WASHINGTON — Although US Cyber Command is encouraged by how information sharing between the public and private sector is evolving, more work needs to be done, specifically when it comes to preparing for offensive and defensive operations, CYBERCOM’s highest ranking civilian said today.
“What we need from…the private sector is early warning, essentially, if they see anomalies that we need to know about so that we can prepare to conduct an offensive operation or conduct defense of DoD’s networks,” David Frederick, CYBERCOM”s executive director, said today at the Billington Cybersecurity Summit. “Valuable information can be gained by the private sector. And on the flip side, we have a lot of information to offer.”
Frederick added that he’s “very encouraged” in the direction both the federal government and private sector are heading in, but challenges remain. If a cyber attack were to hit the US, the cyber defenders that are “in the trenches is largely the private sector,” so building a partnership in cyber defense and resiliency remains a focus of CYBERCOM.
“I think we can do a lot more,” he said. “And we’ve got to work out how to collaboratively engage on these really important targets at scale.”
When it comes to ransomware attacks, CYBERCOM has to step up its game, and attacks like Colonial Pipeline showed people how quickly national security can be affected, Frederick said. He pointed to a task force within the agency’s Cyber National Mission Force that is tracking “major ransomware actors” every day and CYBERCOM’s close relationship with the intelligence community and FBI’s cyber division.
Along with fostering domestic collaboration, CYBERCOM is also prioritizing developing international partnerships and supporting other geographic COCOMs, like US European Command and US Pacific Command. Frederick pointed to a recent cooperation agreement made with the Republic of Korea’s Ministry of National Defense and how CYBERCOM “joined hands” with Ukraine in the run up to the invasion as it started to see indications that Russia might invade.
He added that CYBERCOM, for the first time since its inception, just recently concluded a “hunt forward” operation with Croatia. According to an Aug. 18 CYBERCOM press release, the “hunt forward” operation, which is “aimed at proactively bolstering defenses in the US and disrupting malicious cyber activity in US infrastructure,” included a team of defensive cyber operators deployed to Croatia to look for malicious cyber activity on partner networks.
Frederick said those operations are done to enable CYBERCOM to better understand how cyber actors are evolving, “and from there, we’re then able to take that information and share it back and strengthen domestic defense in the United States.”
According to the press release, as of August this year, the Cyber National Mission Force has conducted 35 hunt forward operations in 18 countries on more than 50 foreign networks.