Center for a New American Security

In a speech last night aboard the USS Intrepid in New York, Secretary of Defense Leon Panetta warned a meeting of Business Executives for National Security about the cyber challenges the United States faces.

“A cyber attack perpetrated by nation states or violent extremist groups could be as destructive as the terrorist attack of 9/11,” Panetta said. “Such a destructive cyber terrorist attack could paralyze the nation.”

Panetta recalled a recent attack against the Saudi Arabian state oil company ARAMCO caused by a computer virus known as “Shamoon” that he described as “probably the most destructive attack that the private sector has seen to date.” In that attack, Secretary Panetta said, the virus self-executed itself and “replaced crucial system files with an image of a burning U.S. flag. It also put additional ‘garbage’ data that overwrote all the real data on the machine. The more than 30,000 computers it infected were rendered useless, and had to be replaced.”

The challenges create a “profound new sense of vulnerability,” Panetta noted. “An aggressor nation or extremist group could gain control of critical switches and derail passenger trains, or trains loaded with lethal chemicals,” he said. “They could contaminate the water supply in major cities, or shut down the power grid across large parts of the country.”

To learn more about America’s cyber challenges, check out CNAS’s Election 2012 National Security Guide to the Presidential Election. 

U.S. security officials have expressed concern about the vulnerability of the electric grid to cyber attacks by non-state actors. Most experts agree that today the greatest cyber threats to the electric grid stem from state actors like Russia and China. Indeed, there is already some evidence that these states have infiltrated computer systems that control the electric grid. However, security officials warn that the threat is evolving, with non-state actors becoming more sophisticated users of cyber tools.

The U.S. intelligence community is giving this evolving threat greater attention. In January, Director of National Intelligence James Clapper told the Senate Select Committee on Intelligence that “the growing role that nonstate actors are playing in cyberspace is a great example of the easy access to potentially disruptive and even lethal technology and know-how by such groups.” General Keith Alexander, the director of the National Security Agency, recently warned that the hacker group Anonymous could poses the capability to perpetrate a cyber attack against the electric grid in just a few years.

To date, security officials have said that there is little incentive for countries like China and Russia to perpetrate a cyber attack against critical U.S. infrastructure like the electric grid, in part because the attack could be traced (at least to an extent). But non-state actors are by their very nature anonymous, making pinpointing the origins of an attack more difficult. As a result, they are not bound by the same deterrent threat (or threat of retaliation) as state actors might be. So although non-state groups like Anonymous do not have the ability to perpetrate an attack on the electric grid, cyber security experts caution that should these groups develop the capability (or acquire it from a state entity), there is a greater risk for an attack against critical infrastructure like the electric grid.