- 18 Hot IT Certifications for 2014
- CIOs Opting for IT Contractors Over Hiring Full-Time Staff
- 12 Best Free iOS 7 Holiday Shopping Apps
- For CMOs Big Data Can Lead to Big Profits
CSO - It is not as though warnings of a "digital Pearl Harbor" are new. The concept goes back at least to 1991, when author and cyber terrorism expert Winn Schwartau called it "electronic Pearl Harbor." Former counter-terrorism czar Richard A. Clarke mentioned it a dozen years ago.
Since then, the image has been invoked hundreds of times by political leaders, government officials and security experts. It even made its way into the Republican Party platform this year.
But, it tends to get a bit more mainstream notice when the U.S. Secretary of Defense says it, as Leon Panetta did last week in a speech in New York to the Business Executives for National Security (BENS).
The results of cyberttacks by a hostile nation-state on critical infrastructure like transportation, water supply or the electric grid "could be a cyber Pearl Harbor -- an attack that would cause physical destruction and the loss of life," Panetta said. "In fact, it would paralyze and shock the nation and create a new, profound sense of vulnerability."
Panetta also invoked the image of a cyberattack on the level of 9/11. "Before September 11, 2001, the warning signs were there. We weren't organized. We weren't ready and we suffered terribly for that lack of attention. We cannot let that happen again. This is a pre-9/11 moment," he said.
[Bill Brenner in Salted Hash: Who better for cybersecurity - Obama or Romney?]
Joel Harding, a retired military intelligence officer and information operations expert, welcomed the speech, but said, "The problem is both government and industry have been saying exactly the same thing for years and it took the Secretary of Defense to speak on the matter for many to notice."
Panetta has used that image before. What was new this time was that, while he urged both the private and public sector to cooperate in blocking and defending against such attacks, he went beyond that.
He used some of the most aggressive language yet in the four years of the Obama administration to declare that if threatened by a catastrophic cyberattack, the U.S. would not only strike back hard, but might strike first, both for protection and deterrence.
"We won't succeed in preventing a cyberattack through improved defenses alone," he said. "If we detect an imminent threat of attack that will cause significant, physical destruction in the United States or kill American citizens, we need to have the option to take action against those who would attack us to defend this nation when directed by the president."
For an administration generally critical of saber rattling, this was some serious cyber rattling. Jack Goldsmith, writing at the Lawfare blog, "[Panetta] makes plain that the [Department of Defense] has the capabilities and desire to engage in a preemptive attacks against imminent cyber threats."
The Secretary said that is partially because Defense now believes it can do so accurately. One of the greatest dangers of retaliation after a cyberattack is that it has been so easy for the perpetrators to cover their tracks. They can make it look like it came from a country or organization that had nothing to do with it.