DHS Secretary Promises U.S. Will Strike Back Against Cyber Adversaries

SAN FRANCISCO—Homeland Security Secretary Kirstjen Nielsen promised swift and punishing responses to attacks from U.S. cyber adversaries, such as Russia and North Korea, warning that “complacency is being replaced by consequences.”

Nielsen called out digital theft of intellectual property and other cyber meddling during a keynote address Tuesday at the RSA Cybersecurity conference in San Francisco, but focused most intensely on Russia’s digital efforts to undermine the integrity of elections in the U.S. and elsewhere.

“Our cyber defenses help guard our very democracy and all we hold dear,” Nielsen said. “To those who would try to attack our democracy, to affect our elections, to affect the elections of our allies, to undermine our national sovereignty, I have a simple word of warning: Don’t.”

She promised a “full spectrum of response options, both seen and unseen,” to adversary cyberattacks, raising the specter of the U.S. striking back in cyberspace along with the government’s typical responses of indictments and sanctions.  

Actually enforcing consequences that reduce other nations’ cyber belligerence, however, will be far trickier than issuing a broad warning.

The U.S. has directed a panoply of sanctions and criminal indictments against Russian hackers and intelligence agencies during the past two years to little effect. This month, the Trump administration expanded its sanctions to target oligarchs and government officials who might wield influence over Russian President Vladimir Putin.

Despite those sanctions and indictments, Russia likely meddled in elections in Britain, France and Germany in 2017 and is likely to attempt to interfere in the 2018 U.S. midterm elections, government officials say.

Nielsen declined to say, during a meeting with reporters Monday, whether Homeland Security has evidence Russia is already attempting to undermine the 2018 election.

She did say that she has “no reason to believe that they have stopped” previous digital meddling efforts aimed at election infrastructure and other targets. Nielsen’s agency released a broad alert Monday about Russian efforts to penetrate government and critical infrastructure systems.

Even if there’s no evidence of Russian meddling on election night 2018, Nielsen said, Americans should be patient with the election results and not presume results are absolutely final until they have been fully vetted.

“We’re going to have to be a bit more patient than we normally are with the breaking news and assuming that’s the final [result],” Nielsen said. “It could be, but I think we’re going to want to see audits. We’re going to want to see redundancy and we’re going to want to make sure that, in fact, we’ve cross-checked any election results.”

Nielsen’s address Tuesday broadly outlined a long-awaited cybersecurity strategy the White House plans to release in the coming days. One main pillar of that strategy will be a new effort by Homeland Security to supply cybersecurity tools directly to critical infrastructure sectors, such as transportation and healthcare, Nielsen said.

Other priorities in the strategy are: focusing more on systemic cyber risks that cross industry sectors; improving cyber defense cooperation between industries and government; and making digital systems more resilient so they can withstand cyber strikes and continue to operate.