As Secretary of Defense Leon Panetta vividly described a potential cyber Pearl Harbor during a speech in New York, he included a direct appeal to the nations business community to cooperate with the U.S. government on cybersecurity measures.
Ultimately, no one has a greater interest in cybersecurity than the businesses that depend on a safe, secure, and resilient global digital infrastructure, Panetta said, according to a transcript of the remarks delivered Thursday evening at a gathering of Business Executives for National Security.
Panettas speech marked another high-profile effort by U.S. officials to engage business executives on the topic of cyber defense after contentious cybersecurity legislation failed in Congress over the summer. The Cybersecurity Act of 2012 called for greater information sharing between the government and the private sector about cyber attacks. But the bills opponentsincluding the U.S. Chamber of Commerceargued that it would create too many burdens on business.
Last month, Democratic Senator Jay Rockefeller of West Virginia sent a letter to Fortune 500 CEOs, asking what concerned them about the bill. The letter also posed a series of additional questions about the cybersecurity practices that each CEO has in place. The senator set a deadline of October 19 to respond.
For his part, Panetta called on both the private sector and Congress to support a cybersecurity measure that would ensure timely and comprehensive information sharing.
Companies should be able to share specific threat information with the government, without the prospects of lawsuits hanging over their head, he said.
As Foreign Policys Killer Apps blog reported in a preview of the speech, one challenge facing U.S. officials has been how to illustrate the problem of cybersecurity when so much is classified. “So, we end up speaking in broad strokes about the principles of our policies as a substitute for providing the details,” a White House official told reporter John Reed.
According to Reed, Panetta did end up revealing previously classified information in the speech when he addressed the audience at the Intrepid Sea, Air, and Space Museum, an old aircraft carrier moored in New York City. We know that foreign cyber actors are probing Americas critical infrastructure, Panetta said. They are targeting the computer control systems that operate chemical, electricity, and water plants, and those that guide transportation through the country.
The defense secretary referred to cyber threats as being at the very nexus of business and national security.
He continued, Let me give you some examples of the kinds of attacks that we have already experienced, and went on to describe what was probably the most destructive attack on the private sector to date: the Shamoon virus that affected Saudi Arabias state oil company Aramco:
Shamoon included a routine called a wiper, coded to self-execute. This routine replaced crucial systems files with an image of a burning U.S. flag. But it also put additional garbage data that overwrote all the real data on the machine. More than 30,000 computers that it infected were rendered useless and had to be replaced. It virtually destroyed 30,000 computers.
Imagine the impact an attack like that would have on your company or your business, the defense secretary said.
