SAN FRANCISCO—Secretary of Homeland Security Kirstjen M. Nielsen warned Nation-state adversaries not to launch cyber-attacks against the U.S, during her keynote address on April 17 at the RSA Conference here.
Nielsen’s asserted several times during her keynote that cyber-security isn’t just a concern for individual and enterprises, it’s a national imperative. She stressed that in the modern world, digital security has converged with public security.
“Cyber is now everyone’s problem,” Nielsen said.
Nielsen took aim at nation-state threat actors including North Korea and Russia during her remarks. She said that nation-state threat actors are more sophisticated and sinister than ever before. She commented that while some governments want to weaken U.S defenses, others are just trying to steal intellectual property and personal information in an attempt to advance their own industries and to potentially manipulate Americans.
Nielsen also said that nation-state threat actors are indifferent to collateral damage as noted by the widespread impact that the NotPetya and WannaCry attacks had. The U.S. government formally blamed Russia for NotPetya in February of this year. In December 2017, the U.S. government formally blamed North Korea for the WannaCry attack.
“They think they can get away with it and they have,” Nielsen said. “The consequences have been limited.”
Systemic Risk
Nielsen said that DHS is set to release a formal strategy that will detail how it will respond to systemic risks from nation-states and others with the potential to have broad impact on the U.S.
Given that many technologies are integrated with others, Nielsen said that DHS’ view is that cyber-security needs to be prioritized across all industry sectors. She said that DHS is looking to help mitigate systemic risk in supply chains and share information to help close gaps.
“Our hyper-connectivity means your risk is my risk,” Nielsen said. “That sounds simple, but it means you can no longer protect your self in a vacuum.”
Nielsen added that everyone has a role in making cyber-space more secure, because today everyone is on the front lines of the digital battlefield.
Resilience
“Despite our best efforts we will get hit,” Nielsen said. “So we need to focus on what i call advanced persistent resilience.”
Nielsen said that a resilient system must be able to operate despite attacks and must include redundancy. Nielsen also said that the U.S. will not sit idly by while being attacked by cyber-adversaries. She said that that U.S. will not tolerate election meddling and other forms of nation-state cyber-attack.
Nielsen warned that the concept of hacking back has different dimensions, though she did not specify precisely how the U.S. might respond to a cyber-attack from a nation-state adversary.
“If we don’t stop our adversaries, they will overtake us,” Nielsen said. “I have a newsflash for our adversaries, complacency is being replaced by consequences.”
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.