U.S. Cyber Command wants more tech companies and others on the front lines of the global fight to secure the internet to share more cybersecurity intelligence so that the organization can improve its defensive capabilities, Cyber Command Executive Director Dave Frederick said in an interview Monday.
Frederick said Cyber Command regularly shares information it gleans during so-called “hunt forward” operations, defensive cyber missions carried out alongside partners, but needs more private companies to fully report cyber incidents so that Cyber Command can learn from them.
Frederick, who was speaking during an industry webinar organized by Billington CyberSecurity, said the 27 hunt forward operations Cyber Command has conducted in the past two years have empowered partner countries to “immediately strengthen the defenses of their networks” and have given Cyber Command “unique insights into adversary malware which we then bring home.”
Those insights inform not only Department of Defense cyber defense strategy, but also are shared with the private sector, he said.
“We’re able to share the indicators of compromise, new samples of malware that we discover from hunt forward, with the broader cybersecurity community, and they’re able to then build signatures to detect that malware and basically disrupt adversary operations targeting the U.S. civil sector,” Frederick said. “It’s almost like giving an antidote to a virus, so it’s really turned out to be a great model.”
Hunt forward missions began in 2018 as part of Cyber Command’s work to enhance election security and have expanded since then, Frederick said. So far, Cyber Command has partnered with 16 countries, covering 50 different networks, including in Estonia, Montenegro and Ukraine.
Frederick said Cyber Command needs help from private industry, particularly with enhancing technology used for mission capabilities and collective defense. Cyber Command secures, operates and defends the DOD’s computer systems, whose 4 million endpoints as of 2022 make it one of the largest globally, he said.
“Our joint cyber war fighting architectures are a pretty complex set of systems,” Frederick said. “It’s a group of programs that provide us our big data platform capability, our offensive weapons and tools, our defensive tools and defensive sensors, and command and control.”
Frederick said industry support and collaboration is also needed to support what he called the “world-class” training environment Cyber Command offers.
Cyber Command has a good relationship with defense and telecommunication companies, but Frederick stressed that more companies across sectors need to report cyber incidents.
“Almost all the U.S. networks of critical importance are owned and operated by the private sector, and something that we need to do our job better is early warning,” he said. “If we have companies that are seeing that they’re being exploited by a malicious cyber actor, if we can get tips to that effect, it helps us prepare and understand what we may need to do to respond from a DOD point of view.”
Frederick said the command is now focused on how it should apply artificial intelligence and machine learning to its mission capability. “That’s an area that you’ll see greater emphasis on in the future from the command.”