WASHINGTON — A task force with the Pentagon’s elite Cyber National Mission Force focuses on defending critical military infrastructure.

U.S. Cyber Command established the Emerging Threats Task Force in a 2018 reorganization of the CNMF, and a spokesperson recently shared information about the task force’s focus in response to a C4ISRNET inquiry.

The CNMF is responsible for tracking and disrupting specific nation-state actors in foreign cyberspace in defense of the nation. These teams are separate from those that support specific combatant commands. It is the only cyber force within Cyber Command that essentially conducts offensive and defensive operations, though Cyber Command describes both as defensive operations — one focused on internal networks and the other on preemptive activity in foreign cyberspace against a potential threat. This allows the teams to pivot faster when a threat or vulnerability is discovered, officials have said.

“The proactive posture of U.S. Cyber Command means we focus on foreign malicious activity, even prior to attribution of malicious cyber activity to a nation-state or region,” a Cyber Command spokesperson said.

Officials noted that when the Cyber National Mission Force was first created with four regionally aligned task forces, that delayed allocating missions until activities could be attributed to nation-states.

“[T]he ‘Emerging Threats’ task force, is adversary-agnostic and staffed with experts in infrastructure vulnerabilities and threats. Attribution of malicious cyber activity is often difficult and having a force that addresses emerging threats in an adversary-agnostic manner allows the CNMF to pivot quickly to threats as they occur,” Lt. Gen. Timothy Haugh, commander of 16th Air Force and former commander of the Cyber National Mission Force, wrote in essay published by the Navy War College in late 2020. The article, with coauthors who also served on the CNMF, focused on Cyber Command’s 10-year anniversary.

“Emerging Threats leads the CNMF’s response to malicious activity until task force analysts (working closely with partner organizations) attribute the activity to a threat actor and hand off responsibility to the appropriate regionally focused task force,” Haugh and his co-authors wrote.

The task force also serves as the “focal point” for interagency partnership and collaboration with the private sector, the article said, noting that the team’s worldwide scope makes it an agile organization suited to face emerging threats.

It was created by reallocating teams within the CNMF, the spokesperson said, and was a moderate change for the CNMF teams to support a non-regionally aligned mission. The task force brings in groups of experts to address foreign emerging threats and can also contribute to a larger community if needed.

Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.

More In Cyber