous etal)or will they go after crime gangs etc? ~ what is an army target or a ciliven target?
By mprltd on 12 Oct 2012
That’s true, they have reacted to exaggerated threats before. However when the only information they get is exaggerated, it isn’t entirely the people in charge who are to blame but those advisers that provide them with such exaggerated info.
I would be interested to read that article that you mention when you locate the link, thanks for offering to retrieve it for me. I hope that my comments above aren’t contributing to “measures being put in place to prevent attacks”, that wasn’t my intention, merely to show how such infections can be cleaned with standard tools.
It remains to be seen who this new group will attack for real or for practice. Since they are part of the army, I wonder if they can trace the attacks back to their source (albeit unlikely) would they then order a physical attack on the “enemies” infrastructure if a cyber-attack on the enemy failed?
By Jimbo762 on 12 Oct 2012
Worry Worry Worry
For the Armed Forces, an easy route to ensure continuance of service is to ensure there is an enemy.
The biggest and scariest "nightmare scenario" to anyone is an attack on the homeland and its people, especially post 9/11.
The easiest way to avoid technological terrorism is not to employ technology at all in high risk areas, or have such installations totally separated from communication lines.
Pre-emptive attacks on unknown bodies is fraught with danger.
A technologically advanced attack probably would not be traceable. Content or fabric could indicate/implicate a (totally innocent) third party.
Americans are rather Gun Ho at times... and take allies down with them when WMD are not found on accused land.
Thought before action is the best course of defence, but you must be willing to upkeep the cost of implementation.
By lenmontieth on 13 Oct 2012
Everyone with a dial-up modem should be scared, very scared...
By thickspex on 15 Oct 2012
- Flickr redesign: is it enough to tempt photographers back?
- Hands on with the new Google Maps
- Nokia Lumia 925 review: first look
- Why I won't subscribe to Creative Cloud
- GoPro camera strapped to a remote-control helicopter: the ultimate boy's toy
- Acer Iconia A1 review: first look
- Acer Aspire P3 review: first look
- Acer Aspire R7 review: first look
- How we produce the PC Pro podcast
- Google Now draining iPhone battery
- Yes, I write down my passwords
- How to deal with a ransomware attack
- How secure is your Wi-Fi network?
- How QR codes caught out the security pros
- Why I do not trust Do Not Track... yet
- The hard disks you can "secure" with a single-digit password
- Why I've started using a password manager
- Time to kill off CAPTCHA
- Are today's young people Generation I (for insecure)?
- Ransomware that's better made than antivirus software