Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Incident & Breach Response
DHS Secretary: US Won't Tolerate Cyber MeddlingDepartment of Homeland Security Soon Will Unveil New Cybersecurity Strategy
Department of Homeland Security Secretary Kirstjen M. Nielsen warns that the U.S. will more aggressively move to punish cyberattackers. Plus the department plans to unveil a new cybersecurity strategy.
See Also: LIVE Webinar | Stop, Drop (a Table) & Roll: An SQL Highlight Discussion
Nielsen, speaking at the 2018 RSA Conference on Tuesday, didn't mince words over what has become increasing frustration over attacks by nation-states. Complacency, she said, "is being replaced by consequences."
"The United States possesses a full spectrum of response options - both seen and unseen - and we will use them to call out malign behavior, punish it, and deter future cyber hostility," according to a transcript of her remarks.
The U.S. has grappled with how to proportionately respond to cyberattacks without triggering an electronic war that could rapidly escalate. The rules around cyber engagement are fuzzy, and there are worries that a tit-for-tat could spiral into physical or economic damage.
" The United States possesses a full spectrum of response options - both seen and unseen - and we will use them to call out malign behavior, punish it and deter future cyber hostility."
Nielsen called out Russia and North Korea. North Korea has been blamed for creating the WannaCry ransomware, which leveraged a leaked NSA tool to cause unseen-before damage. Russia, accused of meddling with the 2016 elections, was also blamed for creating NotPetya, another destructive round of ransomware that followed WannaCry (see NotPetya: From Russian Intelligence, With Love).
"The United States - and our allies - exposed both nations for their reckless actions," she said. "But why would they take such risks in the first place? The answer is simple - they think they can get away with it. And too often they have. The consequences have been limited."
On Monday, the U.S. and U.K. issued an unprecedented joint statement blaming Russia for hacking attacks against routers, switches, firewalls and network intrusion detection systems (see US, UK: Russian Hackers Deeply Embedded in Routers, Switches).
'Savvier Than Before'
Nielsen said that 2017 was the worst year on record for the volume of cyberattacks. She mentioned, in particular, one of the most egregious breaches of the year of credit bureau Equifax (see Analysis: Why Equifax Breach Is So Significant).
She also said nation-states are "bolder, more brazen and savvier than before."
"Several years ago, a cyber intrusion by a foreign rival might look similar to a sloppy home break-in," Nielsen said. "You knew you'd been hit because the window was broken, there were boot marks in the hallway and your favorite electronics were missing."
The objectives of attackers vary, from seeking classified information to intellectual property to trade secrets, she pointed out. Others are seeking to compromise critical infrastructure "so that one day in a conflict they can turn our vital systems against us - or simply turn them off," she said.
"In some ways, we are at a disadvantage because our cyber adversaries have a different risk calculus or cyber activity threshold," she said. "They seem to believe the digital realm is fair game for nefarious activity, and they are often indifferent to collateral damage."
The forthcoming DHS cybersecurity strategy will focus on enhancements in risk identification, vulnerability reduction, threat reduction and consequence mitigation, Nielsen said.
DHS will focus in part on systemic risk, she said. The agency is already working with the technology industry to identify and fix risks within supply chains.
Nielsen also contended that information sharing needs to be improved to create a better collective defense. Within five years, DHS would like to have better awareness before attacks hit networks and be able to "dismantle major illicit cyber networks in minutes, not months."
DHS backs a program called Automated Indicator Sharing, which aims to quickly share technical data that allows organizations to take defensive action. She also cited the Financial Systemic Analysis and Resilience Center, which was set up by bank two years ago to better defend the wholesale payment system.
The U.S. is also putting much effort into securing election infrastructure following Russian interference, which included intrusions in state and local voter registration systems, she said.
"We cannot let it happen again, and that is why DHS has adopted an aggressive posture for helping to defend our election infrastructure," she said.