On August 25, 2020, on Foreign Affairs, a very interesting article has been published, by Nakasone and Sulmeyer. The first, Paul Miki Nakasone, commander of the US Cyber Command, director of the National Security Agency and head of the Central Security Service. The second, Michael Sulmeyer, is Nakasone's senior advisor to the US Cyber Command.
The article describes the new approach followed by the US Cyber Command and traces very quickly the history of thought around the American Cyber Defense strategy. I will take a cue from this for some considerations that I believe are fundamental.
Since the birth of the Cyber Command, in 2010, it says in the article, the operational assumption was that the Cyber Command should focus on preventing infiltration or sabotage attempts against military networks, the cyber posture was therefore of a defensive / reactive type, but this posture, over time, proved ineffective.
We therefore moved towards a proactive posture, called "persistent engagement", applied for example in 2019 with the "hunt forward" missions in Montenegro. The operations called "hunt forward", which could translate into "anticipation hunting", are considered an essential component in the protection of the national territory as part of the "persistent engagement" strategy as they serve to face the opponent where it operates. , working in collaboration with allies or partners seeking US assistance to thwart Cyber operations conducted in their country.
Since Montenegro's entry into NATO in 2017, several hints of cyber attacks against Montenegrin government networks (probably by Russia) have prompted a request for help from the US, presented in 2019.
Thus in October 2019 the activities of hunt forward in Montenegro.
Once a mission hunt forward is completed, Cyber Command works closely with several US government departments to analyze the collected data which is used in different ways:
- to help the country that requested assistance to better protect itself;
- to better defend their national networks;
- to allow the update of antivirus products.
According to the article, the effect of the many "hunt forward missions" conducted in recent years by the Cyber Command is to reduce the effectiveness of malware and possible adversaries interested in their exploitation. All of this is certainly true, as it is probably true that there are countries like Russia and China (and several others even westerners!) who use the weaknesses of networks and systems (and of the organizations that manage them) to gain advantage in world domination.
This effect, however, must be highlighted as it is not mentioned in the article I am commenting on, it is not the only one, in fact these activities allow the US Cyber Command to collect important information (I would say better: vital) on the structure of the national networks and systems concerned, useful information when you are on the same side, but even more useful in case of conflict.
It is also for this reason that in the cyber policies of some states there are restrictions on collaboration in certain sectors regarding the activities that can be carried out on their systems.
Every nation that aspires to remain independent must be able to adapt to the times (it is evolution) and in our case the reflection on military and industrial strategies must be placed at the basis of the independence and survival of the state.
This is why it is important to invest in new technologies and ensure that the country can boast a team of experts in the cyber sector capable of working independently as much as possible and assessing the risks inherent in turning to others in case of need.
A warning from Claude Shannon, one of the fathers of Information Theory, referred to in the article: "assume that the enemy knows the system", should make us think ...
To learn more:
- https://www.foreignaffairs.com/articles/united-states/2020-08-25/cyberse...
- https://www.fifthdomain.com/dod/2020/02/12/how-hunt-forward-teams-can-he...
Photo: US Cyber Command
