“More than 30,000 computers that it infected (at ARAMCO) were rendered useless, and had to be replaced,” he said.
He also pointed to recent denial-of-service attacks on major U.S. banks, which delayed or disrupted services on customer websites.
One U.S. official, briefing reporters before the speech on condition of anonymity, said the United States knew who carried out the attacks cited in Panetta’s speech, but declined to disclose that information.
TRACKING CYBER ATTACKERS
The United States has long been concerned about cyber warfare capabilities in China, Russia and increasingly from Iran. But one problem has been the difficulty in knowing with certainty where a cyber attack hails from - making potential retaliation difficult.
Panetta said the United States had made significant investments in cyber forensics to address that problem “and we are seeing returns on those investments.”
“Potential aggressors should be aware that the United States has the capacity to locate them and to hold them accountable for actions that may try to harm America,” Panetta said, adding the Pentagon was finalizing the most comprehensive change to the rules of engagement in cyberspace in seven years.
He said that the Department of Defense had a mission to defend the country and would be ready to respond to attacks - or even the emergence of a concrete threat. Such pre-emptive action would occur only under certain, dire scenarios, he said.
“If we detect an imminent threat of attack that will cause significant physical destruction in the United States or kill American citizens, we need to have the option to take action against those who would attack us,” he said.