Virus that struck Mideast energy firms was worst cyberattack yet, Panetta says


NEW YORK — A computer virus that wiped crucial business data from tens of thousands of computers at Middle Eastern energy companies over the summer marked the most destructive cyberattack on the private sector to date, Defense Secretary Leon E. Panetta said Thursday night in a major speech intended to warn of the growing perils in cyberspace.

Panetta did not say who was believed to be behind the so-called Shamoon virus. But he said the malware, which rendered permanently inoperable more than 30,000 computers at the Saudi Arabian state oil company Aramco and did similar damage to the systems of Ras Gas in Qatar, represented a "significant escalation of the cyberthreat."

Such attacks have "renewed concerns about still more destructive scenarios that could unfold," he said in an address to business executives in New York. He asked them to "imagine the impact an attack like this would have on your company."

Panetta's remarks on the Middle East incidents were the first from any administration official acknowledging them. In the attack on Aramco, the virus replaced crucial system files with an image of a burning U.S. flag, he said. It also overwrote the files with "garbage" data, he said.

The Middle East cyber-incidents have prompted great concern inside national security agencies, with the military's Cyber Command adding personnel to monitor for the possibility of follow-up attacks. U.S. intelligence officials and Middle Eastern diplomats have said they believe Iran was behind the incidents, but other experts have expressed skepticism.

"It's clear a number of state actors have grown their cyber-capabilities in recent years," said a senior defense official who was not authorized to speak for the record. "We're concerned about Russia and China, and we're concerned about growing Iranian capabilities as well."

Although there has been debate over the roles of various government agencies in cyberspace, Panetta made clear that it would be the Defense Department's responsibility to defend the nation in that realm.

Under new rules of engagement for cyberwarfare, he said, the Pentagon's role would extend to defending private-sector computers against a major attack. The conditions under which the rules would trigger a response are stringent, and must rise to the level of an "armed attack" that threatens significant physical destruction or loss of life, senior defense officials said.

Those cyber-rules, which represent the most comprehensive revision in seven years, are being finalized now, Panetta said. For the first time, military cyber-specialists would be able to immediately block malware outside the Pentagon's networks in an effort to defend the private sector against an imminent, significant physical attack, The Washington Post has reported. At present, such action requires special permission from the president.

Panetta said that "foreign cyber-actors are probing America's critical infrastructure networks. They are targeting the computer control systems that operate chemical, electricity and water plants" and transportation systems. He said the government knows of "specific instances where intruders have successfully gained access to these control systems" and that the intruders are trying to create advanced tools to attack the systems to cause panic, destruction and death.

Panetta outlined destructive scenarios that worry U.S. officials: an aggressor nation or extremist group gaining control of critical switches in order to derail trains loaded with passengers or lethal chemicals; contamination of the water supply, or a shutdown of the power grid across large parts of the country.

The most destructive attack, he said, would be one launched against several critical systems at once in combination with a physical attack on the country.

"The collective result," he said, "could be a 'cyber-Pearl Harbor': an attack that would cause physical destruction and loss of life, paralyze and shock the nation, and create a profound new sense of vulnerability."

Panetta also issued a warning to would-be attackers, saying the Pentagon is better able now to identify who is behind an attack. "Potential aggressors should be aware that the United States has the capacity to locate them and hold them accountable for actions that harm America or its interests," he said.

The department has also developed the capability to conduct operations to counter threats to national security in cyberspace, he said, and would do so in accordance with international law.

Taking offensive action would be the role of the Cyber Command, launched in 2010. Panetta noted that the Pentagon is looking at ways to strengthen the organization, including streamlining its chain of command. A recommendation by senior military leaders to elevate it to full unified command status is under review, officials said.

Panetta, addressing the Business Executives for National Security, said cyberwarfare is now a major topic in nearly all his bilateral meetings with foreign counterparts, including in China a few weeks ago. China, which the United States has accused of being a top actor in cyber-economic espionage, is rapidly improving its capabilities, he said.

He reiterated the administration's call for legislation to establish routine cyber-information sharing between the public and private sectors, and to set security standards for companies.

Start your day with The Independent, sign up for daily news emails
Have you tried new the Independent Digital Edition apps?
ebooksAn introduction to the ground rules of British democracy
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating

By clicking 'Search' you
are agreeing to our
Terms of Use.

iJobs Job Widget
iJobs General

Recruitment Genius: Sales and Marketing Executive

£19000 - £25000 per annum: Recruitment Genius: This is an opportunity to join ...

Recruitment Genius: Technical Author / Multimedia Writer

Negotiable: Recruitment Genius: This recognized leader in providing software s...

Recruitment Genius: Clinical Lead / RGN

£40000 - £42000 per annum: Recruitment Genius: This is an exciting opportunity...

Recruitment Genius: IT Sales Consultant

£35000 - £40000 per annum: Recruitment Genius: This IT support company has a n...

Day In a Page

Isis profits from destruction of antiquities by selling relics to dealers - and then blowing up the buildings they come from to conceal the evidence of looting

How Isis profits from destruction of antiquities

Robert Fisk on the terrorist group's manipulation of the market to increase the price of artefacts
Labour leadership: Andy Burnham urges Jeremy Corbyn voters to think again in last-minute plea

'If we lose touch we’ll end up with two decades of the Tories'

In an exclusive interview, Andy Burnham urges Jeremy Corbyn voters to think again in last-minute plea
Tunisia fears its Arab Spring could be reversed as the new regime becomes as intolerant of dissent as its predecessor

The Arab Spring reversed

Tunisian protesters fear that a new law will whitewash corrupt businessmen and officials, but they are finding that the new regime is becoming as intolerant of dissent as its predecessor
King Arthur: Legendary figure was real and lived most of his life in Strathclyde, academic claims

Academic claims King Arthur was real - and reveals where he lived

Dr Andrew Breeze says the legendary figure did exist – but was a general, not a king
Who is Oliver Bonas and how has he captured middle-class hearts?

Who is Oliver Bonas?

It's the first high-street store to pay its staff the living wage, and it saw out the recession in style
Earth has 'lost more than half its trees' since humans first started cutting them down

Axe-wielding Man fells half the world’s trees – leaving us just 422 each

However, the number of trees may be eight times higher than previously thought
60 years of Scalextric: Model cars are now stuffed with as much tech as real ones

60 years of Scalextric

Model cars are now stuffed with as much tech as real ones
Theme parks continue to draw in thrill-seekers despite the risks - so why are we so addicted?

Why are we addicted to theme parks?

Now that Banksy has unveiled his own dystopian version, Christopher Beanland considers the ups and downs of our endless quest for amusement
Tourism in Iran: The country will soon be opening up again after years of isolation

Iran is opening up again to tourists

After years of isolation, Iran is reopening its embassies abroad. Soon, there'll be the chance for the adventurous to holiday there
10 best PS4 games

10 best PS4 games

Can’t wait for the new round of blockbusters due out this autumn? We played through last year’s offering
Transfer window: Ten things we learnt

Ten things we learnt from the transfer window

Record-breaking spending shows FFP restraint no longer applies
Migrant crisis: UN official Philippe Douste-Blazy reveals the harrowing sights he encountered among refugees arriving on Lampedusa

‘Can we really just turn away?’

Dead bodies, men drowning, women miscarrying – a senior UN figure on the horrors he has witnessed among migrants arriving on Lampedusa, and urges politicians not to underestimate our caring nature
Nine of Syria and Iraq's 10 world heritage sites are in danger as Isis ravages centuries of history

Nine of Syria and Iraq's 10 world heritage sites are in danger...

... and not just because of Isis vandalism
Girl on a Plane: An exclusive extract of the novelisation inspired by the 1970 Palestinian fighters hijack

Girl on a Plane

An exclusive extract of the novelisation inspired by the 1970 Palestinian fighters hijack
Why Frederick Forsyth's spying days could spell disaster for today's journalists

Why Frederick Forsyth's spying days could spell disaster for today's journalists

The author of 'The Day of the Jackal' has revealed he spied for MI6 while a foreign correspondent