The U.S. military could act pre-emptively if it detects an imminent threat of cyber attack, U.S. Defense Secretary Leon Panetta said on Thursday, urging stronger action to bolster America’s defenses against such plots.

In what was described by U.S. officials as the first major policy speech on cyber security by a defense secretary, Panetta lamented under-investment by America’s private sector and political gridlock in Washington that he said stymied cyber security legislation. He said a presidential executive order was being considered “while we wait for Congress to act.”

Addressing a gathering of business leaders in New York, Panetta warned that unnamed foreign actors were targeting computer control systems that operate chemical, electricity and water plants and those that guide transportation.

“We know of specific instances where intruders have successfully gained access to these control systems. We also know that they are seeking to create advanced tools to attack these systems and cause panic, and destruction, and even the loss of life,” Panetta said.

Aggressors could derail passenger trains, contaminate the water supply or shut down the power grid in much of the country, he said.

Still, he cautioned the gathering of the Business Executives for National Security that although awareness of the threat in America’s private sector had grown, “the reality is that too few companies have invested in even basic cyber security.”

To underscore the degree of concern, Panetta pointed to the August cyber attack on Saudi Arabian state oil company, ARAMCO, blamed on the “Shamoon” virus, and a similar one days later that struck Qatar’s natural gas firm, Rasgas.

“All told, the Shamoon virus was probably the most destructive attack that the private sector has seen to date,” he said.

Panetta called the “Shamoon” virus sophisticated and noted that in Saudi Arabia it replaced crucial system files with an image of a burning U.S. flag.