In its quest to convince Congress to reauthorize a digital surveillance tool by the end of this year, the Biden administration is increasingly looking to bolster its case by invoking cybersecurity.

At a Tuesday hearing of the Senate Judiciary Committee, Biden administration officials trotted out newly declassified details about how surveillance powers granted under what’s known as Section 702 helped ease the damage of one of the most notorious cyberattacks on the United States: the 2021 ransomware attack on Colonial Pipeline that sparked an East Coast fuel panic.

Those authorities helped identify the culprit behind the attack as well as claw back the majority of the ransom payment, said Matt Olsen, assistant attorney general for national security.

It was just one cyber case the administration presented in a sometimes contentious hearing. Section 702 is controversial because, as I wrote elsewhere on Tuesday, lawmakers from both parties are worried that spy agencies have used it to violate the privacy rights of Americans — both under the rules of 702 and via misuse.

In a joint written testimony from the Biden administration witnesses, the NSA, FBI and CIA all cited Section 702’s usefulness for cybersecurity.

Section 702 “is invaluable within our cyber program, as it counters malicious activity from adversaries such as China, Russia, Iran and North Korea, among others,” testified Paul Abbate, deputy director of the FBI.

Section 702 authorizes warrantless intelligence collection on foreign targets, some of whom may be communicating with Americans. And the FBI can access that database of communications using Americans’ identifiers, such as their names or email addresses, for foreign intelligence purposes or with evidence of a crime.

Whether the second bit should be allowed without a warrant is a big part of the debate for Congress. Biden administration officials oppose such a requirement and cited cyber examples as instances where quickly accessing the database with U.S. people’s information helped cybersecurity investigations.

The FBI was investigating a cyberattack against a critical infrastructure target in the United States, and used Section 702 powers to query the database with Americans’ identifiers, said Matt Olsen, assistant attorney general for national security. Doing so helped the FBI figure out Chinese hackers were behind the attack, he said. Olsen didn’t say when the attack happened, or against whom.

In another case, the deputy director of the National Security Agency, George Barnes, said Section 702 collection “identified an Iranian ransomware attack against an American nonprofit, and the data we acquired provided the U.S. government with information needed to mitigate the damage and recover the victim organization’s data without resorting to ransom payments.”

Like Olsen, Barnes didn’t provide specific details about when the attack happened or against whom. Senior administration officials who spoke on the condition of anonymity to speak more candidly on the cases said they still needed to keep some details classified to avoid tipping off adversaries to U.S. capabilities. Lawmakers, though, would have more access to those details, the official said.

Tuesday’s hearing wasn’t the first time Biden administration officials have invoked cybersecurity when pressing their case to renew Section 702. An unnamed FBI senior adviser told Tonya Riley at CyberScoop in a story this month that cybersecurity accounts for “about half” or a “plurality” of Section 702 database searches.

Try as they might, though, Biden administration officials didn’t seem to fully win over senators on Tuesday. Many senators expressed at least some interest in renewing Section 702 — but often not in a way that the administration would like.

“I will only support the reauthorization of Section 702 if there are significant, significant reforms,” said Senate Judiciary Chairman Richard J. Durbin (D-Ill.). “And that means first and foremost, addressing the warrantless surveillance of Americans in violation of the Fourth Amendment.”

The FBI made procedural changes in 2021 and 2022 intended to reduce the number of U.S. person database queries, and to prevent misuse like the kind found in recently unsealed court documents, Abbate testified.

In response to the administration signaling it wouldn’t oppose codifying the FBI’s procedural changes to make them a matter of law rather than just administration policy, Durbin didn’t sound impressed.

“If the reforms that you’ve mentioned in 2021 are the only reforms that you’re bringing to the committee as we discuss the future of 702, I’ve got to see more,” Durbin said.

But Durbin did say he would work to bridge the gap between Congress’ deep skeptics of Section 702 and those who favor only smaller changes. And his committee is one of the key ones to lay the groundwork for any possible renewal.

The Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday ordered federal civilian agencies to patch exposed network management interfaces within two weeks or take them completely offline.

Zero Trust architecture — a security posture that assumes a network is always at risk of being hacked — must be implemented in the devices or they must be taken off the internet, according to a binding operational directive ordering federal entities to take action. It was issued following “recent threat campaigns” that “underscore the grave risk … posed by improperly configured network devices,” the agency said.

French authorities on Tuesday said they had identified a Russian foreign influence campaign targeting France and other European countries that has been “amplifying false information” since September, Benoit Berthelot reports for Bloomberg News.

“France’s foreign affairs minister, Catherine Colonna, said it involved the creation of fake web pages impersonating French media including 20 Minutes, Le Monde, Le Parisien and Le Figaro, and government sites, as well as the creation of fake accounts on social networks,” Berthelot writes.

An Israeli parliamentary committee on Tuesday approved a draft resolution that asks the government to investigate police use of spyware to investigate a murder, Michael Starr reports for the Jerusalem Post.

Israeli police allegedly used the spyware to intercept communications between computers while investigating a double murder case in the city of Haifa, according to evidence presented in a court last week. Prosecutors withdrew the evidence this month.

Law Committee Chairman Simcha Rothman applauded the move.

The approval follows the recent establishment of a Knesset subcommittee to probe Israeli police use of Pegasus spyware against citizens.

Thanks for reading. See you tomorrow.