A U.S. Cyber Command team of defensive cyber experts returned from Croatia last month, where they were dispatched on a so-called “hunt forward” operation, the 35th proactive cyber defense mission to be undertaken by the command as it seeks to forge more partnerships with other democracies and learn from the malicious cyber activity they confront.
Cyber National Mission Force, which sits inside Cyber Command, has launched hunt forward operations in 18 countries and in more than 50 foreign networks, including in Estonia, Lithuania, Montenegro, North Macedonia and Ukraine.
The CNMF team worked alongside the Croatian Security and Intelligence Agency’s Cyber Security Centre on the operation, “hunting on the prioritized networks of national significance and looking for malicious cyber activity and vulnerabilities.”
Cyber Command says the hunt forward operations are part of its strategy for “persistent engagement,” defined as the need to constantly interact with adversaries in cyberspace and do so with speed and agility. “Hunting” loosely translates to a “proactive cyber defense,” a Cyber Command press release said.
Hunt forward operations’ teams “do not mitigate threats on partner networks, they enable their counterparts to pursue and address the threats found,” the press release said.
The nine hunt-forward operations conducted last year grew out of the 2018 DOD strategy emphasizing persistent engagement, General Paul Nakasone said in prepared remarks delivered at Vanderbilt University in May.
“These are countries that have asked for our assistance, deploying our defensive teams for being able to identify malware and tradecraft our adversaries were using and then sharing that broadly with a commercial provider,” Nakasone said.