Speaking to business leaders on the US Intrepid, Defense Security Leon Panetta has stated that the US would take pre-emptive action if a serious cyber attack were imminent. Warning about a ‘cyber Pearl Harbour’ Panetta commented “A cyber attack perpetrated by nation states or violent extremist groups could be as destructive as the terrorist attack of 9/11. Such a destructive cyber terrorist attack could paralyze the nation.”
Citing the national infrastructure as a key area of concern he continued “An aggressor nation or extremist group could gain control of critical switches and derail passenger trains, or trains loaded with lethal chemicals…They could contaminate the water supply in major cities, or shut down the power grid across large parts of the country.”
In the last two weeks several US businesses have suffered large cyber attacks, and oil companies in Quatar and Saudi Arabi had been hit by the Shamoon attack. Couple this with the growing unease at the cyber activities of Iran and China, the US Government obviously feels it needs to put forward a strong statement that it won’t tolerate such actions against it, and now, will actively pursue those it believes to be targeting US interests.
In a defiant final statement Penetta said:
“In this new century, the United States military must help defend the nation in cyberspace as well… Our cyber adversaries will be far less likely to hit us if they know we will be able to link them to the attack, or that their effort will fail against our strong defences… Potential aggressors should be aware that the United States has the capacity to locate them and hold them accountable for actions that harm America or its interests”.
Since taking office over a year ago Panetta has constantly called for the improvement of US cyber defences. I have a feeling this latest speech will go down well with the converted and the general public. It re-asserts US superiority and impregnability, and that even though the threats of the 21st century are changing; America is ready to defend itself and its people. The statement also speaks directly to the would be cyber criminal/terrorist, and that the fight is being taken to them.
Yet for all this emotive rhetoric, cyber defences in the US are in desperate need of improvement, from the ground upwards. Cyber security is an issue which permeates every level of society, from the man on the street, to businesses through to government. Panetta is well aware of this and had hoped the Cybersecurity Act of 2012 would kick-start a serious programme of cyber security. In Panetta’s own words the Act has, however, ‘fallen victim to legislative and political gridlock’, many seeking to dilute the Act to a point where it’s even existence is bordering on the pointless. The Act was met with vehement opposition because of the mandatory measures businesses would have to implement in order to improve cyber security within their organisation; many citing that the cost to implement would out-weigh the benefit.
It’s not an easy equation to solve. One thing is for sure… cyber security is an issue here to stay. Whether it is nation states, businesses or individuals, it affects everyone. The US Department of Defense might be able to track down would be cyber criminals, but can they catch they all? And what about those that are less concerned with attacking power stations and nuclear power plants, and more concerned with the contents of your bank account?
In my opinion, it is up to everyone to play their part. Only with better education, a committment from businesses and government – a joined up approach – will effective cyber security be achieved.
This month the US Department of Defense has declared as National Cyber Security Awareness Month. The aim is to educate everyone on the issues surrounding cyber security and increase the nation’s cyber resilience. Find out more about here.
IT Governance and cyber security expert Alan Calder has created a free white paper on cyber security for your business. Download it here.