NEW YORK — Defense Secretary Leon E. Panetta warned Thursday that the United States is facing the possibility of a ‘‘cyber-Pearl Harbor’’ and that it was increasingly vulnerable to foreign computer hackers who could dismantle the nation’s power grid, transportation system, financial networks, and government.
In a speech at the Intrepid Sea, Air, and Space Museum in New York, Panetta painted a dire picture of how such an attack on the United States might unfold. He said he was reacting to increasing aggressiveness and technological advances by the nation’s adversaries, which officials identified as China, Russia, Iran, and militant groups.
‘‘An aggressor nation or extremist group could gain control of critical switches and derail passenger trains, or trains loaded with lethal chemicals,’’ Panetta said. ‘‘They could contaminate the water supply in major cities, or shut down the power grid across large parts of the country.’’
Defense officials insisted that Panetta’s words were not hyperbole and that he was responding to a recent wave of cyberattacks on large US financial institutions. He also cited an attack in August on the state oil company Saudi Aramco, which infected and made useless more than 30,000 computers.
But Pentagon officials acknowledged that Panetta was also pushing for legislation on Capitol Hill. That legislation would require new standards at critical private-sector infrastructure facilities — such as power plants, water treatment facilities, and gas pipelines — where a computer breach could cause significant casualties or economic damage.
In August a cybersecurity bill that had been one of the administration’s national security priorities was blocked by a group of Republicans, led by Senator John McCain of Arizona, who took the side of the US Chamber of Commerce and said it would be too burdensome for corporations.
The most destructive possibilities, Panetta said, involves ‘‘cyberactors launching several attacks on our critical infrastructure at once, in combination with a physical attack on our country.’’ He described the collective result as a ‘‘cyber-Pearl Harbor that would cause physical destruction and loss of life, paralyze and shock the nation, and create a profound new sense of vulnerability.’’
Plea for action
Panetta also argued against the idea that new legislation would be costly for business. ‘‘The fact is that to fully provide the necessary protection, in our democracy, cybersecurity must be passed by Congress,’’ he told his audience, Business Executives for National Security. ‘‘Without it, we are vulnerable.’’
With the legislation stalled, Panetta said President Obama was weighing the option of issuing an executive order that would promote information sharing on cybersecurity between government and private industry. But Panetta made clear that he saw it as a stop-gap measure and that private companies, which are typically reluctant to share internal information with the government, would cooperate fully only if required to by law.
Panetta’s comments, which were his most extensive to date on cyberwarfare, also sought to increase the level of public debate about the Defense Department’s growing capabilities not only to defend but to carry out attacks over computer networks. Even so, he carefully avoided using the words ‘‘offense’’ or ‘‘offensive’’ in the context of US cyberwarfare, instead defining the Pentagon’s capabilities as ‘‘action to defend the nation.’’
The United States has nonetheless engaged in its own cyberattacks, although it has never publicly admitted it. From his first months in office, Obama ordered sophisticated attacks on the computer systems that run Iran’s main nuclear enrichment plants, according to participants in the program. He decided to accelerate the attacks, which were begun in George W. Bush’s administration and code-named Olympic Games, even after an element of the program accidentally became public in 2010.