Defense Secretary Leon Panetta Recycles His 'Cyber-Pearl Harbor' FUD... Third Time's The Charm?

from the if-at-first-you-don't-succeed,-beat-that-dead-horse dept

Thu, Oct 18th 2012 1:39pm — Tim Cushing

A recent (failed) push to enact cybersecurity legislation has resulted in some interesting maneuvering in Washington, DC. Rep. Mike Rogers, who introduced CISPA, is trying to revive his lousy legislation by telling scary stories that are short on detail, but long on FUD. Other interested parties are hoping to bypass the legislative process altogether and get an executive order pushed through. The "process" has become so chaotic that politicians are finding themselves hurriedly agreeing to stuff that contradicts the other stuff.

Of all the people that believe Something Must Be Done, cybersecurity-wise, one of the pithiest has been Secretary of Defense Leon Panetta, who issued a memorable pull-quote on October 11th in a speech at the Intrepid Sea, Air and Space Museum, warning that the United States was facing the possibility of a "cyber-Pearl Harbor."

A dire situation indeed, if true. Panetta is worried about critical infrastructure being sabotaged by cyberterrorists and is totally not just pushing his own agenda.* According to defense officials, "Mr. Panetta's words were not hyperbole."

(*Panetta is totally pushing his own agenda... those same defense officials "acknowledged that Mr. Panetta was also pushing for legislation on Capitol Hill.")

Yes. Panetta is non-hyperbolically pushing his own agenda. The problem is that, while the CISPA/executive order debacle is fairly recent, Panetta's "cyber-Pearl Harbor" has the ring of a worn-out catchphrase, severely limiting the impact of those somewhat stirring words.

Let's go back to June 2011, when Panetta was holding forth during his confirmation hearing for the post of Secretary of Defense.

The next great battle America faces is likely to involve cyberwarfare, Leon Panetta, the Central Intelligence Agency director, warned senators Thursday, predicting that "the next Pearl Harbor that we confront could very well be a cyberattack that cripples" America’s electrical grid and its security and financial systems.

Tough words from an old warrior (and now former CIA Director). Perhaps the warrior might be a bit too old, as he also offered this quote-worthy bit of scaremongering back in February 2011:

"The potential for the next Pearl Harbor could very well be a cyber-attack," he testified on Capitol Hill Thursday before the House Permanent Select Committee on Intelligence.

The more things change, the more they are the same old shit. Unchanged: using "Pearl Harbor" as shorthand for "unforeseeable bad thing," while simultaneously plucking at patriotic heartstrings by conjuring up the last war the US didn't play to a tie. Savvy. But repetitive.

The most current edition of "cyber-Pearl Harbor" finds Panetta concentrating mostly on infrastructure, thus equating a military surprise attack with some ~~Russian~~ ~~Chinese~~ Iranian hacker flipping the "OFF" switch on the power grid.

“An aggressor nation or extremist group could use these kinds of cyber tools to gain control of critical switches,” Mr. Panetta said. “They could derail passenger trains, or even more dangerous, derail passenger trains loaded with lethal chemicals. They could contaminate the water supply in major cities, or shut down the power grid across large parts of the country.”

Past editions of "Clue: Panetta Edition" haven't been so concentrated on the still-mythic "Cyberterrorists in the Water Main with the Malicious Code." In February 2011, it was "Chinese 'Entities' in the Internet with the Hacking," and a bit of "Anonymous in the EVERYTHING with the LOIC." There was some talk of putting together a joint task force composed of NSA and DHS members. Additional hyperbole was added by Director of National Intelligence James Clapper:

"This threat is increasing in scope and scale, and its impact is difficult to overstate."

Sure is. Especially when you lead in with "cyber-Pearl Harbor." Setting the "overstatement" bar this high does kind of throw off the curve.

June 2011 didn't change much for Panetta's ongoing game of cyber-Clue. Most of the "grilling" during his confirmation hearing revolved around ongoing actual wars, like Afghanistan, Iraq and Libya. Concern was also expressed about "indiscriminate Pentagon budget cuts."

Back to last week, and it's all about the infrastructure. It's as if no one had bothered debunking a recent DHS report about Russian hackers burning out a water pump at an Illinois water facility. Not that it matters, as the DHS was proud to have been involved in a successful FUD operation. Any publicity is good publicity, right? Boring old truth and measured phrases rarely inspire the sort of support needed to shove through questionable legislation and keep the money flowing to the cottage industries that have sprung up like kudzu around the leaky water main that is Washington, DC.

This repeated catchphrase of Panetta's has stuck with him, even as he's shifted loyalties. Back in February 2011, there was talk of DHS/NSA cooperation. Fast-forward to the latest iteration of "cyber-Pearl Harbor" and Panetta's batting for his new home team: the Defense Department, pulling the control (and money) back into the hands of the NSA, the greater of two evils.

Repeat after Panetta:

If you're against cybersecurity legislation, you're for bombing Americans on early December mornings. Can you live with that?

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: cyber pearl harbor, cybersecurity, fud, leon panetta

30 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 18 Oct 2012 @ 1:46pm

These guys can't keep anything straight.
I like the "derail passenger trains loaded with lethal chemicals" part myself. Those are called freight trains and they typically don't carry passengers.
[ link to this | view in chronology ]
- GMacGuffin (profile), 18 Oct 2012 @ 2:18pm
  
  Re: These guys can't keep anything straight.
  Yeah man. Hope they don't attack cruise ship oil tankers either.
  [ link to this | view in chronology ]
- Keii (profile), 18 Oct 2012 @ 3:15pm
  
  Re: These guys can't keep anything straight.
  Well of course the cyber-attackers would hack into the system and make it so the passenger train made a stop at the lethal chemicals plant to attach a tanker, and THEN derailed it. All with cyber attacks. Cyberly.
  [ link to this | view in chronology ]
- Capitalist Lion Tamer (profile), 18 Oct 2012 @ 3:21pm
  
  Re: These guys can't keep anything straight.
  Maybe the cyber-thugs fill the PASSENGERS with CHEMICALS.
  [ link to this | view in chronology ]
  - Anonymous Coward, 18 Oct 2012 @ 3:56pm
    
    Re: Re: These guys can't keep anything straight.
    No guys, the cyber-terrorists put chemicals in their underpants, socks, and water bottles, sneak onto the trains, and then hack the trains to derail them. It's Internet Pearl Harbor AND Internet 9/11.
    [ link to this | view in chronology ]
  - loaderboy (profile), 18 Oct 2012 @ 4:54pm
    
    Re: Re: These guys can't keep anything straight.
    Alcohol is only moderately dangerous.
    [ link to this | view in chronology ]
- Spaceman Spiff (profile), 21 Oct 2012 @ 4:24pm
  
  Re: These guys can't keep anything straight.
  Maybe Panetta burped up a Freudian Slip, in that the NSA or other clandestine US federal agencies may well use passenger trains to ship deadly materiel. A lot of small, high-value freight is shipped that way.
  [ link to this | view in chronology ]
Anonymous Coward, 18 Oct 2012 @ 1:46pm

These guys can't keep anything straight.
I like the "derail passenger trains loaded with lethal chemicals" part myself. Those are called freight trains and they typically don't carry passengers.
[ link to this | view in chronology ]
Art, 18 Oct 2012 @ 1:46pm

�They could derail passenger trains, or even more dangerous, derail passenger trains loaded with lethal chemicals."

I'm unclear on this, how is the internet loading up Amtraks with nerve gas exactly? Is there some administrative web-app for that? www.loadlethalchemicalsontrains.net/admin/login.asp?
[ link to this | view in chronology ]
- :Lobo Santo (profile), 18 Oct 2012 @ 1:57pm
  
  Re: ;-P
  Alright, that link totally doesn't work.
  [ link to this | view in chronology ]
  - Josh in CharlotteNC (profile), 18 Oct 2012 @ 2:18pm
    
    Re: Re: ;-P
    That's just what the hackers want you to think. You have to know how to get past the fake 404 page with a super secret hacker thing.
    [ link to this | view in chronology ]
sgt_doom (profile), 18 Oct 2012 @ 1:47pm

Huh . . .?????
Let's see now, all those backdoors and trapdoors in various major software vendors:

http://publicintelligence.net/nsa-helped-with-windows-7-development/

And they've been offshoring all the jobs, technology, investment and defense tech (in at least the Clinton and Bush administrations) to China (and elsewhere, but especially China) --- so now we should be worried?????

Or is this another route to absolute control of the Internet at least on the North American side, by the Wall Street-run gov't????

Who actually does own AT&T????
[ link to this | view in chronology ]
- Anonymous Coward, 18 Oct 2012 @ 3:01pm
  
  Re: Huh . . .?????
  Moon Nazis.
  [ link to this | view in chronology ]
Anonymous Coward, 18 Oct 2012 @ 2:07pm

If critical infrastructure is copnnected to the Internet the disconnect it.
Doen't Amtrack have its own network, they have the rights of way as it need to go where the trains go. Thinking on it, if the train system can be attacked over the Internet, or even over the phone system, the Amtrack board should be charged with criminal negligence. The best defense against an attack is an air gap to any publicly accessible network, as the most likely attack is a disgruntled e3x-employee who knows how the system workss, and has relevant password,access codes.
[ link to this | view in chronology ]
- Anonymous Coward, 18 Oct 2012 @ 4:16pm
  
  Re:
  There's no "if"; critical infrastructure IS connected to the internet, via control systems called SCADA. As Wikipedia's article mentions, SCADA software often has vulnerabilities. For example, back in 2007, a nuclear power plant was cracked fairly easily. And in 2010 there was Stuxnet, which was designed to attack SCADA systems.
  
  Not that Panetta actually intends to fix any of those absurd vulnerabilities, mind. He simply wants to secure funding, none of which would go toward fixing vulnerabilities. (Otherwise how would they be able to keep securing funding?)
  [ link to this | view in chronology ]
  - abc gum, 18 Oct 2012 @ 5:09pm
    
    Re: Re:
    "critical infrastructure IS connected to the internet"
    
    This is problem then ... duh!
    [ link to this | view in chronology ]
Anonymous Coward, 18 Oct 2012 @ 2:25pm

so who keeps voting these morons into office? there has to be a lot of idiots out there!
[ link to this | view in chronology ]
- Jay (profile), 18 Oct 2012 @ 7:07pm
  
  Re:
  Panetta wasn't elected...
  [ link to this | view in chronology ]
sorrykb (profile), 18 Oct 2012 @ 2:27pm

Or...
Maybe cyberFUD promoters would be more successful if they tried the FBI approach: Find some bumbling nutjob with remedial hacking skills, walk him through a plan step by step, provide all required funding and materials (which would, I presume, include a magical remote-controlled Amtrak passenger train filled with fake nerve gas), then hold a triumphant press conference announcing the arrest and takedown of a major cyberterrorist.
[ link to this | view in chronology ]
- The Real Michael, 19 Oct 2012 @ 5:08am
  
  Re: Or...
  So true it hurts. Why just a couple of days ago, the FBI foiled yet another(!) of their self-created terrorist plots. And then the stupid media plasters it on the front page and makes it seems as if the FBI just prevented a catastrophe.
  
  Their modus operandi appears to be:
  
  1) Find crazy nutjob(s)
  2) Convince them that America needs to be destroyed
  3) Go over details of phony terrorist plot/false flag operation
  4) Bust would-be terrorists
  5) Use the media to try and scare Americans into complacency, i.e. "Give us more broad-sweeping powers."
  6) Wash, rinse, repeat
  [ link to this | view in chronology ]
radarmonkey (profile), 18 Oct 2012 @ 2:27pm

Wrong target
If the systems are vulnerable, then this is an IT issue, not a legislative one! Fix the holes in the network! Don't pass laws adversely affecting innocent citizens that will merely wag a finger at the bad guys and say "Don't do this!"
[ link to this | view in chronology ]
- Robert (profile), 18 Oct 2012 @ 2:56pm
  
  Re: Wrong target
  Clearly it is about control over the Internet.
  [ link to this | view in chronology ]
  - Gary, 19 Oct 2012 @ 4:09pm
    
    Re: Re: Wrong target
    You may be right about control but I kins of wonder if it isn't fear of the big scary internet.
    [ link to this | view in chronology ]
Anonymous Coward, 18 Oct 2012 @ 4:10pm

The solution is to disconnect any critical infrastructure from the @#$%$@# Internet. Requiring a person to have physical access. Fire the dumb lazy $(@*%$* who hooked 'em up to the Intertubez to begin with. Cyber threats solved!
[ link to this | view in chronology ]
- That Anonymous Coward (profile), 18 Oct 2012 @ 7:57pm
  
  Re:
  I'm sorry I hold the patent on common sense and you have violated my rights. Pay me $42 kajillion dollars or else.
  [ link to this | view in chronology ]
  - That One Guy (profile), 18 Oct 2012 @ 8:07pm
    
    Re: Re:
    Wait, is that why so few companies these days are using common sense?! Because they can't afford the licensing fees?!
    
    You... you... fiend! It's your fault all these companies are pulling such insanely stupid stunts!
    [ link to this | view in chronology ]
That One Guy (profile), 18 Oct 2012 @ 6:24pm

Simple two-step fix:
Step 1. Stop this guy from going to the movies, he obviously can't tell the difference between the latest Die Hard movie and a documentary.

Step 2. Get this guy a good psychiatrist, so the problem doesn't pop up later.
[ link to this | view in chronology ]
Michael, 19 Oct 2012 @ 5:11am

Critical Systems
I have worked on some SCADA systems for water and sewer, and I have never seen one with a tank full of poison attached to it via an internet-controlled valve just waiting to be opened. Perhaps that is something new they have been adding.

Why do these guys seem to think that every piece of critical infrastructure we have in this country is somehow attached to either a remote self-destruct button or some kind of doomsday 'quick! poison the cool-aid before they all become zombies' system?
[ link to this | view in chronology ]
Anonymous Coward, 19 Oct 2012 @ 9:06am

I don't get what cybersecurity legislation could possibly do for ANY of those scenarios. I suppose a very broad law forcing legal compliance with best practices for anything labeled 'critical infrastructure' and public reporting of any cyber attacks, and maybe a bit of a spending bill to help upgrade any infrastructure that is hopeless out of date and can't be 'secured' on the digital front.

Somehow, I get the feeling that this is NOT what they have in mind however.

"If critical infrastructure is copnnected to the Internet the disconnect it."

The problem is, if you have any sort of network that extends beyond areas you can physically secure, someone can get into it effortlessly. Give me a pair of RJ45 connectors, a crimp, and a switch. BOOYAH! I agree wtih what you're saying, but you need security anyways. Just not being on the internet won't stop an attacker, or even make them bat an eyelash. Nothing is stopping me from hopping into your private network if your cyber security is weak.

"Why do these guys seem to think that every piece of critical infrastructure we have in this country is somehow attached to either a remote self-destruct button or some kind of doomsday 'quick! poison the cool-aid before they all become zombies' system?"

I think it's less a worry about me running the PoisonAllTheWater.exe, than it is about me shutting down any computer control you may have, or screwing with the power grid. Let me rephrase, I think that's the LEGITIMATE worry.
[ link to this | view in chronology ]
Anonymous Coward, 13 Mar 2013 @ 1:07pm

Siaka
[ link to this | view in chronology ]