Lawmakers question DOJ’s National Security Division on cybersecurity, surveillance
The House Judiciary Committee raised concerns over three hostile foreign actors that breached court systems in early 2020, in addition to questions about the surveillance of Americans.
The House Committee on the Judiciary held a hearing on Thursday to discuss how the Department of Justice’s National Security Division is addressing threats to the nation, including a 2020 cybersecurity breach that impacted pending litigation.
Matthew G. Olsen, assistant attorney general for national security at the U.S. Department of Justice, noted that the NSD has a wide range of tasks and responsibilities, including prosecuting terrorists and spies, protecting against cyber attacks and enforcing export controls and sanctions laws, among other things.
Committee Chairman Jerry Nadler, D-N.Y., noted that on January 6, 2021, the Administrative Office of the U.S. Courts released a public statement about an early 2020 cybersecurity breach, which came from three hostile foreign actors. This breach was not related to the SolarWinds hack, which occurred around the same time. The committee first learned about the breadth and scope of the courts’ breach and system failure in March 2022, according to the chairman. This failure purportedly affected pending litigation on national security and intelligence matters.
“The threat we face from cyber-enabled attacks, whether that’s to the government and public sector—including Congress—and to the private sector, is one of the most significant threats we face,” Olsen said.
Olsen stated that NSD is focused on nation-state attacks that can come from countries like China, Russia, Iran and North Korea. He was unable to speak about the specifics of the cases impacted by the breach, but stated that it was a significant concern because of the nature of the cases.
Olsen assured the committee that the NSD is working to resolve this issue.
While Olsen did not specifically say if NSD performed an internal audit to see if it was also affected by the hostile actors, he said that cybersecurity is an ongoing effort.
“The challenge when it comes to the sophisticated nation-state type activity that we see in cyber is significant,” Olsen said. “It’s very difficult to ever be in a position to say that any system is 100% safe when it comes to sophisticated nation-states that seek to obtain persistent access to these systems.”
He added that NSD will keep Congress updated on the court’s breach.
Additionally, Rep. Zoe Lofgren, D-Calif., questioned Olsen about the surveillance of Americans’ emails, particularly in relation to Section 702 of the Foreign Intelligence Surveillance Act. She noted that this was performed using the personal identifiers of Americans, like name and phone number, approximately 3.4 million times from December 2020 and November 2021.
Section 702 enables the government to perform targeted surveillance only on non-U.S. persons located abroad without obtaining a court order. It cannot be used on U.S. citizens or those living in the U.S. Lofgren highlighted the lack of warrants in this process.
Olsen noted that at his confirmation, he indicated that it is a priority to “ensure that Congress and the American people have confidence in our use of intelligence tools such as FISA.” He added that it is “an indispensable tool to go after spies, terrorists and hackers.”
Olsen noted that the issue of compliance is a concern, and the DOJ has taken numerous steps to improve compliance, such as system changes and trainings.
Lofgren doubled down on the issue of warrantless search and the unlawful surveillance of Americans, stating that assurance of compliance is not enough.
Olsen claimed that the information is lawfully collected on non-U.S. persons and the FBI is then able to search the data. He stated that NSD is prepared to brief Congress about this issue, particularly as Section 702 is set to expire next year.