Earlier this week in an interview with UK media outlet SkyNews, General Paul Nakasone, Director of NSA and head of Cyber Command confirmed that the United States has “conducted a series of operations” as a direct result of Russia’s invasion of Ukraine. The general presented the keynote address at the CyCon international cyber conflict conference in Tallinn, Estonia, and his comments were made on the margins of the conference.
Good offensive proves to be a good defense
In December 2021, Nakasone, within the context of cybercriminals, specifically those associated with ransomware, was quoted in a New York Times interview saying “government is taking a more aggressive, better-coordinated approach against this threat, abandoning its previous hands-off stance.” The month prior Lt. General Charles L. Moore, Jr., who is the deputy of Cyber Command, said “Since 2018, we have expanded our ‘hunt forward’ operations to all major adversaries.” He explained how U.S. Cyber Command intends to get inside the adversary’s networks and “identify and potentially neutralize attacks on the U.S.”
The openness within the intelligence community, lead by the Office of the Director of National Intelligence, has taken the “ultra-secretive” and moved it to a more visible position. We saw it when the White House shared intelligence on the plans and intentions of Russia leading up to the February 24 invasion of Ukraine.
With that as the backdrop, it should surprise no one that the United States is actively engaged in support of Ukraine’s cyber activities and are full partners with respect to some of the operations. Indeed, the acknowledgment of how the intelligence pipes are wide open in support of Ukraine has been confirmed numerous times by the U.S. Department of Defense. Thus, one should view Nakasone’s comments as a means to inform the world, and specifically Russia, that the U.S. is engaged.
During the interview he mentioned the depth of the Russian cyber offensive against the Ukraine, and the Ukrainian government process. Nakasone continued, “We’ve conducted a series of operations across the full spectrum; offensive, defensive, [and] information operations.” which is consistent with the Cyber Command doctrine of “hunt forward.” Thus, while the aforementioned may be a surprise to some, the actions of the Cyber Command are lawful and in support of policy determined by the Department of Defense. He added how his entity is subject to civilian oversight, just like any other military entity. He closed with, “My job is to provide a series of options to the secretary of defense and the president, and so that’s what I do.”
Hunt Forward
In May 2022, the Cyber Command publicly shared their Lithuanian invitation to deploy a hunt forward team to work in partnership with Lithuanian entities. The Cyber National Mission Force (CNMF) commander, U.S. Army Major General Joe Hartman characterized the activity as, “This hunt forward operation (HFO) is a great example of how cyber is a team sport, and we have to play it together. With these missions, we see a broader scope of how these bad actors are trying to attack important government networks.”
As of May 2022, the CNMF has conducted 28 HFOs undertaken across the globe in 16 countries, including, Estonia, Lithuania, Montenegro, North Macedonia and Ukraine. We should expect more HFO’s across NATO countries and beyond, as the United States works to fully understand Russian offensive cyber capabilities as they have morphed over the past six to nine months as Russia unleashed their cyber capabilities and now find themselves the target of Ukraine and other nation’s own capabilities. As noted, 16 nations have had their government’s cyber capabilities enhanced by HFO and coordination with Nakasone’s Cyber Command.