DHS secretary: US could cyberattack countries sponsoring hacks

Kirstjen Nielsen tells the RSA conference the US hasn't ruled out offensive cyberattacks to prevent hacks from other countries.

Laura Hautala Former Senior Writer
Laura wrote about e-commerce and Amazon, and she occasionally covered cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Washington, and was into sourdough before the pandemic.
Expertise E-commerce | Amazon | Earned wage access | Online marketplaces | Direct to consumer | Unions | Labor and employment | Supply chain | Cybersecurity | Privacy | Stalkerware | Hacking Credentials
  • 2022 Eddie Award for a single article in consumer technology
Laura Hautala
2 min read
DHS Secretary Kirstjen Nielsen speaks on stage from behind a podium at the RSA Conference in San Francisco.

The US has "a full spectrum of response options" to combat hacking attacks from other countries, Kirstjen Nielsen, the secretary of homeland security, said at the RSA Conference on Tuesday.

RSA Conference 2018

The US hasn't ruled out cyberstrikes against foreign countries and has "a full spectrum of response options" available, Department of Homeland Security Secretary Kirstjen Nielsen said Tuesday.

Speaking to the RSA cybersecurity conference in San Francisco, Nielsen said the US needs to take an assertive stance to stop hacks against its infrastructure. To deter such attacks, she considers the possibility of recommending cyberstrikes when planning responses with other government agencies.

"If we don't start identifying and punishing our assailants, they will overtake us," Nielsen said in prepared remarks. She said Homeland Security wouldn't be the one to conduct a strike, if one is needed. 

Nielsen's comments come as the government and technology community wrestle with the thorny issue of whether countries should carry out cyberattacks in response to hacks committed or funded by foreign governments. No consensus has emerged and many tech companies have declared they won't participate in a cyberstrike. 

Indeed, Microsoft, Facebook and other tech companies signed a pledge on Tuesday not to help governments with such attacks.

Nielsen acknowledged the pledge and agreed with the principle of setting a standard for behavior.

"We need norms," Nielsen said. "We all need to agree as to what these are."

Watch this: DHS secretary says US must fight back on hacking attacks

In an interview with reporters a day earlier, Nielsen said Homeland Security relies on sanctions of all kinds, including economic and diplomatic sanctions. The goal is to make hacking take up more resources and become a less attractive option. 

"We have to raise the cost of the attack," Nielsen said.

In March, the US singled out nearly 20 Russians and leveled economic sanctions for their alleged role in the spread of misinformation around the time of the 2016 US presidential election. The Russians are also believed to have plotted hacks of the US power grid, water supply and air transportation system. 

Nielsen expressed her support for the sanctions, which were announced by the US Treasury Department. 

"We will not tolerate cybermeddling aimed at the heart of our democracy."

Nielsen's remarks come one day after Homeland Security, the FBI and the UK's National Cyber Security Centre publicly warned that Russian hackers have been scouring the internet for unsecured routers to use them to carry out hacking attacks. 

Tech Enabled: CNET chronicles tech's role in providing new kinds of accessibility. 

CNET Magazine: Check out a sample of the stories in CNET's newsstand edition.