Defense Secretary Leon Panetta Recycles His 'Cyber-Pearl Harbor' FUD... Third Time's The Charm?

from the if-at-first-you-don't-succeed,-beat-that-dead-horse dept

A recent (failed) push to enact cybersecurity legislation has resulted in some interesting maneuvering in Washington, DC. Rep. Mike Rogers, who introduced CISPA, is trying to revive his lousy legislation by telling scary stories that are short on detail, but long on FUD. Other interested parties are hoping to bypass the legislative process altogether and get an executive order pushed through. The "process" has become so chaotic that politicians are finding themselves hurriedly agreeing to stuff that contradicts the other stuff.

Of all the people that believe Something Must Be Done, cybersecurity-wise, one of the pithiest has been Secretary of Defense Leon Panetta, who issued a memorable pull-quote on October 11th in a speech at the Intrepid Sea, Air and Space Museum, warning that the United States was facing the possibility of a "cyber-Pearl Harbor."

A dire situation indeed, if true. Panetta is worried about critical infrastructure being sabotaged by cyberterrorists and is totally not just pushing his own agenda.* According to defense officials, "Mr. Panetta's words were not hyperbole."

(*Panetta is totally pushing his own agenda... those same defense officials "acknowledged that Mr. Panetta was also pushing for legislation on Capitol Hill.")

Yes. Panetta is non-hyperbolically pushing his own agenda. The problem is that, while the CISPA/executive order debacle is fairly recent, Panetta's "cyber-Pearl Harbor" has the ring of a worn-out catchphrase, severely limiting the impact of those somewhat stirring words.

Let's go back to June 2011, when Panetta was holding forth during his confirmation hearing for the post of Secretary of Defense.
The next great battle America faces is likely to involve cyberwarfare, Leon Panetta, the Central Intelligence Agency director, warned senators Thursday, predicting that "the next Pearl Harbor that we confront could very well be a cyberattack that cripples" America’s electrical grid and its security and financial systems.
Tough words from an old warrior (and now former CIA Director). Perhaps the warrior might be a bit too old, as he also offered this quote-worthy bit of scaremongering back in February 2011:
"The potential for the next Pearl Harbor could very well be a cyber-attack," he testified on Capitol Hill Thursday before the House Permanent Select Committee on Intelligence.
The more things change, the more they are the same old shit. Unchanged: using "Pearl Harbor" as shorthand for "unforeseeable bad thing," while simultaneously plucking at patriotic heartstrings by conjuring up the last war the US didn't play to a tie. Savvy. But repetitive.

The most current edition of "cyber-Pearl Harbor" finds Panetta concentrating mostly on infrastructure, thus equating a military surprise attack with some Russian Chinese Iranian hacker flipping the "OFF" switch on the power grid.
“An aggressor nation or extremist group could use these kinds of cyber tools to gain control of critical switches,” Mr. Panetta said. “They could derail passenger trains, or even more dangerous, derail passenger trains loaded with lethal chemicals. They could contaminate the water supply in major cities, or shut down the power grid across large parts of the country.”
Past editions of "Clue: Panetta Edition" haven't been so concentrated on the still-mythic "Cyberterrorists in the Water Main with the Malicious Code." In February 2011, it was "Chinese 'Entities' in the Internet with the Hacking," and a bit of "Anonymous in the EVERYTHING with the LOIC." There was some talk of putting together a joint task force composed of NSA and DHS members. Additional hyperbole was added by Director of National Intelligence James Clapper:
"This threat is increasing in scope and scale, and its impact is difficult to overstate."
Sure is. Especially when you lead in with "cyber-Pearl Harbor." Setting the "overstatement" bar this high does kind of throw off the curve.

June 2011 didn't change much for Panetta's ongoing game of cyber-Clue. Most of the "grilling" during his confirmation hearing revolved around ongoing actual wars, like Afghanistan, Iraq and Libya. Concern was also expressed about "indiscriminate Pentagon budget cuts."

Back to last week, and it's all about the infrastructure. It's as if no one had bothered debunking a recent DHS report about Russian hackers burning out a water pump at an Illinois water facility. Not that it matters, as the DHS was proud to have been involved in a successful FUD operation. Any publicity is good publicity, right? Boring old truth and measured phrases rarely inspire the sort of support needed to shove through questionable legislation and keep the money flowing to the cottage industries that have sprung up like kudzu around the leaky water main that is Washington, DC.

This repeated catchphrase of Panetta's has stuck with him, even as he's shifted loyalties. Back in February 2011, there was talk of DHS/NSA cooperation. Fast-forward to the latest iteration of "cyber-Pearl Harbor" and Panetta's batting for his new home team: the Defense Department, pulling the control (and money) back into the hands of the NSA, the greater of two evils.

Repeat after Panetta:

If you're against cybersecurity legislation, you're for bombing Americans on early December mornings. Can you live with that?


Reader Comments (rss)

(Flattened / Threaded)

  •  
    identicon
    Anonymous Coward, Oct 18th, 2012 @ 1:46pm

    These guys can't keep anything straight.

    I like the "derail passenger trains loaded with lethal chemicals" part myself. Those are called freight trains and they typically don't carry passengers.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      GMacGuffin (profile), Oct 18th, 2012 @ 2:18pm

      Re: These guys can't keep anything straight.

      Yeah man. Hope they don't attack cruise ship oil tankers either.

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      Keii (profile), Oct 18th, 2012 @ 3:15pm

      Re: These guys can't keep anything straight.

      Well of course the cyber-attackers would hack into the system and make it so the passenger train made a stop at the lethal chemicals plant to attach a tanker, and THEN derailed it. All with cyber attacks. Cyberly.

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      Capitalist Lion Tamer (profile), Oct 18th, 2012 @ 3:21pm

      Re: These guys can't keep anything straight.

      Maybe the cyber-thugs fill the PASSENGERS with CHEMICALS.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Oct 18th, 2012 @ 3:56pm

        Re: Re: These guys can't keep anything straight.

        No guys, the cyber-terrorists put chemicals in their underpants, socks, and water bottles, sneak onto the trains, and then hack the trains to derail them. It's Internet Pearl Harbor AND Internet 9/11.

         

        reply to this | link to this | view in chronology ]

      •  
        icon
        loaderboy (profile), Oct 18th, 2012 @ 4:54pm

        Re: Re: These guys can't keep anything straight.

        Alcohol is only moderately dangerous.

         

        reply to this | link to this | view in chronology ]

    •  
      icon
      Spaceman Spiff (profile), Oct 21st, 2012 @ 4:24pm

      Re: These guys can't keep anything straight.

      Maybe Panetta burped up a Freudian Slip, in that the NSA or other clandestine US federal agencies may well use passenger trains to ship deadly materiel. A lot of small, high-value freight is shipped that way.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Oct 18th, 2012 @ 1:46pm

    These guys can't keep anything straight.

    I like the "derail passenger trains loaded with lethal chemicals" part myself. Those are called freight trains and they typically don't carry passengers.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Art, Oct 18th, 2012 @ 1:46pm

    “They could derail passenger trains, or even more dangerous, derail passenger trains loaded with lethal chemicals."

    I'm unclear on this, how is the internet loading up Amtraks with nerve gas exactly? Is there some administrative web-app for that? www.loadlethalchemicalsontrains.net/admin/login.asp?

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    sgt_doom (profile), Oct 18th, 2012 @ 1:47pm

    Huh . . .?????

    Let's see now, all those backdoors and trapdoors in various major software vendors:

    http://publicintelligence.net/nsa-helped-with-windows-7-development/

    And they've been offshoring all the jobs, technology, investment and defense tech (in at least the Clinton and Bush administrations) to China (and elsewhere, but especially China) --- so now we should be worried?????

    Or is this another route to absolute control of the Internet at least on the North American side, by the Wall Street-run gov't????

    Who actually does own AT&T????

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Oct 18th, 2012 @ 2:07pm

    If critical infrastructure is copnnected to the Internet the disconnect it.
    Doen't Amtrack have its own network, they have the rights of way as it need to go where the trains go. Thinking on it, if the train system can be attacked over the Internet, or even over the phone system, the Amtrack board should be charged with criminal negligence. The best defense against an attack is an air gap to any publicly accessible network, as the most likely attack is a disgruntled e3x-employee who knows how the system workss, and has relevant password,access codes.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Oct 18th, 2012 @ 4:16pm

      Re:

      There's no "if"; critical infrastructure IS connected to the internet, via control systems called SCADA. As Wikipedia's article mentions, SCADA software often has vulnerabilities. For example, back in 2007, a nuclear power plant was cracked fairly easily. And in 2010 there was Stuxnet, which was designed to attack SCADA systems.

      Not that Panetta actually intends to fix any of those absurd vulnerabilities, mind. He simply wants to secure funding, none of which would go toward fixing vulnerabilities. (Otherwise how would they be able to keep securing funding?)

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Oct 18th, 2012 @ 2:25pm

    so who keeps voting these morons into office? there has to be a lot of idiots out there!

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    sorrykb (profile), Oct 18th, 2012 @ 2:27pm

    Or...

    Maybe cyberFUD promoters would be more successful if they tried the FBI approach: Find some bumbling nutjob with remedial hacking skills, walk him through a plan step by step, provide all required funding and materials (which would, I presume, include a magical remote-controlled Amtrak passenger train filled with fake nerve gas), then hold a triumphant press conference announcing the arrest and takedown of a major cyberterrorist.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      The Real Michael, Oct 19th, 2012 @ 5:08am

      Re: Or...

      So true it hurts. Why just a couple of days ago, the FBI foiled yet another(!) of their self-created terrorist plots. And then the stupid media plasters it on the front page and makes it seems as if the FBI just prevented a catastrophe.

      Their modus operandi appears to be:

      1) Find crazy nutjob(s)
      2) Convince them that America needs to be destroyed
      3) Go over details of phony terrorist plot/false flag operation
      4) Bust would-be terrorists
      5) Use the media to try and scare Americans into complacency, i.e. "Give us more broad-sweeping powers."
      6) Wash, rinse, repeat

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    radarmonkey (profile), Oct 18th, 2012 @ 2:27pm

    Wrong target

    If the systems are vulnerable, then this is an IT issue, not a legislative one! Fix the holes in the network! Don't pass laws adversely affecting innocent citizens that will merely wag a finger at the bad guys and say "Don't do this!"

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Oct 18th, 2012 @ 4:10pm

    The solution is to disconnect any critical infrastructure from the @#$%$@# Internet. Requiring a person to have physical access. Fire the dumb lazy $(@*%$* who hooked 'em up to the Intertubez to begin with. Cyber threats solved!

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      That Anonymous Coward (profile), Oct 18th, 2012 @ 7:57pm

      Re:

      I'm sorry I hold the patent on common sense and you have violated my rights. Pay me $42 kajillion dollars or else.

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        That One Guy (profile), Oct 18th, 2012 @ 8:07pm

        Re: Re:

        Wait, is that why so few companies these days are using common sense?! Because they can't afford the licensing fees?!

        You... you... fiend! It's your fault all these companies are pulling such insanely stupid stunts!

         

        reply to this | link to this | view in chronology ]

  •  
    icon
    That One Guy (profile), Oct 18th, 2012 @ 6:24pm

    Simple two-step fix:

    Step 1. Stop this guy from going to the movies, he obviously can't tell the difference between the latest Die Hard movie and a documentary.

    Step 2. Get this guy a good psychiatrist, so the problem doesn't pop up later.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Michael, Oct 19th, 2012 @ 5:11am

    Critical Systems

    I have worked on some SCADA systems for water and sewer, and I have never seen one with a tank full of poison attached to it via an internet-controlled valve just waiting to be opened. Perhaps that is something new they have been adding.

    Why do these guys seem to think that every piece of critical infrastructure we have in this country is somehow attached to either a remote self-destruct button or some kind of doomsday 'quick! poison the cool-aid before they all become zombies' system?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Oct 19th, 2012 @ 9:06am

    I don't get what cybersecurity legislation could possibly do for ANY of those scenarios. I suppose a very broad law forcing legal compliance with best practices for anything labeled 'critical infrastructure' and public reporting of any cyber attacks, and maybe a bit of a spending bill to help upgrade any infrastructure that is hopeless out of date and can't be 'secured' on the digital front.

    Somehow, I get the feeling that this is NOT what they have in mind however.

    "If critical infrastructure is copnnected to the Internet the disconnect it."

    The problem is, if you have any sort of network that extends beyond areas you can physically secure, someone can get into it effortlessly. Give me a pair of RJ45 connectors, a crimp, and a switch. BOOYAH! I agree wtih what you're saying, but you need security anyways. Just not being on the internet won't stop an attacker, or even make them bat an eyelash. Nothing is stopping me from hopping into your private network if your cyber security is weak.

    "Why do these guys seem to think that every piece of critical infrastructure we have in this country is somehow attached to either a remote self-destruct button or some kind of doomsday 'quick! poison the cool-aid before they all become zombies' system?"

    I think it's less a worry about me running the PoisonAllTheWater.exe, than it is about me shutting down any computer control you may have, or screwing with the power grid. Let me rephrase, I think that's the LEGITIMATE worry.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Mar 13th, 2013 @ 1:07pm

    Siaka

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This