US Cyber Command chief General Paul Nakasone said has revealed the agency he leads conducted nine “hunt forward” operations last year, sending teams to different counties to help them improve their defensive security posture and hunt for cyberthreats.
These missions provide “security for our nation in cyberspace,” said Nakasone, who is also director of the National Security Agency, during a Summit on Modern Conflict and Emerging Threats at Vanderbilt University. “It provides an inoculation of these threats, and it provides a partnership with a nation that has asked us for assistance.”
Such missions are a win-win for both participating governments, he said. The foreign countries benefit from US cybersecurity tools and threat intel, and US Cyber Command gets to put sensors on these nation’s networks, which gives the military better visibility into threats beyond America’s border.
The agency’s first hunt-forward exercise sent a Cyber Command team to Ukraine in 2018 with the goal to “understand what our adversaries are doing, being able to capture that and then being able to share it,” Nakasone said.
The adversary was presumably Russia, and as soon as the security analysts got off the plane in Kyiv, they were greeted by the California Army National Guard, which had already been partnering with Ukraine since 1993.
These types of information-sharing partnerships illustrate the importance of engaging with allied nations to win current and future conflicts: “The idea that we’re going to enable and act,” Nakasone said. “Enable our partners with information, sharing of tradecraft, and then act when authorized — defensively, offensively, and informationally.”
But they also point to the “trans-border” nature of cyber threats, and how that influences decisions on how and to collect intelligence and information, and how and where conflicts play out.
Case in point: the current illegal invasion of Ukraine, which has involved a horrible and bloody ground invasion and bombing campaign. Conflict has also occurred in cyberspace, as Kremlin-sponsored groups have deployed at least six destructive instances of wiper malware against Ukrainian organizations and infrastructure. And according to Western governments’ cybersecurity agencies, Putin’s goons are looking to expand their cyberattacks to US and its allies’ critical infrastructure.
While battlegrounds used to be land, air, and sea, “now it’s certainly space and cyberspace,” Nakasone said. “And if you think about space and cyberspace, it’s no longer the purview of any one nation, any one government, but a multitude of actors, including the commercial sector.”
Quickly marshalling defenses against both cyber and physical threats also requires tools like big data, AI and machine learning, he added.
“In the environment that we are today, we no longer can rely on forward operating bases’ ability to provide ground centers, or the ability to use airborne intelligence surveillance and reconnaissance,” Nakasone opined.
“We will rely on cyber operations and space for most of our intelligence collection and critical key insights of our adversaries.” ®