Here's a bulletin from RSA: I just watched Secretary of Homeland Security Kirstjen Nielsen issue a warning to cyber attackers of all types.
"I have a news flash for America's adversaries. Complacency is being replaced by consequences." I first reported this in my Live Blog: Lost at RSA 2018.
That warning is a definite change of tone, and it is all part of what the Secretary described as a "more forward-leaning strategy" on the cyber front.
5 changes Homeland Security is making around cybersecurity
Secretary Nielsen told the audience that we're at the point where regular Americans (not just those in InfoSec) are starting to see that our security as a nation is linked to cybersecurity. And DHS is changing its stance in five key areas to go along with that new urgency.
- Systemic risk will be hit head on. We must be more aware of weaknesses and the cascading consequences because of our interconnectivity.
- "Hyperconnectivity means my risk is now your risk, your risk is now my risk. We have
a weakestlink problem," she says. Collective defense is the key to long-term strategy. We must crowdsource to warn of attacks and crowdsource the proper response. "We need your help."
- Federal efforts around cybersecurity will increase implementation. DHS will help enable better supply chain security. "We want to help companies move from first to market, to first to market and secure.”
- Encouraging redundancy in cybersecurity. "In an era of APT, we must focus on advanced persistence resistance. We must be obsessed with redundancy" so that when systems fail in an attack, they fail gracefully. That is, our technology doesn't crash; instead, it switches to a backup, so any loss of connectivity is very limited. Think how this could apply to attacks on critical infrastructure or America's financial system.
- Our digital lives depend on cyber deterrence. “I have a newsflash for America’s adversaries. Complacency is being replaced by consequences.“ She says the days are coming to an end where America is attacked without implications for the other side—although she didn't give any details on this.
The Secretary says these changes are needed so the benefits from our connectivity do not get outweighed by the downside of that connectivity. And if we don't make these changes? Well, expect to pay a price.
"The threat picture is getting dimmer, not brighter," she says. "Cyber is not just a target, it is also a weapon."