US Confirms It Has Provided Cybersecurity Support to Ukraine


Security of critical infrastructure, cybercrime as a service, cyber war / attacks on nation states

Strengthening Ukraine’s cyberspace is not a policy violation, the White House says Mihir Bagwe • June 2, 2022 Director of the US Cyber ​​Command, General Paul Nakasone (Source: US Cyber ​​Command website)

The United States has carried out offensive cyber activities in support of Ukraine, Cyber ​​Command Director General Paul Nakasone reportedly said on Wednesday. He made the comments at the annual conference of the NATO Cooperative Cyber ​​Defense Center of Excellence – CyCon.

See also: OnDemand | Spotlight Discussion: Advanced Network Discovery and Response

White House spokeswoman Karina Jean-Pierre told a news briefing later in the day that offensive cyber operations were aimed at strengthening Ukraine’s cyberspace and were therefore not in conflict with policies aimed at avoiding a direct military conflict with Moscow. transfers.

Attack is the best defense?

Nakasone, in an interview, says that the United States “conducted a series of operations in the full spectrum: offensive, defensive, [and] information operations. See the article : Collective cyber defence and attack: NATO’s Article 5 after the Ukraine conflict. “This runs counter to President Joe Biden’s view that he is not dealing directly with Russia, for fear of escalation.

But Jean-Pierre, in response to inquiries at a press briefing Wednesday about offensive capabilities that undermine U.S. historical policy, says, “We don’t see it as such.”

She says the Kremlin “is not happy with the amount of security aid we have been providing to Ukrainians since before this latest phase of the conflict began. But we are doing what the president said he would do, and that is – and he told President Putin directly – we would do – what we would do it if he – if he attacked Ukraine, back in December, and that is to provide security assistance to Ukrainians that is above what we are – what we have already provided help Ukrainians to defend their country. “

Operation Hunt Forward

Neither Nakasone nor Jean-Pierre gave more details about these offensive cyber activities from the US, but Nakasone reportedly talked about how the US conducted a separate “hunting forward” operation in Ukraine just before the start of the war. To see also : 7 Benefits of Using AI for Cybersecurity. He says the operation helped both the United States and Ukraine strengthen their cyber defenses.

“Hunt forward” operations are information-driven defensive cyber operations required by partners. The Cyber ​​National Mission Force, or CNMF, cyber operators are deployed in 16 countries, including the nations of the Five Eyes – the United States, the United Kingdom, Australia, Canada and New Zealand – and other NATO countries.

In April, at a summit hosted by Vanderbilt University on modern conflicts and emerging threats, Nakasone said the CNMF had deployed a “forward” team to Ukraine in December to lead defense cyber operations with Ukraine’s partner cyber forces, according to The Hill. . It is said that this team left Ukraine only a few days before the beginning of the Russian invasion in February.

Cyber ​​operational partners from these countries hunt for networks of the host country’s choice – with its permission, looking for malicious cyber activities and vulnerabilities. The insights gained from these sessions, including tactics, techniques and procedures of opponents, are shared with the host country and other cooperative members, which further disclose them to public and private sector networks. This helps boost the homeland’s defenses against cyber threats before they reach their country’s shores, the Cyber ​​Command said in a statement when the “forward hunt” team sent to Lithuania completed its operations in the first week of May.

“This Operation Hunt Forward is a great example of how cyber is a team sport and we have to play it together,” says U.S. Army Major General and CNMF Commander Joe Hartman. “With these missions, we see a wider scope of how these bad actors are trying to attack important government networks.”

Since May 2022, the CNMF has conducted 28 “forward-looking” operations in 16 countries, including Estonia, Lithuania, Montenegro, northern Macedonia and Ukraine, the U.S. Cyber ​​Command said in a May statement.

Speaking in Tallinn, Estonia, Nakasone said the operations were of great importance to the United States to keep an eye on state-sponsored threat actors by identifying their TTPs and to conduct operations to dismantle Russian propaganda machines running disinformation campaigns to affected the upcoming medium – term elections in 2022.

‘Laser focus’ on Russia

FBI Director Christopher Wray, at a conference on cyber security at Boston College, spoke about the factors behind the U. To see also : Johns Hopkins Team Upgrading MOSAICS Industrial Control Systems Cybersecurity Tech.S. “laser focus” on Russia.

Citing the 2017 NotPety attack, Wray said Russia and its military have a history of recklessness and that their attacks spill over beyond their targets. “They targeted Ukraine, but in the end they also hit systems across Europe, plus the US and Australia, and even some systems within their borders. They closed much of the global logistics.

“That reckless attack ultimately caused more than $ 10 billion in damage – one of the most damaging cyber attacks in the history of cyber attacks – and spread around the world before anyone knew anything to do,” Wray said.

He also said that Russia uses tools such as wiper malware for mass destruction – a trend that has already been noticed (see: War between Russia and Ukraine: The risk of escalation of cyber attacks continues). “And we’re looking to make their cyber activities more destructive because their war is still going badly,” Wray said.

To counter these problems, Wray said the FBI and other agencies together run a 24/7 cyber command post that sends real-time intelligence and technical indicators not only to government partners, but also to private companies and others.

“We have seen the Russian government take concrete preparatory steps towards potential destructive attacks, here and abroad. We are reaching potential targets to warn them of the looming threat, giving them technical indicators they can use to protect themselves. And we are moving quickly to disrupt Russian activities. “he says.

Wray also cited the removal of the Cyclops Blink botnet by the Justice Department earlier this year – which was used by Russia’s GRU’s Special Technology Center to control thousands of infected devices – as an example of how the US government is responding to the Kremlin’s cyber offensive. Russia-related APT malware, ‘Cyclops Blink’).

Comments are closed.