Leon Panetta said the country was preparing to take pre-emptive action if a serious cyber-attack was imminent.
He said US intelligence showed “foreign actors” were targeting control systems for utilities, industry and transport.
Advanced tools were being created to subvert key computer control systems and wreak havoc, said Mr Panetta.
“An aggressor nation or extremist group could gain control of critical switches and derail passenger trains, or trains loaded with lethal chemicals,” said Mr Panetta in a speech to business leaders held on the USS Intrepid – a former aircraft carrier that is now a museum.
“They could contaminate the water supply in major cities, or shut down the power grid across large parts of the country.
“Such a destructive cyber-terrorist attack could paralyse the nation and create a profound new sense of vulnerability,” he said.
Smaller scale cyber-attacks were now commonplace, said Mr Panetta.
In recent weeks, many large US firms had suffered attacks that had involved them being bombarded with huge amounts of data, he said. In addition, oil companies in Qatar and Saudi Arabia had been hit by the Shamoon attack, which had tried to replace computer data with gibberish. About 30,000 machines were hit by the Shamoon attack.
The US defence department had developed tools to trace attackers, he added, and a cyber-strike force that could conduct operations via computer networks. And it was now finalising changes to its rules of engagement that would define when it could “confront major threats quickly”.
“Potential aggressors should be aware that the United States has the capacity to locate them and hold them accountable for actions that harm America or its interests,” he said.
“If we detect an imminent threat of attack that will cause significant physical destruction or kill American citizens, we need to have the option to take action to defend the nation, when directed by the president.”