Cyber Command Finishes its First ‘Hunt Forward’ Operation in Latin America

The U.S. Cyber Command this month completed its first mission to detect adversaries operating on partner networks in the U.S. Southern Command’s jurisdiction and expand its overseas defensive cyber operations.

Cyber Command, which runs the military’s defensive and offensive cyber operations, has conducted over two dozen so-called “hunt forward operations” where cyber specialists deploy to partner nations to monitor adversary activity in foreign cyberspace. These operations are meant to both strengthen the defenses of shared networks around the globe and provide greater insight into adversary activity to improve the Defense Department’s cyber posture.

“We had our first … hunt-forward mission in SOUTHCOM just recently, which is amazing,” Brig. Gen. Reid Novotny, special assistant to the director Air National Guard for U.S. Cyber Command, J5, said at the Potomac Officers Club Cyber Summit this month. “The whole point of the defense-forward mission is to learn something on someone else’s network, a partner network, another nation’s networks, so we can bring back that information and make sure our networks are more secure.”

Novotny did not say which country the cyber specialists deployed for the hunt forward operation. SOUTHCOM covers 31 countries, 12 dependencies and areas of special sovereignty, specifically the land mass of Latin America south of Mexico, the waters next to Central and South America and the Caribbean Sea.

While abroad, expert teams help partners detect malicious activity on their government and military networks. The information gathered during hunt-forward operations is then shared with the host nation, the broader DOD community, the Department of Homeland Security, the Federal Bureau of Investigation and private industry.

Over the past several years, Cyber Command sent teams to Europe to help identify tools that Russian hackers use to break into partner systems and to Asia and the Middle East to help identify Chinese and Iranian hacking tactics.

Last month, a cyber team returned from a three-month-long hunt-forward operation in Latvia to work with the Canadian Armed Forces and the Information Security Incident Response Institution of the Republic of Latvia on identifying cyber threats posed to the Latvian critical infrastructure. Latvia is one of the most targeted states in the European Union from Russian hacking teams.

“Adversaries often use spaces outside the U.S. as a testbed for cyber tactics, which they may use later to access U.S. networks, but with our hunt-forward missions, we can deploy a team of talented people to work with our partners, find that activity before it harms the U.S. and better posture the partner to harden critical systems against bad actors who threaten us all,” Army Maj. Gen. William J. Hartman, commander of Cyber National Mission Force, said in a statement.