U.S. Cyber Command is gaining important insights into malware and adversarial actors by working with partner nations to help secure their systems, according to a top official.
“We’re also working with our partners, participating in defending U.S. critical infrastructure from malicious cyber activity,” David Luber, executive director of Cyber Command, said at CyberCon 2019. “That’s where we have a chance to see what our adversaries are doing in cyberspace because we now have the authority under the National Defense Authorization Act 2019 to operate outside the DoD networks to help our allies defend forward. That’s a big difference, because in the past the DoD could only operate in its own networks. But, when invited by our allies, we can now work and help defend inside of their networks.”
This action is what the Department of Defense calls “defending forward,” or getting as close to adversaries as possible to see what they’re planning as a means of informing others to prepare or take action themselves.
“We’re seeing some very interesting malware and other activities when we conduct some of those defend-forward missions,” Luber said. “Then we take that information and we share that broadly with industry and the rest of the government.”
Moreover, Luber added, part of Cyber Command’s goal is to make sure they have the opportunity to be in foreign cyberspace to be able to conduct operations to counter threats.
In cases in which Cyber Command defensive teams were invited to help defend networks of other nations, such as Macedonia, Ukraine and Montenegro, the command learned a lot about malware.
“They invited us in to work with them within their networks in a defensive role and then we gleaned some tremendous insights into advanced persistent threats and malware and were able to bring that to the world through publishing on websites,” he said.
Additionally, Luber emphasized, the importance of constantly sharing information between government and industry was shown throughout operations to help defend the 2018 midterm election.
“By streamlining some of those policy issues by working closely with DHS and FBI, we were able to get indicators of compromise directly down to industry very quickly,” he said.
Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.