By Angela Millan Epstien
Secretary of Defense Leon Panetta affirmed that the country could be subject of a cyber attack comparable to Pearl Harbor, and added that the nation should be prepared for such eventuality because the attacks could be more harmful than the 9/11 attacks.
He made these affirmations in NYC during the Business Executives for National Security, BENS annual gathering last week, and the observers interpreted it as a push to get more legislation passed on this subject.
The secretary, a former CIA director, urged the more than 650 security leaders at the event to add their voice to those who support stronger cyber defenses for the U.S., to prevent and face attacks like the ones that took place against the oil and financial industry over the past two months. In the case of the oil industry, Saudi Arabia’s oil company Aramco and Qatar’s energy company RasGas were attacked with the Shamoon malware that infected more than 30,000 machines; the governments of those countries reassured their clients that the attacks did not cause major damages.
In the case of the financial industry, PNC, Wells Fargo, J.P. Morgan Chase & Co. and Bank of America also suffered cyber attacks during the last few weeks. The attacks caused disruption and interruption of their services, and the group Cutting Sword of Justice claimed responsibility for the Saudi Arabia attacks, and published its reasons at Pastebin.com.
Intelligence and pentagon officers suspect these attacks may be Iran-backed, in retaliation to Saudi Arabia’s lobby for stronger sanctions against Iran, as well as in retaliation for the cyber attack against Natanz, Iranian’s Uranium Enrichment Plant in 2010 that they attribute to United States and Israel. According to The Associated Press, the government of Teheran denied any involvement, and thru its Cyber Secretary, Mahdi Akhavan Bahabadi, called the issue a “political topic in the midst of the presidential campaigns.”
Companies specialized in cyber security, like Prolexic Technologies and Arbor Networks, have identified several “distributed-denial-of-service attack” tools, or DDos. DDos are attempts to make a machine or network resource unavailable to its intended users, and it generally cause temporarily or indefinitely interruption, or suspend services of a host connected to the Internet.
Dmitri Alperovich, a specialist from CloudStrik, a company in the security industry, told Threatpost his company had seen some attacks reach 100 Gbps. Most observed DDoS attacks require 5-10 Gbps of traffic to take down a site, and added that “the fact that these attacks are able to shut these banks down is quite remarkable,” because they have massive infrastructures.
During his speech, Panetta explained that access and attacks to the systems of a company could cause not only economic damages but also loss of lives. This could be the case if a transportation system, like a railroad for instance, is attacked, or if a chemical or water plant is attacked and contaminated.
Added Panetta “The most destructive scenarios involve cyber actors launching several attacks on our critical infrastructure at one time, in combination with a physical attack on our country. Attackers could also seek to disable or degrade critical military systems and communication networks. The collective result of these kinds of attacks could be a cyber Pearl Harbor; an attack that would cause physical destruction and the loss of life. In fact, it would paralyze and shock the nation and create a new, profound sense of vulnerability.”
This is not the first time that Panetta rings the alarm; he did it back in August when rumors about Iran’s participation in cyber attacks circulated among national security observers, and analysts from Foreign Policy said that Iran wants to show the US it can affect negatively its economy. Yet, there are questions about the level of Iran’s technology sophistication, and some have speculated that Russia could have lent help to Iran. Russia’s technical capabilities, as well as China’s are more sophisticated than Iran’s, and both countries currently have open investigations in the US for Intellectual Property theft, as well as attacks against American companies.
Angela Millan Epstein writes for several publications in the Americas. She was an Univision Correspondent, and an NBC’s Canal de Noticias and ESPN’s Anchor. She has worked in technology and content with IBM and ScreamingMedia, amongst others.
By Angela Millan Epstien