DHS giving ‘active defense’ cyber tools to private sector, secretary says

DHS giving ‘active defense’ cyber tools to private sector, secretary says
© Greg Nash

The Department of Homeland Security is providing tools and resources to private companies to engage in “active defense” against cyber threats, its secretary said Tuesday, a practice that has drawn scrutiny from some legal and cybersecurity experts.

Homeland Security Secretary Kirstjen NielsenKirstjen Michele NielsenTucker Carlson says he 'can't really' dine out anymore because people keep yelling at him Top Judiciary Dems call for unredacted 'zero tolerance' memo The Hill's Morning Report — Presented by PhRMA — Dem path to a Senate majority narrows MORE told a Senate panel that “active defense” is part of the department’s engagement with the private sector. 

“There is wide disagreement with respect to what it means,” Nielsen said during a Senate Judiciary Committee hearing. “What it means is, we want to provide the tools and resources to the private sector to protect their systems.” 


“So, if we can anticipate or we are aware of a given threat — and as you know, we’ve gone to great lengths this year to work with the [intelligence] community to also include otherwise classified information with respect to malware, botnets, other types of infections — we want to give that to the private sector so that they can proactively defend themselves before they are in fact attacked,” Nielsen explained. 

Active defense measures, which fall on the spectrum between passive defense and offensive actions, can involve companies going outside their networks to disrupt attacks, identify attackers or retrieve stolen data. Companies might also use beacon technology to determine the physical location of an attacker if files are stolen. 

Nielsen did not go into detail about the active defense measures that the Homeland Security Department is supporting in the private sector. 

A House bill introduced by Reps. Tom GravesJohn (Tom) Thomas GravesTrump and son signal support for McCarthy as next Speaker The stakes are sky-high for the pro-life cause in the upcoming midterms Dem senator: Congress should consider allowing companies to 'hack back' after cyberattacks MORE (R-Ga.) and Kyrsten Sinema (D-Ariz.) that would allow companies to engage in a range of active defense measures has attracted bipartisan support and triggered debate about the advantages and pitfalls of letting companies retaliate against hackers. 

Some critics say that active defense measures would amount to “hacking back” and come with a host of legal and security risks. Proponents, meanwhile, say they would better allow companies to monitor and stop attacks.

"The status quo is not acceptable anymore," Graves told The Hill in November. 

Nielsen was responding to questions during the hearing from Sen. Orrin HatchOrrin Grant HatchGOP leaders hesitant to challenge Trump on Saudi Arabia Congress should work with Trump and not 'cowboy' on Saudi Arabia, says GOP senator US to open trade talks with Japan, EU, UK MORE (R-Utah), who said that characterizations of active defense as “hacking back” are “inaccurate.”

Hatch asked the Homeland Security secretary whether current law imposes any unnecessary restrictions on private companies’ ability to deploy active defense tools. Nielsen signaled that the department is examining whether there are any legal barriers hindering efforts by companies to protect their data and consumers. 

“It’s rather complicated,” Nielsen said. “There are some limitations with respect to liability, there are other questions with respect to insurance, and we do need to continue to work with the private sector to understand if there are any barriers that could prevent them from taking measures to protect themselves and the American people.”

As part of its broad mission, Homeland Security is responsible for engaging with the private sector and critical infrastructure owners on cybersecurity threats.