Cybercom conducts wide-ranging global defensive operation

The operation was intended to search for malicious activity on the network and improve collaboration with partners.
Army Cyber Command, Cyber Flag 2019
Participants in the Army's Cyber Flag exercise in Suffolk, Virginia, in June 2019. (U.S. Cyber Command photo)

U.S. Cyber Command recently conducted a wide-ranging defensive cyber operation across several organizations with the goal of improving its interoperability with partners and bolstering network defense.

The global operation, which took place during the Oct. 3-14 timeframe, looked for potential malware on internal networks and was intended to improve processes and identify current defensive best practices to further integrate across various Department of Defense networks, a spokesperson said.

Cybercom took the lead working alongside combatant and component commands as well as interagency, international industry and academic partners, the spokesperson said.

The operation was described as a continuous effort as part of Cybercom and DOD’s push to be vigilant in identifying malicious cyber activities, strengthen capabilities and enhance the consistency of information sharing with partners.


Cybercom started the operation by looking for publicly known malware, which allows operators to improve processes and coordination and share insights.

“Under this framework, the operation was a continuous activity designed to strengthen the resiliency of the Department of Defense Information Network (DODIN) and other supporting systems,” Navy Rear Adm. Matthew Paradise, deputy director for operations, J-3, at Cybercom said in a release. “Defensive Cyberspace Operations helps CYBERCOM meet its mission responsibilities by enabling and improving mission assurance of the joint force, as well as our allies and partners, by maintaining reliable and defensible networks.”

Officials were careful to note that the operation was not indicative of a new concept, but rather a new implementation of defensive cyber operations.

Cybercom has a dedicated cadre of defensive cyber teams — which act more like digital SWAT teams that come in as opposed to the local network owners — to actively hunt on the network for malicious activity and respond to breaches to kick out intruders.

These cyber protection teams, which make up the majority of Cybercom’s personnel and teams, assist combatant commands and the services to help defend their networks against threats. Additionally, there are cyber protection teams that work to defend the nation from significant cyber activity as well as teams assigned to Joint Force Headquarters-DODIN, which is responsible for operating and defending the DODIN globally.

Latest Podcasts