A few keystrokes, thousands of miles away. Suddenly, the lights are out, communications systems are down and it’s unclear what happened or who is responsible.
This is the new world of digital destruction. Cyberattacks against our critical infrastructure—the energy grid, emergency services, telecommunications, the financial services sector, and more—have the potential for catastrophic effects disrupting our very way of life.
According to Kirstjen Nielsen, we are facing an urgent, evolving crisis in cyberspace. Our adversaries’ capabilities online are outpacing our stove-piped defenses.
In short, our digital lives are at risk. And we need bold action to fight back.
This threat continues to grow for a number of reasons.
First, our increasing digital interdependence means that your risk is now my risk and my risk is now your risk. A vulnerability that is exploited in one system can result in unpredictable, cascading and widespread consequences—jumping from a tech company one minute to a healthcare provider the next.
Just look to last year, when in a matter of days WannaCry ransomware spread to more than 150 countries, bringing hospitals, car manufacturers and transportation companies to a halt.
“Between government and the private sector, we have the data needed to disrupt, prevent and mitigate cyberattacks. But we aren’t sharing fast enough or collaborating deeply enough to keep cyberattacks from spreading or to prevent them in the first place.”
Second, our cyber rivals are getting more sophisticated.
Years ago, a cyber intrusion might look like a sloppy home break in. The window would be broken, furniture upended and jewelry missing from your bedroom. You knew you’d been hit.
But cybercriminals and nation-states are getting savvier. Now, the door appears to be locked and your house is just as you left it. But in reality, the intruder has already been inside for hours and is waiting for the right moment to strike, undetected.
It is getting harder to detect threat actors as they try to exploit every possible weakness to steal from and manipulate Americans and disrupt and even destroy our critical functions.
Third, we aren’t “connecting the dots” quickly enough.
Between government and the private sector, we have the data needed to disrupt, prevent and mitigate cyberattacks. But we aren’t sharing fast enough or collaborating deeply enough to keep cyberattacks from spreading or to prevent them in the first place.
So what is the Department of Homeland Security doing about it?
We are rethinking homeland security — changing our posture, setting course to confront systemic risk and embracing a new “collective defense” strategy.
Each of us is on the frontlines of the digital battlefield, so we must work together to protect ourselves. Any of us could be the weak link that not only allows adversaries to infect our systems but allows them to spread further into others.
The Department of Homeland Security cannot (and should not) protect every system, every network and every smartphone.
Commentary by Kirstjen Nielsen, U.S. Secretary of Homeland Security.
