author photo
By SecureWorld News Team
Mon | Aug 20, 2018 | 6:57 AM PDT

A scoop in the Wall Street Journal made headlines around the world.

The paper reports that President Trump quietly loosened many of the internal guidelines the U.S. must follow before launching an offensive cyber attack.

However, our SecureWorld team is not surprised by this news.

And neither is anyone who has been listening to Secretary of Homeland Security Kirstjen Nielsen.

I was in the audience at the 2018 RSA cybersecurity conference when she suddenly took on a bold tone and issued a warning to cyber attackers of all types.

"I have a news flash for America's adversaries. Complacency is being replaced by consequences." I first reported this in our Live Blog: Lost at RSA 2018.

The Secretary describes this as a "more forward-leaning strategy" on the cyber front. The President's move is another piece of that strategy.

5 changes Homeland Security is making in cybersecurity

Secretary Nielsen told the audience that we're at the point where regular Americans (not just those in InfoSec) are starting to see that our security as a nation is linked to cybersecurity. And DHS is changing its stance in five key areas to go along with that new urgency. Pay particular attention to #5.

  1. Systemic risk will be hit head-on. We must be more aware of weaknesses and the cascading consequences because of our interconnectivity.
  2. "Hyperconnectivity means my risk is now your risk, your risk is now my risk. We have a weakest link problem," she says. Collective defense is the key to long-term strategy. We must crowdsource to warn of attacks and crowdsource the proper response. "We need your help."  [Note: It appears the FBI's request to reboot your router was the start of crowdsourcing security.]
  3. Federal efforts around cybersecurity will increase implementation. DHS will help enable better supply chain security. "We want to help companies move from first to market, to first to market and secure.”
  4. Encouraging redundancy in cybersecurity. "In an era of APT, we must focus on advanced persistence resistance. We must be obsessed with redundancy" so that when systems fail in an attack, they fail gracefully. That is, our technology doesn't crash; instead, it switches to a backup, so any loss of connectivity is very limited. Think how this could apply to attacks on critical infrastructure or America's financial system. 
  5. Our digital lives depend on cyber deterrence. “I have a newsflash for America’s adversaries. Complacency is being replaced by consequences.“  And she doubled down on that statement: "Cyber is not just a target, it is also a weapon."

A weapon that just got easier to use for the United States government. 

Comments