The recent string of cyberattacks on some of the largest U.S. banks may foreshadow more destructive digital assaults on the nation's critical infrastructure to come.
Defense Secretary Leon Panetta says that while financial institutions have weathered cyberattacks before, the slowdowns that have struck banks recently are notable for their velocity.
"In recent weeks, as many of you know, some large U.S. financial institutions were hit by so-called distributed denial of service attacks," Panetta told the Business Executives for National Security, a nonpartisan group, at a speech Thursday in New York. "These attacks delayed or disrupted services on customer websites. While this kind of tactic isn't new, the scale and speed with which it happened was unprecedented."
Panetta said a cyberattack attack in August against Saudi Arabia's state oil company that destroyed more than 30,000 computers may be the worst cyberattack on a business so far and shows the types of events that preoccupy the nation's defenders.
"The most destructive scenarios involve cyber actors launching several attacks on our critical infrastructure at one time, in combination with a physical attack on our country," Panetta added. "The collective result of these kinds of attacks could be a cyber Pearl Harbor; an attack that would cause physical destruction and the loss of life. "
The defense secretary urged Congress to take up a measure that would give the government new ways to protect power plants, transportation systems and other critical infrastructure from cyberattacks after 46 senators voted in August to block it. Panetta said the Obama administration may issue an executive order to increase the sharing of information about threats among the government and private industry, although he added the order would not substitute for comprehensive cybersecurity legislation.
Panetta's comments come amid a series of denial of service attacks aimed at three more U.S. banks. Capital One (COF), SunTrust Banks (STI) and Regents Financial (RFI) all saw their websites slow this week following another wave of attacks. A group that calls itself the Izz ad-Din al-Quassam Cyber Fighters claimed responsibility for the assault, which continues a campaign the group has waged against U.S. banks since September in retaliation for an American-made, anti-Islamic film.
In all, at least nine banks have seen their online banking services stall intermittently since September as a result of attackers' flooding the lines to prevent customers from retrieving their accounts.
Cybersecurity experts also say the latest assaults on financial targets may be the most refined yet. "The attacks are sophisticated, some of this we haven't seen before," William Nelson, chief executive of the Financial Services Information Sharing and Analysis Center, told reporters this week in Washington, D.C. "If this [kind of DDOS attack] becomes the norm, we need to do more than we are today."
Nelson's group, which aggregates security threat information from banks, has advised members since September to "maintain a heightened level of awareness" and "ensure constant diligence in monitoring" for cyberattacks.
At least one bank CEO is echoing the defense secretary's remarks. Cybercrime is "a big deal, it's going to get worse," JPMorgan Chase chief executive Jamie Dimon told an audience at the Council on Foreign Relations on Wednesday in Washington, D.C. "We've got these major security centers and we work with the governments around the world to protect ourselves."
Dimon said he's in favor of cybersecurity law that would strengthen current safeguards, provided the government works collaboratively with business to implement it. "The CIA, the NSA, the Department of Defense, they actually know when these attacks are at the border sometimes," said Dimon. "We don't."