The Department of Homeland Security is providing tools and resources to private companies to engage in “active defense” against cyber threats, its secretary said, a practice that has drawn scrutiny from some legal and cybersecurity experts.
Homeland Security Secretary Kirstjen Nielsen told a Senate panel that “active defense” is part of the department’s engagement with the private sector. “There is wide disagreement with respect to what it means,” Nielsen said during a Senate Judiciary Committee hearing. “What it means is, we want to provide the tools and resources to the private sector to protect their systems.”
“So, if we can anticipate or we are aware of a given threat — and as you know, we’ve gone to great lengths this year to work with the [intelligence] community to also include otherwise classified information with respect to malware, botnets, other types of infections — we want to give that to the private sector so that they can proactively defend themselves before they are in fact attacked,” Nielsen explained.
Active defense measures, which fall on the spectrum between passive defense and offensive actions, can involve companies going outside their networks to disrupt attacks, identify attackers or retrieve stolen data. Companies might also use beacon technology to determine the physical location of an attacker if files are stolen.