The failure of Congress and American industry to take the threat of cyber attack seriously has put the nation in a “pre-9/11” situation where it might face a crippling “cyber Pearl Harbor” from an attack by another nation or by terrorists.
That is the dire view Defense Secretary Leon Panetta delivered recently in a speech to business executives. He singled out Iran, a nation smarting under U.S.-led economic sanctions and a victim of cyber attacks on its nuclear industry, as a nation that “has undertaken a concerted effort to use cyberspace to its advantage.”
Mr. Panetta said an Internet attack on the computer control systems that operate them could derail trains carrying passengers or dangerous cargoes, contaminate the water supply of major cities and turn off electrical power across the country. “Such a destructive cyber-terrorist attack could virtually paralyze the nation,” he warned.
An escalation of the cyber threat to the United States and its allies occurred in August, he said, when a computer virus called Shamoon was used to attack the Saudi Arabian state oil company, effectively destroying an estimated 30,000 computers containing vital company information.
There was a similar attack on a major energy company in Qatar. Consumer web operations of some major U.S. banks also were disrupted.
Though Secretary Panetta did not say so, U.S. officials informed reporters that the attacks came from Iran. Iran has denied responsibility. But Mr. Panetta said the U.S. National Security Agency now has the capability to pinpoint the source of attacks, and that aggressors should recognize the risks they run.
Mr. Panetta assured his listeners that the Defense Department has a robust cyber-war offensive capability. But, he said, the ultimate weakness in our cyber defenses lies with the companies that operate the nation’s critical private-sector infrastructure.
The secretary rebuked Congress for failing to pass a bipartisan bill creating authority for the government to share information with private companies and hold them accountable to protect their computer control systems.
“There is no substitute for comprehensive legislation,” he said, insisting that it should be enacted promptly.
But his speech was also a stinging, if indirect, rebuke to the Department of Homeland Security, which is primarily responsible for domestic defenses against cyber attacks. Bureaucratic fumbling by the department, together with quibbles raised by lobbyists for industry and the absence of White House leadership have contributed to legislative gridlock on this critical subject.
The vulnerability of the nation’s critical infrastructure has been evident since early 2009, when it was learned that a foreign power or powers, possibly China, had probed the computer controls of the nation’s electrical grid.
Yet in nearly four years the administration has not been able to find common ground with Congress to address this glaring weakness.
Whoever wins the presidential race — and the House and Senate elections — on Nov. 6 should make addressing this growing menace a high priority.