U.S. Cyber Command has created a collaborative program with the private sector to share insights and information about critical cyber threats in an effort to further bolster national cybersecurity.
The program, dubbed “Under Advisement,” involves members of the command’s elite cyber national mission force (CNMF) — which is responsible for tracking and disrupting specific nation-state adversaries — sitting in chat rooms and disclosing threats with the cybersecurity sector, officials have said.
These military personnel use their real names for the sake of transparency and actually talk to members of the private sector.
“They are technical experts that can actually talk to people. They sit in private chats, elite invite-only industry forums, all in full name and with full transparent attribution,” Maj. Gen. William Hartman, commander of the cyber national mission force, said Wednesday during a speech at the Vanderbilt University Summit on Modern Conflict and Emerging Threats. “If you see something in the news about a cyber incident, you can bet one of them got a call about 1am the night before and have been exchanging unclassified information with cybersecurity experts as rapidly as possible.”
These chats occur on Signal and other trusted cybersecurity forums, Holly Baroody, deputy to the commander of the cyber national mission force, said in an event hosted by AFCEA April 20.
“When I first arrived to CNMF, I said what can we share with them? A lot of what we do is classified. But it turns out, we can share a lot. We’re fighting the same bad actors that industry is fighting,” she said. “When we identify a foreign threat and we’re able to share that with industry, then they share information back, our cyber experts are able to enrich that data and feed it back into industry. This bi-directional sharing of threat information both enables our operations to go after those foreign cyber actors in foreign space and enables homeland network defense.”
Much of cyberspace and cybersecurity is a symbiotic relationship. Threats that affect one affect all, and many have referred to cyber as the ultimate team sport.
“If you have information about a threat to your network, it’s a threat to everyone’s network … If we share information with each other, we can reduce vulnerabilities and we can stop many attacks before they ever occur,” Hartman said. “Not only does it help [the Department of Defense] defend our networks, but enables industry partners where we’re able to enrich their data with our expertise and share information back with those partners who can see and do things on their platforms and in their networks that we can’t.”
As of press time, Cyber Command hadn’t responded to FedScoop about when the program began and why it was needed.
For many years following the creation of Cybercom, the DOD faced problems with how to use its new cyber force to protect the nation from the barrage of cyber intrusions and breaches that it faced.
Historically it was clear the Pentagon would defend against a missile strike on a U.S. entity, for example. However, given the pervasiveness of cyber activities throughout society and given that most networks are not owned by the government, the DoD’s role in protecting the nation from foreign cyberthreats was less clear.
Through streamlined authorities and new operating concepts, Cyber Command articulated an ability to operate outside the country to defeat adversary cyber advances before they reached U.S. soil.
“From an offensive standpoint, we take everything we learn about our adversaries and turn that into offensive action to actively pursue our adversaries in foreign cyberspace,” Baroody said. “We go after their infrastructure, we go after their capabilities. Frankly, we go after anything in their ecosystem that makes them effective at attacking the United States. We take actions to disrupt, degrade and deny their operations. This combined defensive and offensive approach imposes costs on our adversaries by taking time, money and resources away from them [and] making it harder for them to do their job.”
The cyber national mission force has disclosed over 90 malware samples of adversaries on public forums through so-called hunt-forward operations, which involve physically sending defensively-oriented cyber protection teams from the CNMF to foreign nations to hunt for threats on their networks at the invitation of host nations. Disclosing malware not only allows companies to patch against threats, but takes those tools away from adversaries.
The Under Advisement program is another example of Cyber Command using its unique abilities and expertise to lend a hand to efforts to bolster national security.