While Panetta chose his words carefully, one cybersecurity expert said the Pentagon chief’s message to Iran in the speech was evident.
“It’s not something where people are throwing down the gauntlet, but I think Panetta comes pretty close to sending a clear warning (to Iran): We know who it was, maybe you want to think twice before you do it again,” said cybersecurity expert James Lewis, who is with the Center for Strategic and International Studies. “I think the Iranians will put two and two together and realize he’s sending them a message.”
He said Panetta’s remarks were an important step by the U.S. because the Iranian cyberthreat “is a new dimension in 30 years of intermittent conflict with Iran for which we are ill-prepared. It’s really important to put them on notice.”
The cyberattacks hit the Saudi Arabian state oil company Aramco and Qatari natural gas producer RasGas using a virus, known as Shamoon, which can spread through networked computers and ultimately wipes out files by overwriting them.
Senior defense officials said the information was declassified so that Panetta could make the public remarks. The officials added that the Pentagon is particularly concerned about the growing Iranian cyber capabilities, as well as the often discussed threats from China and Russia. The two officials spoke on condition of anonymity because they were not authorized to discuss the cyberthreats publicly.
In his speech, Panetta said the Shamoon virus replaced crucial system files at Aramco with the image of a burning U.S. flag, and also overwrote all data on the machine, rendering more than 30,000 computers useless and forcing them to be replaced. He said the Qatar attack was similar.
Panetta offered no new details on the Pentagon’s growing cyber capabilities or the military rules of engagement the department is developing to guide its use of computer-based attacks when the U.S. is threatened.