Defense Secretary Leon Panetta Recycles His 'Cyber-Pearl Harbor' FUD… Third Time's The Charm?

from the if-at-first-you-don't-succeed,-beat-that-dead-horse dept

A recent (failed) push to enact cybersecurity legislation has resulted in some interesting maneuvering in Washington, DC. Rep. Mike Rogers, who introduced CISPA, is trying to revive his lousy legislation by telling scary stories that are short on detail, but long on FUD. Other interested parties are hoping to bypass the legislative process altogether and get an executive order pushed through. The “process” has become so chaotic that politicians are finding themselves hurriedly agreeing to stuff that contradicts the other stuff.

Of all the people that believe Something Must Be Done, cybersecurity-wise, one of the pithiest has been Secretary of Defense Leon Panetta, who issued a memorable pull-quote on October 11th in a speech at the Intrepid Sea, Air and Space Museum, warning that the United States was facing the possibility of a “cyber-Pearl Harbor.”

A dire situation indeed, if true. Panetta is worried about critical infrastructure being sabotaged by cyberterrorists and is totally not just pushing his own agenda.* According to defense officials, “Mr. Panetta's words were not hyperbole.”

(*Panetta is totally pushing his own agenda… those same defense officials “acknowledged that Mr. Panetta was also pushing for legislation on Capitol Hill.”)

Yes. Panetta is non-hyperbolically pushing his own agenda. The problem is that, while the CISPA/executive order debacle is fairly recent, Panetta's “cyber-Pearl Harbor” has the ring of a worn-out catchphrase, severely limiting the impact of those somewhat stirring words.

Let's go back to June 2011, when Panetta was holding forth during his confirmation hearing for the post of Secretary of Defense.

The next great battle America faces is likely to involve cyberwarfare, Leon Panetta, the Central Intelligence Agency director, warned senators Thursday, predicting that “the next Pearl Harbor that we confront could very well be a cyberattack that cripples” America’s electrical grid and its security and financial systems.

Tough words from an old warrior (and now former CIA Director). Perhaps the warrior might be a bit too old, as he also offered this quote-worthy bit of scaremongering back in February 2011:

“The potential for the next Pearl Harbor could very well be a cyber-attack,” he testified on Capitol Hill Thursday before the House Permanent Select Committee on Intelligence.

The more things change, the more they are the same old shit. Unchanged: using “Pearl Harbor” as shorthand for “unforeseeable bad thing,” while simultaneously plucking at patriotic heartstrings by conjuring up the last war the US didn't play to a tie. Savvy. But repetitive.

The most current edition of “cyber-Pearl Harbor” finds Panetta concentrating mostly on infrastructure, thus equating a military surprise attack with some Russian Chinese Iranian hacker flipping the “OFF” switch on the power grid.

“An aggressor nation or extremist group could use these kinds of cyber tools to gain control of critical switches,” Mr. Panetta said. “They could derail passenger trains, or even more dangerous, derail passenger trains loaded with lethal chemicals. They could contaminate the water supply in major cities, or shut down the power grid across large parts of the country.”

Past editions of “Clue: Panetta Edition” haven't been so concentrated on the still-mythic “Cyberterrorists in the Water Main with the Malicious Code.” In February 2011, it was “Chinese 'Entities' in the Internet with the Hacking,” and a bit of “Anonymous in the EVERYTHING with the LOIC.” There was some talk of putting together a joint task force composed of NSA and DHS members. Additional hyperbole was added by Director of National Intelligence James Clapper:

“This threat is increasing in scope and scale, and its impact is difficult to overstate.”

Sure is. Especially when you lead in with “cyber-Pearl Harbor.” Setting the “overstatement” bar this high does kind of throw off the curve.

June 2011 didn't change much for Panetta's ongoing game of cyber-Clue. Most of the “grilling” during his confirmation hearing revolved around ongoing actual wars, like Afghanistan, Iraq and Libya. Concern was also expressed about “indiscriminate Pentagon budget cuts.”

Back to last week, and it's all about the infrastructure. It's as if no one had bothered debunking a recent DHS report about Russian hackers burning out a water pump at an Illinois water facility. Not that it matters, as the DHS was proud to have been involved in a successful FUD operation. Any publicity is good publicity, right? Boring old truth and measured phrases rarely inspire the sort of support needed to shove through questionable legislation and keep the money flowing to the cottage industries that have sprung up like kudzu around the leaky water main that is Washington, DC.

This repeated catchphrase of Panetta's has stuck with him, even as he's shifted loyalties. Back in February 2011, there was talk of DHS/NSA cooperation. Fast-forward to the latest iteration of “cyber-Pearl Harbor” and Panetta's batting for his new home team: the Defense Department, pulling the control (and money) back into the hands of the NSA, the greater of two evils.

Repeat after Panetta:

If you're against cybersecurity legislation, you're for bombing Americans on early December mornings. Can you live with that?

Filed Under: , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Defense Secretary Leon Panetta Recycles His 'Cyber-Pearl Harbor' FUD… Third Time's The Charm?”

Subscribe: RSS Leave a comment
sgt_doom (profile) says:

Huh . . .?????

Let’s see now, all those backdoors and trapdoors in various major software vendors:

And they’ve been offshoring all the jobs, technology, investment and defense tech (in at least the Clinton and Bush administrations) to China (and elsewhere, but especially China) — so now we should be worried?????

Or is this another route to absolute control of the Internet at least on the North American side, by the Wall Street-run gov’t????

Who actually does own AT&T????

Anonymous Coward says:

If critical infrastructure is copnnected to the Internet the disconnect it.
Doen’t Amtrack have its own network, they have the rights of way as it need to go where the trains go. Thinking on it, if the train system can be attacked over the Internet, or even over the phone system, the Amtrack board should be charged with criminal negligence. The best defense against an attack is an air gap to any publicly accessible network, as the most likely attack is a disgruntled e3x-employee who knows how the system workss, and has relevant password,access codes.

Anonymous Coward says:

Re: Re:

There’s no “if”; critical infrastructure IS connected to the internet, via control systems called SCADA. As Wikipedia’s article mentions, SCADA software often has vulnerabilities. For example, back in 2007, a nuclear power plant was cracked fairly easily. And in 2010 there was Stuxnet, which was designed to attack SCADA systems.

Not that Panetta actually intends to fix any of those absurd vulnerabilities, mind. He simply wants to secure funding, none of which would go toward fixing vulnerabilities. (Otherwise how would they be able to keep securing funding?)

sorrykb says:


Maybe cyberFUD promoters would be more successful if they tried the FBI approach: Find some bumbling nutjob with remedial hacking skills, walk him through a plan step by step, provide all required funding and materials (which would, I presume, include a magical remote-controlled Amtrak passenger train filled with fake nerve gas), then hold a triumphant press conference announcing the arrest and takedown of a major cyberterrorist.

The Real Michael says:

Re: Or...

So true it hurts. Why just a couple of days ago, the FBI foiled yet another(!) of their self-created terrorist plots. And then the stupid media plasters it on the front page and makes it seems as if the FBI just prevented a catastrophe.

Their modus operandi appears to be:

1) Find crazy nutjob(s)
2) Convince them that America needs to be destroyed
3) Go over details of phony terrorist plot/false flag operation
4) Bust would-be terrorists
5) Use the media to try and scare Americans into complacency, i.e. “Give us more broad-sweeping powers.”
6) Wash, rinse, repeat

Michael (profile) says:

Critical Systems

I have worked on some SCADA systems for water and sewer, and I have never seen one with a tank full of poison attached to it via an internet-controlled valve just waiting to be opened. Perhaps that is something new they have been adding.

Why do these guys seem to think that every piece of critical infrastructure we have in this country is somehow attached to either a remote self-destruct button or some kind of doomsday ‘quick! poison the cool-aid before they all become zombies’ system?

Anonymous Coward says:

I don’t get what cybersecurity legislation could possibly do for ANY of those scenarios. I suppose a very broad law forcing legal compliance with best practices for anything labeled ‘critical infrastructure’ and public reporting of any cyber attacks, and maybe a bit of a spending bill to help upgrade any infrastructure that is hopeless out of date and can’t be ‘secured’ on the digital front.

Somehow, I get the feeling that this is NOT what they have in mind however.

“If critical infrastructure is copnnected to the Internet the disconnect it.”

The problem is, if you have any sort of network that extends beyond areas you can physically secure, someone can get into it effortlessly. Give me a pair of RJ45 connectors, a crimp, and a switch. BOOYAH! I agree wtih what you’re saying, but you need security anyways. Just not being on the internet won’t stop an attacker, or even make them bat an eyelash. Nothing is stopping me from hopping into your private network if your cyber security is weak.

“Why do these guys seem to think that every piece of critical infrastructure we have in this country is somehow attached to either a remote self-destruct button or some kind of doomsday ‘quick! poison the cool-aid before they all become zombies’ system?”

I think it’s less a worry about me running the PoisonAllTheWater.exe, than it is about me shutting down any computer control you may have, or screwing with the power grid. Let me rephrase, I think that’s the LEGITIMATE worry.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...