Defense Secretary Leon Panetta Recycles His 'Cyber-Pearl Harbor' FUD… Third Time's The Charm?
from the if-at-first-you-don't-succeed,-beat-that-dead-horse dept
A recent (failed) push to enact cybersecurity legislation has resulted in some interesting maneuvering in Washington, DC. Rep. Mike Rogers, who introduced CISPA, is trying to revive his lousy legislation by telling scary stories that are short on detail, but long on FUD. Other interested parties are hoping to bypass the legislative process altogether and get an executive order pushed through. The “process” has become so chaotic that politicians are finding themselves hurriedly agreeing to stuff that contradicts the other stuff.
Of all the people that believe Something Must Be Done, cybersecurity-wise, one of the pithiest has been Secretary of Defense Leon Panetta, who issued a memorable pull-quote on October 11th in a speech at the Intrepid Sea, Air and Space Museum, warning that the United States was facing the possibility of a “cyber-Pearl Harbor.”
A dire situation indeed, if true. Panetta is worried about critical infrastructure being sabotaged by cyberterrorists and is totally not just pushing his own agenda.* According to defense officials, “Mr. Panetta's words were not hyperbole.”
(*Panetta is totally pushing his own agenda… those same defense officials “acknowledged that Mr. Panetta was also pushing for legislation on Capitol Hill.”)
Yes. Panetta is non-hyperbolically pushing his own agenda. The problem is that, while the CISPA/executive order debacle is fairly recent, Panetta's “cyber-Pearl Harbor” has the ring of a worn-out catchphrase, severely limiting the impact of those somewhat stirring words.
Let's go back to June 2011, when Panetta was holding forth during his confirmation hearing for the post of Secretary of Defense.
The next great battle America faces is likely to involve cyberwarfare, Leon Panetta, the Central Intelligence Agency director, warned senators Thursday, predicting that “the next Pearl Harbor that we confront could very well be a cyberattack that cripples” America’s electrical grid and its security and financial systems.
Tough words from an old warrior (and now former CIA Director). Perhaps the warrior might be a bit too old, as he also offered this quote-worthy bit of scaremongering back in February 2011:
“The potential for the next Pearl Harbor could very well be a cyber-attack,” he testified on Capitol Hill Thursday before the House Permanent Select Committee on Intelligence.
The more things change, the more they are the same old shit. Unchanged: using “Pearl Harbor” as shorthand for “unforeseeable bad thing,” while simultaneously plucking at patriotic heartstrings by conjuring up the last war the US didn't play to a tie. Savvy. But repetitive.
The most current edition of “cyber-Pearl Harbor” finds Panetta concentrating mostly on infrastructure, thus equating a military surprise attack with some Russian Chinese Iranian hacker flipping the “OFF” switch on the power grid.
“An aggressor nation or extremist group could use these kinds of cyber tools to gain control of critical switches,” Mr. Panetta said. “They could derail passenger trains, or even more dangerous, derail passenger trains loaded with lethal chemicals. They could contaminate the water supply in major cities, or shut down the power grid across large parts of the country.”
Past editions of “Clue: Panetta Edition” haven't been so concentrated on the still-mythic “Cyberterrorists in the Water Main with the Malicious Code.” In February 2011, it was “Chinese 'Entities' in the Internet with the Hacking,” and a bit of “Anonymous in the EVERYTHING with the LOIC.” There was some talk of putting together a joint task force composed of NSA and DHS members. Additional hyperbole was added by Director of National Intelligence James Clapper:
“This threat is increasing in scope and scale, and its impact is difficult to overstate.”
Sure is. Especially when you lead in with “cyber-Pearl Harbor.” Setting the “overstatement” bar this high does kind of throw off the curve.
June 2011 didn't change much for Panetta's ongoing game of cyber-Clue. Most of the “grilling” during his confirmation hearing revolved around ongoing actual wars, like Afghanistan, Iraq and Libya. Concern was also expressed about “indiscriminate Pentagon budget cuts.”
Back to last week, and it's all about the infrastructure. It's as if no one had bothered debunking a recent DHS report about Russian hackers burning out a water pump at an Illinois water facility. Not that it matters, as the DHS was proud to have been involved in a successful FUD operation. Any publicity is good publicity, right? Boring old truth and measured phrases rarely inspire the sort of support needed to shove through questionable legislation and keep the money flowing to the cottage industries that have sprung up like kudzu around the leaky water main that is Washington, DC.
This repeated catchphrase of Panetta's has stuck with him, even as he's shifted loyalties. Back in February 2011, there was talk of DHS/NSA cooperation. Fast-forward to the latest iteration of “cyber-Pearl Harbor” and Panetta's batting for his new home team: the Defense Department, pulling the control (and money) back into the hands of the NSA, the greater of two evils.
Repeat after Panetta:
If you're against cybersecurity legislation, you're for bombing Americans on early December mornings. Can you live with that?
Filed Under: cyber pearl harbor, cybersecurity, fud, leon panetta
Comments on “Defense Secretary Leon Panetta Recycles His 'Cyber-Pearl Harbor' FUD… Third Time's The Charm?”
These guys can't keep anything straight.
I like the “derail passenger trains loaded with lethal chemicals” part myself. Those are called freight trains and they typically don’t carry passengers.
Re: These guys can't keep anything straight.
Yeah man. Hope they don’t attack cruise ship oil tankers either.
Re: These guys can't keep anything straight.
Well of course the cyber-attackers would hack into the system and make it so the passenger train made a stop at the lethal chemicals plant to attach a tanker, and THEN derailed it. All with cyber attacks. Cyberly.
Re: These guys can't keep anything straight.
Maybe the cyber-thugs fill the PASSENGERS with CHEMICALS.
Re: Re: These guys can't keep anything straight.
No guys, the cyber-terrorists put chemicals in their underpants, socks, and water bottles, sneak onto the trains, and then hack the trains to derail them. It’s Internet Pearl Harbor AND Internet 9/11.
Re: Re: These guys can't keep anything straight.
Alcohol is only moderately dangerous.
Re: These guys can't keep anything straight.
Maybe Panetta burped up a Freudian Slip, in that the NSA or other clandestine US federal agencies may well use passenger trains to ship deadly materiel. A lot of small, high-value freight is shipped that way.
These guys can't keep anything straight.
I like the “derail passenger trains loaded with lethal chemicals” part myself. Those are called freight trains and they typically don’t carry passengers.
?They could derail passenger trains, or even more dangerous, derail passenger trains loaded with lethal chemicals.”
I’m unclear on this, how is the internet loading up Amtraks with nerve gas exactly? Is there some administrative web-app for that? http://www.loadlethalchemicalsontrains.net/admin/login.asp?
Re: ;-P
Alright, that link totally doesn’t work.
Re: Re: ;-P
That’s just what the hackers want you to think. You have to know how to get past the fake 404 page with a super secret hacker thing.
Huh . . .?????
Let’s see now, all those backdoors and trapdoors in various major software vendors:
http://publicintelligence.net/nsa-helped-with-windows-7-development/
And they’ve been offshoring all the jobs, technology, investment and defense tech (in at least the Clinton and Bush administrations) to China (and elsewhere, but especially China) — so now we should be worried?????
Or is this another route to absolute control of the Internet at least on the North American side, by the Wall Street-run gov’t????
Who actually does own AT&T????
Re: Huh . . .?????
Moon Nazis.
If critical infrastructure is copnnected to the Internet the disconnect it.
Doen’t Amtrack have its own network, they have the rights of way as it need to go where the trains go. Thinking on it, if the train system can be attacked over the Internet, or even over the phone system, the Amtrack board should be charged with criminal negligence. The best defense against an attack is an air gap to any publicly accessible network, as the most likely attack is a disgruntled e3x-employee who knows how the system workss, and has relevant password,access codes.
Re: Re:
There’s no “if”; critical infrastructure IS connected to the internet, via control systems called SCADA. As Wikipedia’s article mentions, SCADA software often has vulnerabilities. For example, back in 2007, a nuclear power plant was cracked fairly easily. And in 2010 there was Stuxnet, which was designed to attack SCADA systems.
Not that Panetta actually intends to fix any of those absurd vulnerabilities, mind. He simply wants to secure funding, none of which would go toward fixing vulnerabilities. (Otherwise how would they be able to keep securing funding?)
Re: Re: Re:
“critical infrastructure IS connected to the internet”
This is problem then … duh!
so who keeps voting these morons into office? there has to be a lot of idiots out there!
Re: Re:
Panetta wasn’t elected…
Or...
Maybe cyberFUD promoters would be more successful if they tried the FBI approach: Find some bumbling nutjob with remedial hacking skills, walk him through a plan step by step, provide all required funding and materials (which would, I presume, include a magical remote-controlled Amtrak passenger train filled with fake nerve gas), then hold a triumphant press conference announcing the arrest and takedown of a major cyberterrorist.
Re: Or...
So true it hurts. Why just a couple of days ago, the FBI foiled yet another(!) of their self-created terrorist plots. And then the stupid media plasters it on the front page and makes it seems as if the FBI just prevented a catastrophe.
Their modus operandi appears to be:
1) Find crazy nutjob(s)
2) Convince them that America needs to be destroyed
3) Go over details of phony terrorist plot/false flag operation
4) Bust would-be terrorists
5) Use the media to try and scare Americans into complacency, i.e. “Give us more broad-sweeping powers.”
6) Wash, rinse, repeat
Wrong target
If the systems are vulnerable, then this is an IT issue, not a legislative one! Fix the holes in the network! Don’t pass laws adversely affecting innocent citizens that will merely wag a finger at the bad guys and say “Don’t do this!”
Re: Wrong target
Clearly it is about control over the Internet.
Re: Re: Wrong target
You may be right about control but I kins of wonder if it isn’t fear of the big scary internet.
The solution is to disconnect any critical infrastructure from the @#$%$@# Internet. Requiring a person to have physical access. Fire the dumb lazy $(@*%$* who hooked ’em up to the Intertubez to begin with. Cyber threats solved!
Re: Re:
I’m sorry I hold the patent on common sense and you have violated my rights. Pay me $42 kajillion dollars or else.
Re: Re: Re:
Wait, is that why so few companies these days are using common sense?! Because they can’t afford the licensing fees?!
You… you… fiend! It’s your fault all these companies are pulling such insanely stupid stunts!
Simple two-step fix:
Step 1. Stop this guy from going to the movies, he obviously can’t tell the difference between the latest Die Hard movie and a documentary.
Step 2. Get this guy a good psychiatrist, so the problem doesn’t pop up later.
Critical Systems
I have worked on some SCADA systems for water and sewer, and I have never seen one with a tank full of poison attached to it via an internet-controlled valve just waiting to be opened. Perhaps that is something new they have been adding.
Why do these guys seem to think that every piece of critical infrastructure we have in this country is somehow attached to either a remote self-destruct button or some kind of doomsday ‘quick! poison the cool-aid before they all become zombies’ system?
I don’t get what cybersecurity legislation could possibly do for ANY of those scenarios. I suppose a very broad law forcing legal compliance with best practices for anything labeled ‘critical infrastructure’ and public reporting of any cyber attacks, and maybe a bit of a spending bill to help upgrade any infrastructure that is hopeless out of date and can’t be ‘secured’ on the digital front.
Somehow, I get the feeling that this is NOT what they have in mind however.
“If critical infrastructure is copnnected to the Internet the disconnect it.”
The problem is, if you have any sort of network that extends beyond areas you can physically secure, someone can get into it effortlessly. Give me a pair of RJ45 connectors, a crimp, and a switch. BOOYAH! I agree wtih what you’re saying, but you need security anyways. Just not being on the internet won’t stop an attacker, or even make them bat an eyelash. Nothing is stopping me from hopping into your private network if your cyber security is weak.
“Why do these guys seem to think that every piece of critical infrastructure we have in this country is somehow attached to either a remote self-destruct button or some kind of doomsday ‘quick! poison the cool-aid before they all become zombies’ system?”
I think it’s less a worry about me running the PoisonAllTheWater.exe, than it is about me shutting down any computer control you may have, or screwing with the power grid. Let me rephrase, I think that’s the LEGITIMATE worry.
Siaka