U.S. Cyber Command conducted a joint defensive cyber operation with the Estonian Defense Forces' cyber command on EDF networks, Sept. 23-Nov. 6. The operation was designed to counter malicious cyber actors and strengthened the cyber defense capability of both nations' critical assets.
"Combined operations with our closest allies like [the] U.S. are vital for ensuring [the] security of our services," Mihkel Tikk, the deputy commander of EDF's cyber command, said.
"These kind[s] of operations provide our operators an opportunity to exchange best practices as well as give us objective feedback on our current defense posture in [the] cyber domain. This operation is another successful milestone in our cooperation with U.S. partners," he said.
U.S. cyber specialists, referred to as "Hunt Forward" teams, and Estonian cyber personnel from Defense Forces Cyber Command, hunted for malicious cyber actors on critical networks and platforms. The U.S. has partnered with various countries throughout Europe, but this defensive cyber operation marked the first of its kind between the U.S. and Estonia.
"Despite the challenges of a global pandemic, we safely deployed to Estonia and other European countries for several weeks to gain unique insight into our adversaries’ activities that may impact the U.S.," Army Brig. Gen. Joe Hartman, the commander of the Cyber National Mission Force, said.
"Our teams proactively hunt, identify and mitigate adversary malware and indicators," he said. "We then share that malware broadly, not just with the U.S. government but with private cybersecurity industry and allies, which directly increases the overall security of U.S. critical infrastructure and related networks."
For the U.S., the Hunt Forward teams play a crucial role in CYBERCOM’s "persistent engagement," an effort aimed at countering malicious cyber activity below the level of warfare. CYBERCOM personnel are specially trained to secure and defend government networks and platforms against adversaries. The U.S. military’s "defend forward" strategy leverages key partnerships to address malicious cyber activity that could be used against U.S. critical infrastructure.
"Estonia is a digital society, and we depend on cyber everywhere, as well as in defense," Margus Matt, Estonia's undersecretary of defense for cyber defense, said. "For us, it's really important to be one of the first allies with whom the U.S. has initiated this kind of joint operation, which enabled us to obtain an independent assessment on our networks. As a leader in cyber, it also provided Estonia an opportunity to share best practices to better protect our networks."
Both nations benefit from such partnerships as they provide opportunities to improve cyber defense by assessing potential threats while contributing to global cybersecurity. Disclosing malware enables greater protections for users both in public and private sectors around the world.
"Cyber is a team sport — when it comes to halting threats from cyberspace, no one can go it alone," Thomas Wingfield, deputy assistant defense secretary for cyber policy, said. "Our strategy hinges on collaborating with our allies and partners with the private sector and academia and with state and local governments to ensure cyberspace remains a safe, secure and open engine of innovation and prosperity."
U.S. Cyber Command, in cooperation with U.S. European Command and NATO allies, continuously works to deter malicious cyber activity in the region.