Video: There's a tech duel between threat actors and defenders
The US is prepared to take a more aggressive posture against cyber attackers, Homeland Security Secretary Kirstjen Nielsen said Tuesday, warning adversaries, "Complacency is being replaced by consequences."
"We will not stand on the sidelines while our networks are compromised," she said at the RSA conference in San Francisco. "Will not tolerate cyber meddling aimed at the heart of our democracy."
The federal government will use the tools at its disposal, both "seen and unseen," she said, to call out malicious cyber behavior and to punish it.
"Cybersecurity is national security," she said. "To those who try to attack our democracy... I have a simple word of warning: don't."
The warning comes a day after the US and the UK issued a joint statement warning that government-backed Russian hackers are using compromised routers and other network infrastructure to carry out malicious attacks. The statement marked the first time the US and the UK have issued joint advice to industry on mitigating attacks.
In her remarks Tuesday, Nielsen stressed that cybersecurity is, more than ever, a collective problem. "Hyperconnectivity means my risk is now your risk," she said. Likening a cyber attack to a natural disaster, she said, "If we prepare individually, we all fail collectively."
Deterrence and collective security are two pillars of the forthcoming White House cybersecurity strategy, Nielsen said. The US intends to work more closely with private and public partners, she said, to build up resiliency and deter bad actors.
At the same time the government is ready to act more aggressively against cyber threats, a group of major US tech companies are pledging to stay out of any government-launched cyber attacks. The pledge is part of the new Cybersecurity Tech Accord, which has been signed by 34 companies representing every layer of internet communication.
Asked specifically whether the US is prepared to launch offensive cyber attacks, Nielsen hedged, "This concept of 'hack back' has so many different dimensions. It's not one particular action." Pressed further, Nielsen noted that such actions wouldn't fall under the purview of DHS but that all options are considered within interagency conversations.
Nielsen encouraged cybersecurity experts in the private sector to work with the public sector: "Tell us what you need from DHS, flag the risks you are seeing," she said. She also encouraged them to serve as evangelists within the business community, promoting the notion that "security is a core business function."
She also said the public sector should step up its assistance to businesses, becoming "federal empowerers" rather than just regulators.