DHS secretary: Focus on the systemic cyber risks

Block-and-tackle cybersecurity tactics are no longer effective, Kirstjen Nielsen says, so DHS and its partners must act together to address the evolving threats.

Shutterstock image (by Maksim Kabakou): pixelated shield, protection concept.
 

The Department of Homeland Security is working to keep foreign terrorists out of the U.S. through new, beefed-up vetting procedures at borders and overseas, but keeping out cyber attackers is a very different challenge, according to the agency's top official.

DHS Secretary Kirstjen Nielsen said in a Jan. 29 speech that cybersecurity is a significant and shared concern among government and industry stakeholders. "Your risk is now my risk and my risk is yours," she said of cyber risks.

And while DHS stops some 2,000 known or suspected terrorists from physically entering the country a year, Nielsen said, cyber attackers "already here."

The ability to address evolving electronic tactics, from online recruitment of terrorists to cyber attacks and intrusions, must be met with a partnership that can address weak points in U.S. and commercial industry cyber defenses, Nielsen said in her remarks at the Woodrow Wilson Center in Washington.

Nielsen said the National Institute of Standards and Technology's cybersecurity framework should be used as a starting point and promised that the president's cybersecurity strategy would be updated in the "coming months."

Nielsen had much the same message for world leaders at the World Economic Conference in Davos, Switzerland, last week. At that conference, she said an organization's risks don't end at the network's edge. She said DHS has prioritized information sharing with the private sector and is looking to a "collective defense" to reduce known threats and vulnerabilities, freeing up organizations to focus on more sophisticated threats.