CYBERCOM Takes Offensive Stance on Cyber Readiness with Hunt Forward Operations

U.S. Cyber Command is broadening its scope of the international cyber threat landscape through its Hunt Forward Operations (HFOs) — an effort to collaborate with foreign allies by sending cyber teams that will search for adversaries operating on partner networks.

CYBERCOM has been taking greater strides to improve training techniques, as well as cyber mission team development to strengthen the homeland from significant malware attacks. While the command leverages both defensive and offensive authorities to meet these goals, HFOs allow the Defense Department to lean into offensive tactics more heavily, HFO Executive Director Dave Frederick said during a Billington Cybersecurity fireside chat Monday.

“The goal is to understand what our adversaries are doing in foreign cyber space,” Frederick said. “It enables the partner nations to strengthen the defenses of their networks, and we gain unique insights into adversary malware which we bring home and inform DOD and the private sector.”

Frederick also noted some of the various forms of insight that HFOs have provided for DOD and its partners so far.

“We’re able to share the indicators of compromise, new samples of malware that we discovered from Hunt Forward with the broader cybersecurity community, and then they’re able to build can build signatures to detect that malware and disrupt adversary operations targeting the U.S.,” he explained.

While CYBERCOM is leaning into international allies through HFOs, which initiated in 2018, Frederick noted that interagency partnerships, such as the ones between his agency at the National Security Agency, also play a significant role in advancing DOD’s overall cyber defense.

“NSA is responsible for developing the encryption capabilities and cybersecurity standards for all of the U.S. government’s national security systems and standards for the unclassified networks at DOD,” Frederick said. “They’re leading the way in technology side of it, especially with their deep expertise in cryptography and cybersecurity.”

Frederick also highlighted the role of industry partners in aiding DOD. While HFOs enable DOD to share threat intelligence with key private-sector entities, he said these partners also provide critical technologies and mission capabilities that enhance the military’s ability to continue strengthening its cyber posture.

“A group of programs that provide us with our big data platform capability, offensive weapons, defensive tools and sensors and our training environment — industry support and collaboration in all those areas is really important for us,” Frederick said. “An area that we’re looking at this year is doing everything we can in terms of applying AI and machine learning to our mission capabilities. That’s an area you will see greater emphasis on in the future.”

Along the lines of partnership and collective defense, Frederick added that information-sharing is critical. He said the command has room for improvement regarding its issuance of early warnings about potential threats.

“If we have companies who are being exploited by a malicious cyber actor and we can get tips, it will help us prepare and understand what we may need to do and how to respond from a DOD point of view,” Frederick said.  “We want to encourage industry to reach out to their partners if they have indicators that they feel comfortable sharing with us so that we can look out in foreign space, figure out what’s going on and see what we can do to fix the problem.”