US cyber teams prepped Eucom's networks for potential Russian attacks prior to Ukraine invasion

(Photo by Jon Dasbach, U.S. Cyber Command)

In the run-up to Russia’s invasion of Ukraine in February, U.S. Cyber Command deployed teams to European Command to harden networks in case Moscow sought to escalate its digital operations in response to American assistance to Ukraine, according to a top Cybercom official.

“In addition to that work we did with Ukraine, with Ukrainians, we also deployed Air Force and Army cyber teams to Europe to support U.S. European Command directly. Those teams worked on cyber defense, worked very closely with those commands to ensure that all the theater networks were hardened in case there was an escalation or intrusions directed at the U.S.,” David Frederick, executive director of Cybercom, said Wednesday at a virtual event hosted by GovConWire.

Frederick was initially referencing the work Cybercom did sending defensive cyber protection teams from its cyber national mission force to Ukraine ahead of the invasion to help secure Ukrainian networks, which also had the benefit of providing the U.S. government advance warning and information about the tactics of Russian cyber operations.

These so-called hunt-forward operations, in which U.S. teams are deployed to other nations at their request to look for malicious behavior on their networks, has been touted as a huge benefit to cooperative security with partners as well as aiding in domestic defense.

“Working with our partners and allies ahead of time in hunt-forward operations that we’re involved with, I believe that that has helped us significantly to be prepared for pushback against Russia in the war in Ukraine,” Rep. Jim Langevin, D-R.I., chairman of the House Armed Services subcommittee on cyber, innovative technologies and information, said at DefenseScoop’s DefenseTalks conference on Sept. 15. “I think [that’s] a significant reason why we haven’t seen more effective cyber operations on the part of Russia both in Ukraine and maybe any blowback we might have experienced here in the United States.”

Langevin said he’s satisfied with the achievements of these hunt-forward operations so far, but acknowledged there is still more to do.

“The early work that we’ve done with partners and allies to identify where the Russians were in networks and then be prepared for what they might do has helped better protect us and our partners and allies,” he continued.

While these hunt-forward operations for Ukraine have been widely publicized, what is less known was the response and preparation by the Department of Defense to harden its own networks from some level of potential blowback by Russia.

The Air Force is responsible for cyber ops within the U.S. European Command area of responsibility under what’s known as Joint Force Headquarters-Cyber Air Force. These organizations provide planning, targeting, intelligence and cyber capabilities to the combatant commands to which they’re assigned. The heads of the four service cyber components also lead their respective JFHQ-Cs and oversee the cyber teams that conduct operations for the combatant commands. Given the joint nature of cyberspace operations, the Air Force also oversees a small group of Army teams in Europe under this construct.

At the GovConWire event on Wednesday, Frederick also highlighted additional defensive cyber preparation done on a global level by Joint Force Headquarters-DOD Information Networks, Cybercom’s subordinate organization responsible for securing, operating and defending U.S. military networks globally.

“Joint Force Headquarters-DODIN took a look at our guidance for DOD networks writ large and took a number of actions to harden, reduce risks with some key mitigations, and just ensure that the core networks of DOD were well prepared to support U.S. European Command and resilient to any potential cyberattack,” he said.