Building a slide deck, pitch, or presentation? Here are the big takeaways:
- A top DHS official spoke at the RSA conference on how the agency will use its tools to find and punish malicious cyber actors.
- At RSA, 34 companies signed the Cybersecurity Tech Accord, vowing not help governments launch cyberattacks.
Kirstjen Nielsen, the United States Secretary of Homeland Security, spoke at the 2018 RSA conference in San Francisco about how the agency is working harder to find and punish malicious cyber actors. As noted by our sister site ZDNet, Nielsen went as far as to say that “cybersecurity is national security.”
Nielsen said that the government would use its tools and capabilities to take down its adversaries. She also warned that new consequences would be replacing former complacency.
“We will not stand on the sidelines while our networks are compromised,” Nielsen said at the conference. She later added that the government “will not tolerate cyber meddling aimed at the heart of our democracy.”
SEE: Network security policy (Tech Pro Research)
As noted by ZDNet, Nielsen’s warnings come on the heels of a joint statement from the US and UK governments, warning of router-based attacks and more coming from government-based hackers.
In her comments, Nielsen seems to be alluding to the use of controversial offensive cyber capabilities. This has been referred to in many tech circles as the ability to “hack back,” and was illegal for private sector companies for a long time.
“This concept of ‘hack back’ has so many different dimensions,” Nielsen said. “It’s not one particular action.”
Nielsen also encouraged collaboration between public and private sector firms, asking businesses to “flag the risks you are seeing” in the industry. But it may be difficult for companies to trust the DHS, when it was recently found that the agency’s own security was lacking.
At the same time that Nielsen was calling for this collaboration between tech companies and government, 34 tech companies signed the Cybersecurity Tech Accord. In this document, they agreed not to “help governments launch cyberattacks against innocent citizens and enterprises.” So, it doesn’t seem that these companies will be first in line to help the DHS.
Still, firms like Google have been known to help the US government, using artificial intelligence (AI) to analyze drone footage. But, that work recently led to a massive employee protest.
The differing views on cyberattacks harken back the recent plight of tech companies fighting against the US government’s desire for encryption back doors in their products. As companies like Apple won customer loyalty by promising to protect user privacy, it may be similar in the future for tech firms to claim no involvement with offensive government cyberattacks.