U.S. leaders have changed how they view threats in cyberspace and will now increase their focus on the capabilities of potential bad actors, Secretary of Homeland Security Kirstjen Nielsen said Oct. 3 at the Atlantic Council.

“We no longer assume that because a nation state or a criminal organization has the capability they will not use it,” Nielsen said. “We are changing to a posture of assuming that if the capability exists, it could in fact be used against us, and we have to prepare accordingly.”

The remarks came during a speech about the risk of cyberattacks on the United States.

“Without aggressive action on our part to secure our networks, it is only a matter of time before, I believe, we get hit, and hit hard in the homeland,” Nielsen said. “What worries me in this conversation is not what has been done, but what they have the capability to do.”

Nielsen’s comments come weeks after the Trump administration unveiled its national cyber security strategy, which promises to deter cyberattacks and create new red lines.

The new strategy says the United States will launch “an international cyber deterrence initiative” that will build a coalition of allies in cyberspace that will focus on ensuring that “adversaries understand the consequences of their malicious cyber behavior.”

Nielsen also drew a line in the sand for foreign states interfering in the upcoming midterm vote, warning that “any attempt, whether it is successful or unsuccessful to interfere in our elections is an attack on our democracy, and we will take it very seriously.”

Intelligence officials warn that Russia and other foreign countries are trying to influence the 2018 elections. The intelligence community has set up an “election security small group” this May, which monitors foreign influence and feeds information to the FBI and local election officials.

The U.S. does not have evidence that any nation has the intention to disrupt the election infrastructure during the upcoming midterm vote, Nielsen said Oct. 1 during an event at the Washington Post, but warned that foreign countries have the technical capability to do so if they want.