A new portal created by U.S. Cyber Command and the National Guard provides a two-way interface for sharing malware and gain better insights into cyber threats facing the nation, according to a June 9 release from the command.
This portal, called Cyber 9-Line, allows participating Guard units from their perspective states to quickly share incidents with Cyber Command. Cyber Command’s elite Cyber National Mission Force, which conducts operations aimed at disrupting specific nation state actors, is then able to provide analysis on the malware and offer feedback to the states to help redress the incident.
“This level of cooperation and feedback provides local, state and Department on Defense partners with a holistic view of threats occurring in the United States and abroad,” said Brig. Gen. William Hartman, commander of the Cyber National Mission Force and the lead for Cyber Command’s election security group. “Dealing with a significant cyber incident requires a whole-of-government defense, bidirectional lines on communication and data sharing enables the collective effort to defend elections.”
In recent years, the Department of Defense has been working to determine how to use its full time cyber force within Cyber Command to protect the nation from pervasive cyber threats.
U.S. Cyber Command’s new operating philosophy of “defend forward” has helped clarify how the Department of Defense can protect the United States from cyberattacks, a Pentagon official said April 23.
The command has followed a new paradigm called defend forward that seeks to preempt threats before they reach the United States. Through daily operations and other actions known as “hunt forward," in which U.S. cyber operators deploy to other nations on their networks, Cyber Command is able to use its unique authorities to gain insights on adversary activity. Those insights can either be shared or used to take some type of action.
The Cyber 9-Line is the first step within the information exchange program set up in 2019 by the Joint Cyber Command and Control program office, under the direction the National Guard adviser to Cyber Command, leaders said.
Thus far, 12 states have completed the registration process and can benefit from DoD resources. This includes tools such as Cyber Command’s Big Data Platform, which synchronizes information and correlates it allowing forces to act on available information collected from sensors and operations.
The Big Data Platform also provides information and reports from previous threats and malware samples.
“The CNMF, via the National Guard, may enable states to quickly identify additional indicators of threats, which then states can then implement and defend themselves quicker than ever before,” Col. Samuel Kinch, the National Guard Advisor to Cyber Command, said. “That’s going to be a huge collective win for us all.”
Cyber Command said this portal was already used during an incident in Dorchester County, Maryland, which reported a ransomware attack in January.
“These relationships have been cultivated for many years via personal connections made by our Citizen-Airmen, which allows us to respond quickly,” Col. Reid Novotny, Maryland National Guard J6, said. "Knowing that the Maryland Department of IT was handling restoration and the FBI was doing investigation, the 175th Cyber Operations Group provided the connectivity to the national resources located in our backyard at USCYBERCOM through a Cyber 9-line.”
While still in its infancy, officials explained the Cyber 9-Line has already made an impact.
States in recent months have fallen victim to costly ransomware attacks in which Guard units have had to respond.
Responding to ransomware across states is a new mission for the National Guard and it doesn’t show signs of going away anytime soon.
The National Guard is considered a critical resource for the DoD’s cyber bench considering many personnel serve as cyber or IT professionals in their day jobs.