Speaking in the opening keynote session of RSA 2018 in San Francisco today the Honorable Kirstjen Nielsen, secretary, United States Department of Homeland Security (DHS), discussed strategies the DHS is using to reach its cybersecurity goals to protect the country’s citizens and organizations from cyber-attacks, breaches and cybercrime.
“Digital security is converging with personal and physical security, and the public is starting to realize how much both are intertwined,” she said. “The threat picture is getting dimmer, not brighter,” Nielsen added, and “if the past year showed us anything it’s that our cyber-enemies are bolder and savvier than ever before.”
The DHS is therefore responding with a more forward-leading posture, and Nielson outlined five particular areas that will be addressed to provide a new approach for a new age of security.
The first is a focus on systemic risk; “we must be more aware of vulnerabilities built into the very fabric of the internet, and we must be more aware of single points of failure, concentrated dependencies and cross-cutting, underline functions.” To do that, the DHS is ensuring this perspective shapes all engagement with the private sector and its risk assessments.
The next is collective security, which involves a viewpoint that “your risk is now my risk. It sounds very simple,” Nielson said, “but what that means is you can no longer protect yourself in a vacuum. We have a weakest link problem and the consequences affect us all – everyone is cyber-vulnerable.” As a result, the DHS aims to have far greater awareness of dangerous threats before they hit networks, but being “faster, smarter and more effective in responding to cyber-incidents” cannot be done alone; “the bad guys are crowdsourcing their attacks, so we need to crowdsource our defenses.”
The third area is a need to refresh thinking about the federal role in cybersecurity, Nielson said. “I’m not talking about federal regulators,” she explained, “we need to be federal empowerers, using our resources to offer voluntary systems and unique tools to address cyber-market failure.” The DHS approach to this is two-fold: helping creators build defenses into the design and creation of their products, and educating more consumers to be security conscious and ensure services match up with their needs and wants.
Next is an understanding that prevention can only go so far, and we need to “urgently focus on something I have called ‘advanced persistent resilience’,” Nielson said. The DHS has therefore adopted an aggressive posture on defending election infrastructure.
Lastly, there is a need for better cyber-deterrence, something our digital lives and very way of being now depend on. “If we don’t start identifying and punishing our assailants they will overtake us. As secretary of Homeland Security I am working with my counterparts and President’s cabinet to fight back,” Nielson concluded.