U.S. Cyber Command’s elite Cyber National Mission Force has sought to use its unique authorities to bolster the cybersecurity of the broader commercial ecosystem.
Through a pair of initiatives, the Pentagon’s digital warriors have worked to share significant indicators of compromise to improve the defensive posture of the private sector.
The first, a program dubbed “under advisement,” involves members of the CNMF sitting in unclassified spaces and chat rooms and disclosing threats with the cybersecurity sector. The CNMF, now a sub-unified command under Cybercom, is tasked with defending the nation from malicious activity.
Just in the past year, that program has shared well over 100 indicators of malware.
Using its unique authorities to act outside U.S. borders, Cybercom is able to discover malware through overseas operations and provide advance warning to others.
“In this past year alone, Cyber Command has collaborated with 22 private sector partners to pass 149 unique indicators of malicious cyber activity,” Holly Baroody, executive director of Cybercom, said Thursday during a presentation at the HammerCon conference, hosted by the Military Cyber Professionals Association. “We’ll continue to grow our partnerships with the private sector building off of our authorities granted to us by Congress and in recognition that cyber is a team sport and [a] threat to one is a threat to all.”
She added that in the past, the under-advisement program was able to share suspicious IPs with Microsoft, uncovering thousands of potential victims.
The second initiative is the so-called hunt-forward concept, which involves physically sending defensively oriented cyber protection teams from the CNMF to foreign countries to search for threats on their networks at the invitation of host nations. These operations not only improve the defense for that partner nation, but also the U.S. and broader cybersecurity community as malicious activities are detected and addressed.
They also feed into the under-advisement efforts.
“A threat to the Ukrainians from Russia is a threat to all of us. A threat anywhere in this [Indo-Pacific] theater from China is generally a threat to all of us. The ability to share is fundamentally important,” Maj. Gen. William Hartman, commander of the CNMF, said Wednesday during a presentation at the LANPAC conference hosted by the Association of the United States Army.
“As the [Russian] invasion kicked off [last year], we started to see a number of U.S. private companies reach out and want to provide assistance to Ukraine. What we were able to do is essentially provide an ability to triage data that was provided by U.S. private industry and then help facilitate the passage to the Ukrainians — because they were simply overloaded from an ability to communicate with the various partners that wanted to help them, whether it was the Cyber National Mission Force, whether it was other U.S. government agencies, whether it was NATO partners, whether it was the European Union — and our ability to take that information, triage it, analyze it and say, ‘Hey, these are the vulnerabilities that that you need to be most concerned about,’” Hartman said.
While the American hunt-forward team left Ukraine days before Russia invaded, Hartman said they continue to share information about threats.
“Today, we have shared over 5,000 indicators of compromise either from Ukraine to us or from us back to Ukraine, in order to do everything we can to ensure that the United States, our partners and allies are protected against what the Russians are doing in Ukraine, but also to ensure that the Ukrainians networks are as difficult as possible for the Russians to continue to attack and exploit,” he said.