US Cyber Command shored up nine nations' defenses last year
'Hunt forward' operations push US capabilities across borders
US Cyber Command chief General Paul Nakasone has revealed the agency he leads conducted nine "hunt forward" operations last year, sending teams to different counties to help them improve their defensive security posture and hunt for cyberthreats.
These missions provide "security for our nation in cyberspace," said Nakasone, who is also director of the National Security Agency, during a Summit on Modern Conflict and Emerging Threats at Vanderbilt University. "It provides an inoculation of these threats, and it provides a partnership with a nation that has asked us for assistance."
Such missions are a win-win for both participating governments, he said. The foreign countries benefit from US cybersecurity tools and threat intel, and US Cyber Command gets to put sensors on these nation's networks, which gives the military better visibility into threats beyond America's border.
The agency's first hunt-forward exercise sent a Cyber Command team to Ukraine in 2018 with the goal to "understand what our adversaries are doing, being able to capture that and then being able to share it," Nakasone said.
The adversary was presumably Russia, and as soon as the security analysts got off the plane in Kyiv, they were greeted by the California Army National Guard, which had already been partnering with Ukraine since 1993.
These types of information-sharing partnerships illustrate the importance of engaging with allied nations to win current and future conflicts: "The idea that we're going to enable and act," Nakasone said. "Enable our partners with information, sharing of tradecraft, and then act when authorized — defensively, offensively, and informationally."
But they also point to the "trans-border" nature of cyber threats, and how that influences decisions on how and to collect intelligence and information, and how and where conflicts play out.
- Five Eyes nations fear wave of Russian attacks against critical infrastructure
- Threat group builds custom malware to attack industrial systems
- Feds offer big rewards for info on suspected Russian Sandworm intel officers
- Cyber-spies target Microsoft Exchange to steal M&A info
Case in point: the current illegal invasion of Ukraine, which has involved a horrible and bloody ground invasion and bombing campaign. Conflict has also occurred in cyberspace, as Kremlin-sponsored groups have deployed at least six destructive instances of wiper malware against Ukrainian organizations and infrastructure. And according to Western governments' cybersecurity agencies, Putin's goons are looking to expand their cyberattacks to US and its allies' critical infrastructure.
While battlegrounds used to be land, air, and sea, "now it's certainly space and cyberspace," Nakasone said. "And if you think about space and cyberspace, it's no longer the purview of any one nation, any one government, but a multitude of actors, including the commercial sector."
Quickly marshalling defenses against both cyber and physical threats also requires tools like big data, AI and machine learning, he added.
"In the environment that we are today, we no longer can rely on forward operating bases' ability to provide ground centers, or the ability to use airborne intelligence surveillance and reconnaissance," Nakasone opined.
"We will rely on cyber operations and space for most of our intelligence collection and critical key insights of our adversaries." ®