Welcome to The Cybersecurity 202! How? How do these creatures continue to astound me? Octopuses are miracles.

Below: CISA orders agencies to secure exposed networks, and Israel approves a probe into a murder investigation involving spyware. First:

Cybersecurity takes center stage in Section 702 push

In its quest to convince Congress to reauthorize a digital surveillance tool by the end of this year, the Biden administration is increasingly looking to bolster its case by invoking cybersecurity.

At a Tuesday hearing of the Senate Judiciary Committee, Biden administration officials trotted out newly declassified details about how surveillance powers granted under what’s known as Section 702 helped ease the damage of one of the most notorious cyberattacks on the United States: the 2021 ransomware attack on Colonial Pipeline that sparked an East Coast fuel panic.

Those authorities helped identify the culprit behind the attack as well as claw back the majority of the ransom payment, said Matt Olsen, assistant attorney general for national security.

It was just one cyber case the administration presented in a sometimes contentious hearing. Section 702 is controversial because, as I wrote elsewhere on Tuesday, lawmakers from both parties are worried that spy agencies have used it to violate the privacy rights of Americans — both under the rules of 702 and via misuse.

Still, Section 702 still has its skeptics in Congress, and top lawmakers have signaled that they want substantive changes to the surveillance powers before they’re re-upped.

The other cyber incidents

In a joint written testimony from the Biden administration witnesses, the NSA, FBI and CIA all cited Section 702’s usefulness for cybersecurity.

Section 702 “is invaluable within our cyber program, as it counters malicious activity from adversaries such as China, Russia, Iran and North Korea, among others,” testified Paul Abbate, deputy director of the FBI.

  • “As crucial as 702 authority is now, it will only become more important over the next five years, as foreign cyberattacks continue to escalate in sophistication and frequency,” he said.

Section 702 authorizes warrantless intelligence collection on foreign targets, some of whom may be communicating with Americans. And the FBI can access that database of communications using Americans’ identifiers, such as their names or email addresses, for foreign intelligence purposes or with evidence of a crime.

Whether the second bit should be allowed without a warrant is a big part of the debate for Congress. Biden administration officials oppose such a requirement and cited cyber examples as instances where quickly accessing the database with U.S. people’s information helped cybersecurity investigations.

The FBI was investigating a cyberattack against a critical infrastructure target in the United States, and used Section 702 powers to query the database with Americans’ identifiers, said Matt Olsen, assistant attorney general for national security. Doing so helped the FBI figure out Chinese hackers were behind the attack, he said. Olsen didn’t say when the attack happened, or against whom.

In another case, the deputy director of the National Security Agency, George Barnes, said Section 702 collection “identified an Iranian ransomware attack against an American nonprofit, and the data we acquired provided the U.S. government with information needed to mitigate the damage and recover the victim organization’s data without resorting to ransom payments.”

Like Olsen, Barnes didn’t provide specific details about when the attack happened or against whom. Senior administration officials who spoke on the condition of anonymity to speak more candidly on the cases said they still needed to keep some details classified to avoid tipping off adversaries to U.S. capabilities. Lawmakers, though, would have more access to those details, the official said.

Tuesday’s hearing wasn’t the first time Biden administration officials have invoked cybersecurity when pressing their case to renew Section 702. An unnamed FBI senior adviser told Tonya Riley at CyberScoop in a story this month that cybersecurity accounts for “about half” or a “plurality” of Section 702 database searches.

The future

Try as they might, though, Biden administration officials didn’t seem to fully win over senators on Tuesday. Many senators expressed at least some interest in renewing Section 702 — but often not in a way that the administration would like.

“I will only support the reauthorization of Section 702 if there are significant, significant reforms,” said Senate Judiciary Chairman Richard J. Durbin (D-Ill.). “And that means first and foremost, addressing the warrantless surveillance of Americans in violation of the Fourth Amendment.”

  • Moreover, the reforms must also include safeguards to prevent future abuses and ensure effective oversight by Congress and the courts,” he continued.

The FBI made procedural changes in 2021 and 2022 intended to reduce the number of U.S. person database queries, and to prevent misuse like the kind found in recently unsealed court documents, Abbate testified.

  • Abbate also touted additional measures Tuesday, with escalating punishments for personnel when there’s “negligence” in their queries.

In response to the administration signaling it wouldn’t oppose codifying the FBI’s procedural changes to make them a matter of law rather than just administration policy, Durbin didn’t sound impressed.

“If the reforms that you’ve mentioned in 2021 are the only reforms that you’re bringing to the committee as we discuss the future of 702, I’ve got to see more,” Durbin said.

But Durbin did say he would work to bridge the gap between Congress’ deep skeptics of Section 702 and those who favor only smaller changes. And his committee is one of the key ones to lay the groundwork for any possible renewal.

The keys

CISA orders agencies to secure exposed network management interfaces within two weeks

The Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday ordered federal civilian agencies to patch exposed network management interfaces within two weeks or take them completely offline.

Zero Trust architecture — a security posture that assumes a network is always at risk of being hacked — must be implemented in the devices or they must be taken off the internet, according to a binding operational directive ordering federal entities to take action. It was issued following “recent threat campaigns” that “underscore the grave risk … posed by improperly configured network devices,” the agency said.

  • A network management interface “is defined as a dedicated device interface that is accessible over network protocols and is meant exclusively for authorized users to perform administrative activities on a device, a group of devices, or the network itself,” CISA says.
  • “Too often, threat actors are able to use network devices to gain unrestricted access to organizational networks, in turn leading to full-scale compromise,” CISA Director Jen Easterly said in a statement.
  • “While this Directive only applies to federal civilian agencies, as the threat extends to every sector, we urge all organizations to adopt this guidance,” the statement adds.

France accuses Russia of disinformation campaign across Europe

French authorities on Tuesday said they had identified a Russian foreign influence campaign targeting France and other European countries that has been “amplifying false information” since September, Benoit Berthelot reports for Bloomberg News.

“France’s foreign affairs minister, Catherine Colonna, said it involved the creation of fake web pages impersonating French media including 20 Minutes, Le Monde, Le Parisien and Le Figaro, and government sites, as well as the creation of fake accounts on social networks,” Berthelot writes.

  • The campaign involved Russian-speaking individuals, as well as Russian embassies, cultural institutions and companies, Colonna said.
  • It was used as an attempt “to undermine the conditions for peaceful democratic debate,” Colonna said. “France condemns these actions, which are unworthy of a permanent member of the United Nations Security Council,” she added.

Israeli committee approves judge-led probe into spyware case

An Israeli parliamentary committee on Tuesday approved a draft resolution that asks the government to investigate police use of spyware to investigate a murder, Michael Starr reports for the Jerusalem Post.

Israeli police allegedly used the spyware to intercept communications between computers while investigating a double murder case in the city of Haifa, according to evidence presented in a court last week. Prosecutors withdrew the evidence this month.

  • “The resolution called to investigate the use of illegally procured information by law enforcement and the State Attorney General. Further the draft said that there should be a review of how aware police officials and judges were of the spyware's capabilities during the software's procurement and the issuance of warrants from the court,” Starr writes.
  • It is the first time in Israel’s judicial history where such information was presented before a court as evidence.

Law Committee Chairman Simcha Rothman applauded the move.

  • “A year and a half after the event, there is no one who can say that there is no innocent person sitting in prison on the basis of information that was illegally obtained by this system,” he said, adding that a formal case has yet to be conducted into the matter.

The approval follows the recent establishment of a Knesset subcommittee to probe Israeli police use of Pegasus spyware against citizens.

Government scan

Hill happenings

Global cyberspace

Cyber insecurity

Encryption wars


Secure log off

Thanks for reading. See you tomorrow.

magnifier linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram