U.S. Not Prepared for Future Nation-State Cyber Attacks, DHS Head Says
Building bulwarks to defend the U.S. against current nation-state cyber attackers isn’t enough — the ability to anticipate future attacks is what the country lacks, Homeland Security Secretary Kirstjen Nielsen said in remarks delivered on Monday, March 18 at George Washington University.
The Department’s Science and Technology Directorate is hosting the 2019 Cybersecurity and Innovation Showcase this week in Washington, D.C. The March 18 – 20 event is expected to draw 1,000 cybersecurity and technology professionals to some 130 presentations on mobile security, cybersecurity research infrastructure, cybersecurity forensics, identity management and data privacy.
“Our enemies and adversaries have evolved,” Nielsen said. “And the arms of government are swinging too slowly to protect the American people. Let me be clear: we are more secure than ever against the dangers of the last decade. But we are less prepared than ever for those that will find us in the next,” she said.
“America is not prepared for this. Your average private citizen or company is no match against a nation-state such as China, Iran, North Korea, or Russia. It is not a fair fight. And until now our government has done far too little to back them up.” The agency’s overall plan, including cybersecurity, is to integrate its strategies and initiatives across agencies and offices in a more unified approach, the Secretary said.
President Trump’s fiscal 2020 budget proposal calls for nearly $11 billion to be set aside for cybersecurity, most of which would go to the Department of Defense (DoD) and Homeland Security’s initiatives and operations. Under the Administration’s budget proposal some $9.6 billion for cybersecurity would be allocated to the DOD.
What the U.S. lacks in the country’s cyber defenses is an understanding of emerging threats, according to Nielsen. “Failure to look at the future or limiting our thinking based on what we’ve observed in the past, those in and of themselves are risks,” she said. “What worries me, though, is not what these threat actors have done, but what they have the capability to do. The possibilities are limitless,” she said. In particular, Nielsen pointed to “forward deployed” supply chain attacks, in which U.S. adversaries use state-owned companies to launch insider attacks.
“Let me just send one last message to our cyber adversaries,” Nielsen said. “You cannot hide behind your keyboards and computer screens, we are watching you. And no matter what malware you develop, I promise you, the engines of our democracy are far stronger and far more resilient than any code you can write.”