DHS secretary talks cybersecurity, safeguarding future elections

LOS ANGELES --  In a rare joint alert, U.S. and British intelligence officials are warning that Russian hackers are trying to commandeer home computers in this country, to lay the groundwork for future cyber attacks. The concern centers around Wi-Fi enabled devices, known as "Internet of Things." 

Millions of machines are potentially vulnerable because of lax security, and these devices can be found in everyday homes. CBS News' Jamie Yuccas sat down with Homeland Security Secretary Kirstjen Nielsen to learn more.

041718-pic-for-krd.jpg

Homeland Security Secretary Kirsten Nielsen talks to CBS News' Jamie Yuccas

CBS News

Secretary Kirstjen Nielsen: They were exploiting and scanning vulnerabilities in networked devices including routers which we all have in our homes. The purpose of that was to conduct sort of man in the middle activities which is a quaint phrase but generally what it means is it can be the person in the middle that takes the traffic and either surveils it, use it for espionage, changes it or what we really worry about is when it's in the system they can then use that access in the future for potential destructive attacks.

Jamie Yuccas: People have smart homes now. So it's not just your computer that you have to think about the password you have to think about every piece of information that you're giving up.

Nielsen: Yes. Yes. It's both information and perhaps control. I mean you have to balance that as an individual homeowner in your example. But the gist of it is anything that's connected to the Internet could be attacked through the Internet. So you have to think both about your data and the function of what it is that you're trying to protect against. But more and more as we move into the internet of things, the internet of everything. Everything is hyper connected and we're dependent on it digitally. I think we'll see more and more instances where there are causes of concern for everyday devices.

Yuccas: Well that's when you hear about this type of thing, I think what comes to mind for some people is could the Russians potentially shut off our electricity or have some other type of attack or all of a sudden water systems are shut off. Are we nervous about that at all?

Nielsen: I think we're in a place unfortunately where any time any place there's a vulnerability there is somebody who will seek to exploit it.

Yuccas: That's a word I think is interesting, vulnerability, because I don't think people at home necessarily know what that means. Can you explain what vulnerability is to the average American?

Nielsen: It's like an unlocked door. So it's a system that is not locked down. There is some part of it that is vulnerable to nefarious activity.

Yuccas: So we're talking about passwords need to be changed a lot. What other types of things do you...

Nielsen: There's lots of "hygiene" is what we've called those sorts of things. We hope that everybody takes those. It's not clicking on phishing emails.

Yuccas: That can be easy to do though.

Nielsen: It's so easy to do, and you know it used to be something that you could quite easily spot right. You'd get an email that you just won a million dollars. Chances are you probably didn't win a million dollars so you might not click on it. But now the adversary's so sophisticated through social engineering they might send an email that looks like it's from your sister who's talking about a restaurant sending you a review to click on. Those are much more difficult to spot in the best of days. But for I think an average citizen it just looks like an e-mail from a friend or family member.

Yuccas: So in that case do you call your sister and say 'Hey did you send me this email,' before you ever open it?

Nielsen: I hope you do. I hope you do. But that's certainly not where anyone wants to be. So we have to do more to find ways to fight phishing. I think in the United States that's actually where we see most of the attacks originate or the method through which most of the malware is distributed is just through that, through emails phishing emails.

Yuccas: And that happens millions upon millions of times every week.

Nielsen: Yes.

Yuccas: Do you think every American should just assume that their information is out there?

Nielsen: Yes.

Yuccas: And that it can be found by a number of different people?

Nielsen: I do. I think the amount of information that we provide is something that many people don't stop to think about. Every time you sign up for your favorite catalog online and you give them your email you've given them your email. That's one other company that has your email when they have attacker has your email. They can send you that phishing email and then that can lead to additional information grabs or other disruptive activity. But I do you think most Americans would be very surprised how much information they actually have voluntarily put online or given to others, and assume that others could secure it. So I know at DHS we urge everyone to be very cautious but eyes wide open. I mean if you want that coupon from that company then you give them your email address. But you do, you do need to stop and pause and think about the potential downside of that.

Yuccas:  What do you want to see happen or what can the Department of Homeland Security do in terms of places like Facebook to lockdown and make sure that our election process is a conversation that we as Americans want to be having and not have this outside influence involved in it?

Nielsen: I think first of all the president has made very clear and I've repeated it myself that there is really nothing more sacred than the integrity of our elections for our democracy. Americans have to know their votes are counted and their votes are counted correctly.

Yuccas: Well that's we're less than seven months away from the midterm.

Nielsen: We are.

Yuccas: What specifically is being done to make sure that election process is ready to go?

Nielsen: You know we have to do it in partnership. It's voluntary. So each state's different and each state's maturity on a cyber security continuum, if you will, is different. Essentially we try to work with each one whether it's exercises, whether it's capacity building training, awareness, to help them do what they need to do to support their systems and secure their systems.

Yuccas: When you talk about support, I mean 26 million dollars in securing election infrastructure is what you're looking at.

Nielsen: At DHS. Yes.

Yuccas: That's not a little number.

Nielsen: No it's not. So what we're using, so first of all we're prioritizing helping this particular sector at the moment for hopefully obvious reasons because we do take it that seriously. So whatever their need, we're trying to meet the need as the requests come in.