The United States is no shrinking violet when it comes to cyber attacks.
At the RSA Cybersecurity Conference in San Francisco, Department of Homeland Security (DHS) Secretary Kirstjen Nielsen made it clear that the United States has “a full spectrum of response options” to defend against cyber attacks and hacks.
In particular, Nielsen said the United States has not ruled out offensive cyber attacks against foreign countries as a means of combating hacks against U.S. infrastructure or meddling in U.S. elections.
Protecting the country’s critical infrastructure assets is a growing concern for DHS. Just last month the agency issued a rare public alert about a large-scale Russian cyber campaign targeting U.S. infrastructure.
With the growing risk to infrastructure in mind, Nielsen said she would consider recommending cyber strikes when planning responses with her colleagues at other agencies. However, she did note that DHS would not be the agency to launch a cyber attack.
“We have to raise the cost of the attack,” Nielsen said.
Nielsen’s comments came at the heels of a joint announcement from DHS, FBI, and Britain’s National Cyber Security Center. In an unprecedented joint statement, the agencies warned that Russia is using compromised computer-network equipment to attack U.S. and British companies and government agencies.
“Russian state-sponsored cyber actors are using compromised routers to conduct ‘man-in-the-middle’ attacks to support espionage, extract intellectual property, maintain persistent access to victim networks, and potentially lay a foundation for future offensive operations,” the joint statement said. “The current state of U.S. network devices–coupled with a Russian government campaign to exploit these devices–threatens the safety, security, and economic well-being of the United States.”
Tech companies also took time this week to weigh in on cyber attacks. Tech giants, including Microsoft and Facebook, announced a joint pledge not to assist any government in offensive cyber attacks. The pledge, named the Cybersecurity Tech Accord, promises to protect all customers from attacks regardless of geopolitical or criminal motive.
“We recognize that we live in a new world,” Microsoft President Brad Smith said at the RSA Cybersecurity Conference. “We’re living amidst a generation of new weapons, and where cyberspace has become the new battlefield.”
In addition to Microsoft and Facebook, 32 other companies signed the pledge, including Cisco, Juniper Networks, Oracle, SAP, Dell, Symantec, FireEye, and Trend Micro. Notably, there were no Russian or Chinese companies included in the pledge. U.S.-based Amazon, Apple, Alphabet (Google’s parent company), and Twitter all sat out of the Cybersecurity Tech Accord.
While the private sector is looking to stay out of the fray, it’s clear Nielsen isn’t afraid of a cyber fight.