U.S. Cyber Command conducted a joint defensive cyber operation with the Estonian Defense Forces’ cyber command on EDF networks, Sept. 23-Nov. 6. The operation was designed to counter malicious cyber actors and strengthened the cyber defense capability of both nations’ critical assets . U.S. cyber specialists, referred to as “Hunt Forward” teams, and Estonian cyber personnel from Defense Forces Cyber Command, hunted for malicious cyber actors on critical networks and platforms. The U.S. has partnered with various countries throughout Europe, but this defensive cyber operation marked the first of its kind between the U.S. and Estonia.
“Combined operations with our closest allies like the U.S. are vital for ensuring the security of our services,” Mihkel Tikk, the deputy commander of EDF’s cyber command, said. “These kinds of operations provide our operators an opportunity to exchange best practices as well as give us objective feedback on our current defense posture in the cyber domain. This operation is another successful milestone in our cooperation with U.S. partners,” he said.
For the U.S., the Hunt Forward teams play a crucial role in Cybercom’s “persistent engagement,” an effort aimed at countering malicious cyber activity below the level of warfare. Cybercom personnel are specially trained to secure and defend government networks and platforms against adversaries. The U.S. military’s “defend forward” strategy leverages key partnerships to address malicious cyber activity that could be used against U.S. critical infrastructure. Estonian Cyber Command provides command support to the governance area of the Estonian Defense Ministry.
“Despite the challenges of a global pandemic, we safely deployed to Estonia and other European countries for several weeks to gain unique insight into our adversaries’ activities that may impact the U.S.,” Army Brig. Gen. Joe Hartman, the commander of the Cyber National Mission Force, said. “Our teams proactively hunt, identify and mitigate adversary malware and indicators,” he said. “We then share that malware broadly, not just with the U.S. government but with private cybersecurity industry and allies, which directly increases the overall security of U.S. critical infrastructure and related networks.”
Both nations benefit from such partnerships as they provide opportunities to improve cyber defense by assessing potential threats while contributing to global cybersecurity. Disclosing malware enables greater protections for users both in public and private sectors around the world. U.S. Cyber Command, in cooperation with U.S. European Command and NATO allies, continuously works to deter malicious cyber activity in the region. The two countries have ongoing cooperation at various levels within Cybercom, U.S. European Command, the Maryland National Guard and the Sixteenth Air Force — U.S. Air Forces Cyber.
“Estonia is a digital society, and we depend on cyber everywhere, as well as in defense,” Margus Matt, Estonia’s undersecretary of defense for cyber defense, said. “For us, it’s really important to be one of the first allies with whom the U.S. has initiated this kind of joint operation, which enabled us to obtain an independent assessment on our networks. As a leader in cyber, it also provided Estonia an opportunity to share best practices to better protect our networks.”