Collective Defense: A U.S. Cyber Command Perspective

LT. GEN. CHARLES MOORE, DEPUTY COMMANDER OF U.S. CYBER COMMAND

In November 2020, more than 158 million Americans voted in our national elections. Because voting is so foundational to our democratic republic, Americans must have confidence that our election processes and outcomes are free of foreign interference and that covert foreign attempts to influence voters are mitigated. Four years earlier, malicious cyber actors sought to influence voters using operations in cyberspace.

LT. GEN. CHARLES MOORE

Determined to prevent similar activities during the 2018 and 2020 national elections, agencies across the U.S. government established a cross-functional and collaborative team to identify threats, share information and coordinate actions. These agencies included the Cybersecurity and Infrastructure Security Agency, Federal Bureau of Investigation, National Security Agency, and United States Cyber Command (USCYBERCOM).

Additionally, the team worked closely with allied nations and industry partners to advance its efforts. This is an example of the type of collective defense required to safeguard our democratic processes and nation as a whole.  

To defend our nation in cyberspace, USCYBERCOM executes a “defend forward” strategic and operational approach. Because of the inherent global nature of the cyberspace domain, the majority of threats to our nation originate in foreign cyberspace, also known as red space. Combating 21st century threats requires speed and agility — and partnerships — to seek and locate adversaries in red space before they can harm U.S. and allied data systems, weapon systems and networks. 

Simply put, we want to take out the archer rather than dodge the arrows. The intelligence gathered during our operations is also shared across agencies and with partners and allies to develop a common situational awareness of possible threats, advance unity of effort, and enable an integrated and synchronized response. 

Similar to our efforts in other warfighting domains, unity is critical to our success in cyberspace, and partnerships are essential part of that endeavor. It is not surprising, therefore, that partnership is a critical component of the U.S. National Defense Strategy and USCYBERCOM’s strategic approach. Because cyberspace cuts across all aspects of modern society, defending it has been referred to as the “ultimate team sport.” It is essential that we develop, advance and mature our partnerships across the government to include allies, industry, and academia into persistent and collaborative efforts. 

One way USCYBERCOM is developing partnerships under the framework of collective defense is by using hunt forward operations (HFOs). At the invitation of a partner country, we deploy teams of skilled cyber warriors who specialize in hunting malicious cyber activities on partner networks. As part of this effort, our cyber teams gather valuable intelligence and identify potential threats to our own networks while simultaneously enabling the host nation to improve its network defense and resilience. 

At the conclusion of each HFO, the team sends the host nation a report on its vulnerabilities as well as strategies to prevent hacking on its networks. The information the team gathers about adversary tactics, techniques and procedures (TTPs), as well as evidence of malware attempting to compromise systems, is also shared with the global cybersecurity enterprise. In some instances, HFOs yield malware samples that USCYBERCOM can publicly disclose so that domestic and allied networks may better defend against future compromises. HFOs began in 2018 as part of our election defense efforts and now are conducted around the globe. 

An additional way to improve our partnerships for collective defense is through exercises to develop interoperability and readiness. As with any military operation, it is important that allied and partner countries continuously train together to become familiar with each other’s strengths, weaknesses and TTPs. Our goal is to operate together seamlessly.

In November 2021, USCYBERCOM hosted its largest combined and multinational cyber exercise to date, Cyber Flag 21-1. This series of exercises tests and enhances the defensive skills and capabilities of more than 200 cyber warriors from 23 countries by exposing them to a challenging cyberspace scenario. With these exercises, we are honing the coalition qualities necessary — speed, precision, agility and unity of effort — to defend our nations collectively. 

Adequate defense in cyberspace also requires a close partnership with private industry. USCYBERCOM interacts with private industry through two primary programs: Under Advisement and Dreamport. Under Advisement is an overt, voluntary and mutually beneficial private sector information sharing program. Dreamport is an unclassified innovation center that allows USCYBERCOM to interact with members of industry and academia to share ideas and provide innovative solutions to cybersecurity problems. Both programs directly contribute to USCYBERCOM’s ability to defend our nation in cyberspace and continue to grow in scope and scale.

Dreamport is just one of the ways USCYBERCOM capitalizes on our partnerships with academia. The command recently established a formal Academic Engagement Network with 91 institutions. The network will enable collaboration on innovative solutions to technical challenges and new analytic insights about malicious cyber actors, supporting our collective defense efforts. The network will also improve workforce recruiting by highlighting opportunities for students to serve in exciting military and civilian cybersecurity careers. 

Ultimately, the ability to defend the U.S. Department of Defense’s networks and our nation as a whole against malicious cyber actors requires a collective approach. This collective approach requires close partnerships among governmental agencies, our allies, industry and academia.

Our ability to share information seamlessly and rapidly, persistently train and conduct operations together, and develop innovative approaches to all our cybersecurity challenges is vital to our ability to successfully execute our mission of cybersecurity and defense in the 21st century.  

Comments are closed.