U.S. Cyber Command is putting a new approach into practice to better defend the nation from critical cyber incidents.
Cyber Command’s new “defend forward” mantra has been described as fighting the cyber battle on someone else’s turf as opposed to fighting it at home. In other words, it means gaining access to adversary networks or infrastructure to get insights into what they might be planning.
To defend the nation and its critical sectors from potential cyber attacks, Cyber Command leaders need to know what these sectors view as important to their network, data they will need to defend and how adversaries might be planning to attack them.
The Cyber National Mission Force, the part of Cyber Command that targets adversaries in cyberspace before they enter U.S. networks, has been following the new philosophy to provide the private sector and federal agencies with intelligence on adversary’s behavior.
“If I’m going to defend forward to help our nation’s critical infrastructure, I need to know what’s most important to those critical infrastructures, to the financial sector, to the energy sector so if I am doing reconnaissance in gray and red space, I know what to look for,” Brig. Gen. Stephen Hager, deputy commander of operations for the Cyber National Mission Force, said during an appearance at the CyCon U.S. conference in Washington Nov. 15. “I know what to look for as a military person but I don’t necessarily know what the financial institutions think are important.”
This approach allows Cyber Command to see if an adversary is developing tactics or research that could target a bank or financial transaction, he said.
“We now have some intelligence that we then would share with our interagency partners and then they would pass it to the [Information Sharing and Analysis Center] to the critical infrastructure folks that deal with that,” Hager added.
For example, Cyber Command is receiving anonymized data from the Financial Systemic Analysis and Resilience Center through the Department of Homeland Security and “we’ve done some things based on the information we’ve got from them,” Hager said.
Then Cyber Command provides any intelligence gathered back through formal chains such as DHS, the Department of the Treasury and the Information Sharing and Analysis Center to ensure each stakeholder understands the potential threats and can mitigate them.
DoD only has authority to act within its networks and is limited in what networks it can operate in domestically, much to the dismay of some in Congress.
Cyber Command’s previous head noted that operating outside networks was something the department should have a serious conversation about.
“If you think about the Department of Defense, we spend a lot of time talking about the [Department of Defense Information Network] and defense of the DoDIN and really that’s because where our authorities lie.” But, Hager added, “as a taxpayer, I don’t really want the Department of Defense to just defend its military access, I want it to defend my nation.”
The recently released DoD cyber strategy points to defending U.S. critical infrastructure as a key pillar.