As far as what’s been publicly reported, Ukraine has to date fared much better in the face of Russian cyber incidents than initially expected before Moscow’s early February invasion. One reason for that, according to U.S. officials, is the early engagement of U.S. Cyber Command teams to assist.
Such efforts are part of Cyber Command’s broader operational concept of persistent engagement, which essentially boils down to being in constant contact with enemies to contest them through daily competition up through conflict. It also heavily involves working with partners to not only bolster their networks and security but also to gain insights on potential adversary actions as advanced intelligence to defend against.
“What we’ve learned over nine different hunt forward operations in 2021 is the fact that consistent engagement with a series of partner nations is really valuable,” Gen. Paul Nakasone, commander of Cyber Command and director of the National Security Agency, told the House Armed Services Committee on Tuesday.
Hunt forward teams are defensively oriented teams that physically deploy to foreign nations to search for threats on their networks at the invitation of host nations, helping to bolster their security and in turn, providing Cyber Command advanced notice of adversary tactics.
“We understand the networks, we understand the leadership, we understand what they care about most. Working with that in competition or crisis is much better than waiting until there’s a conflict. That’s what we’ve learned,” Nakasone said.
While declining to offer greater specifics in an open hearing, he told the committee that the command learned the value of deploying these types of teams early on and then working with the regional combatant command — in this case European Command — to ensure these experts go to the right places.
In his written testimony, Nakasone said these hunt forward teams sat side-by-side with partners to gain insights into threats. Since Russia’s invasion in February, Cyber Command has conducted additional hunt forward operations bolstering the resilience of Ukraine and other NATO allies, Nakasone said. This includes providing remote and analytic support to Ukraine and conducting network defense activities aligned to critical networks outside Ukraine.
“In terms of what the Russians decided to [do], I would anticipate that this was based upon a series of assumptions that they may have made, I think coupled with the defensive capabilities that we were able to work with a number of partners within Ukraine,” Nakasone told the Senate Armed Services Committee earlier Tuesday regarding why there haven’t been many publicly successful cyber incidents on the part of the Russians. “Thirdly, I think is just a realization that a lot of times these are very, very difficult attacks to be able to conduct.”
Cyber integration with combatant commands
Nakasone also touted the success new cyber planning cells are having within the combatant commands, particularly with European Command.
The cyber operations-integrated planning elements (CO-IPEs), as they’re known, were established in 2018 as a means of better integrating cyber operations into the overall planning process. In the past, cyber was typically considered after the fact and not integrated into the military planning like air, land or maritime operations.
Now, with these planning cells, cyber planners, not actual operators, are physically embedded within various staff sections at the combatant commands to provide expertise on how cyber can be incorporated to their operations.
“The feedback that I’m getting from the commanders is that they really value this type of integration,” Nakasone said, adding that in the case of European Command, they are able to provide the commander’s staff options for defensive and offensive action. “What that provides the commander, are people that really understand cyberspace, that understand how we do our operations, how we do our planning, how we do our execution.”
Others have also lauded the progress and success of these planning cells.
“It has proved 10 times over its weight in effectiveness with the COCOMs. It’s the only way to do business,” Vice Adm. Ross Myers, commander of the Navy’s Fleet Cyber Command/10th Fleet, said in a previous interview with FedScoop.