“These robust information-sharing operations are just one part of our ‘defend forward’ strategy — where we see what our adversaries are doing and share that information with our partners in an effort to better bolster both our homeland defenses.”
WASHINGTON: CYBERCOM’s 2022 budget request includes an increase for overseas hunt-forward operations, as well as the addition of the first four of 14 total planned new teams to its Cyber Mission Force, a CYBERCOM spokesperson told Breaking Defense.
The OSD Comptroller’s 2022 budget overview provides $147.2 million for “‘hunt-forward’ defensive cyberspace operations.” But the comptroller’s budget overviews do not break out sub-categories under top-line items. The $147.2 million line item, in this case, includes CYBERCOM’s hunt forward and the Air Force’s Cyber Vulnerability Assessment (CVA-Hunt) programs, according to the CYBERCOM spokesperson.
Dig down, and there is a $14.7 million increase for hunt-forward operations — to $26.7 million requested for 2022 from the $12 million appropriated in 2021 — the CYBERCOM spokesperson said. These figures are not provided in the comptroller’s budget overview.
Hunt forward entails CYBERCOM teams deploying overseas to help allies and partners assess the cybersecurity of their networks.
“The teams deploy at the invitation of a host nation to gather insight and a better understanding of adversary behavior on the host nation’s government networks,” the spokesperson said. “These robust information-sharing operations are just one part of our ‘defend forward’ strategy — where we see what our adversaries are doing and share that information with our partners in an effort to better bolster both our homeland defenses.”
CYBERCOM said that hunt-forward operations are defensive — not offensive.
CYBERCOM and NSA chief Gen. Paul Nakasone told Congress this spring that CYBERCOM conducted “11 hunt-forward operations in nine different countries for the security of the 2020 election.”
One of those operations took place in Estonia. Another operation took place on an unnamed overseas partner’s network, which uncovered new malware associated with the SolarWinds cyberespionage campaign.
“When we disclose adversary malware used to conduct espionage,” the spokesperson said, “we not only harden our own networks, inoculate more broadly, and improve collective cybersecurity, but we also impose costs disrupting adversaries time, money, and access.”
The spokesperson also clarified what the proposed expansion of the Cyber Mission Force means. Overall, CYBERCOM plans to phase in 14 new teams to the Cyber Mission Force through 2024. The proposed 2022 budget includes the first four of the 14 total, including two Cyber Mission teams and two Cyber Support teams.
Cyber Mission teams “generate integrated cyberspace effects in support of operational plans and contingency operations for combatant commanders,” according to the budget overview. Support teams “provide analytic and planning support to National Mission and Combat Mission teams.”