The NSA has been sharing cyberthreat information on a limited basis with companies that conduct business with the Defense Department. These companies work with sensitive data about weapon systems and technologies and are frequently the targets of cyberspying.
But the loss of valuable information has been eclipsed by fears that an enemy with the proper know-how could cause havoc by sending the computers controlling critical infrastructure systems incorrect commands or infecting them with malicious software. Potential nightmare scenarios include high-speed trains being put on collision courses, blackouts that last days or perhaps even weeks or chemical plants that inadvertently release deadly gases.
Panetta underscored the looming dangers during a speech last week in New York by pointing to the Shamoon virus that destroyed thousands of computer systems owned by Persian Gulf oil and gas companies. Shamoon, which spreads quickly through networked computers and ultimately wipes out files by overwriting them, hit the Saudi Arabian state oil company Aramco and Qatari natural gas producer RasGas.
Panetta did not directly connect Iran to the Aramco and RasGas attacks. But U.S. officials believe hackers based in Iran were behind them.
Shamoon replaced files at Aramco with the image of a burning U.S. flag and rendered more than 30,000 computers useless, Panetta said. The attack on RasGas was similar, he said.
A spokeswoman for the National Security Council, Caitlin Hayden, said the administration is consulting with members of Congress and the private sector as the order is being drafted. But she provided no information on when an order would be signed. "Given the gravity of the threats we face in cyberspace, we want to get this right in addition to getting it done swiftly," she said.
Homeland Security Department: http://www.dhs.gov/cybersecurity
Copyright 2012 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.