News Branch Navy

‘Hunt Forward’ cyber teams have deployed to 24 countries, including Ukraine

The cyber defense teams monito crucial networks in allied countries. US cyber chief Gen. Paul Nakasone also said the NSA is centralizing AI-related missions.
Patty Nieberg Avatar
Military personnel look at digital, cyber information.
U.S. Cyber Command regularly partners with nations on offensive cyber operations. Photo by Josef Cole at Fort George G. Meade, Md., April. 2, 2021

More than two months before Russia’s invasion, the U.S. sent teams of Marines and Navy sailors from U.S. Cyber Command to Ukraine to hunt for malicious cyber activity.

Known as “Hunt Forward” teams, the U.S. operators sat alongside Ukrainian cyber personnel and hunted for suspicious cyber activity on Ukrainian networks, aiming to identify and address potential threats and mitigate harm from any possible attacks.

Army Gen. Paul Nakasone, who leads both Cyber Command and the National Security Adsaid, discussed the pre-invasion work of those teams Thursday at a National Press Club event in Washington D.C. Nakasome also said that the NSA will soon centralize its AI-related security work into a single entity, the Artificial Intelligence Security Center.

The Hunt Forward teams’ pre-invasion role in Ukraine was reported in 2022, but Nakasone said Thursday they continue to deploy around the world at the request of partner nations to assist them against malicious cyber actors. Teams have been deployed to Albania, Estonia, Latvia, Croatia, Montenegro, North Macedonia and elsewhere since 2018.

Nakasone called Hunt Forward operations a “resounding success” at warding off malign cyber activities with more than 50 deployments in 24 countries on 77 networks. With their partner nation’s approval, U.S. teams have brought malware samples back for domestic analysis and shared them broadly with other federal agencies and private sector partners, according to Nakasone.

U.S. Cyber Command has “exposed” more than 90 malicious software samples “which cost these malicious cyber actors time, money and effort,” he said.

The Defense Department conducts offensive operations as part of its “Defend Forward” strategy. That plan envisions U.S. cyber assets as “persistently engaged” to inform allies and partners about cyber threats, help reduce them and take notes on adversaries’ tactics, plans, capabilities and tools. 

Subscribe to Task & Purpose Today. Get the latest military news and culture in your inbox daily.

The NSA and the cyber community have been in the news more this month than they usually prefer. As Congress debates re-authorizing section 702  –  a key provision of a 2008 law that allows the government to conduct targeted surveillance of foreign people outside the U.S. using electronic communications to acquire intelligence – a U.S. oversight board report released Thursday said that the law is “highly valuable to protect nationals security, and that it creates serious privacy and civil liberties risks.”

U.S. Army Gen. Paul M. Nakasone, commander of U.S. Cyber Command, director of the National Security Agency and chief of the Central Security Serviceat the opening ceremonies of the Indianapolis 500 at the Indianapolis Motor Speedway in Indianapolis, May 28, 2023. Air National Guard photo by Airman 1st Class Amber Anderson

Naksone said that cyber missions have to balance enforcing security with maintaining civil liberties and privacy. 

Though the DOD rarely releases information on offensive strategy or missions, Nakasone insisted that U.S. military offensive cyber operations are guided by “our laws and from our civilian leaders in terms of our actions,” follow  “our values as a nation,” and “conducted in a manner that is reflective of our nation.

U.S. intelligence agencies have been criticized for skirting domestic privacy laws in order to conduct surveillance for security missions in the past. 

Nakasone also announced that the NSA is consolidating its various AI-related activities into a new entity called the NSA Artificial Intelligence Security Center which will work with the private sector, national labs, academia and across the intelligence community.

The new Center will be staffed by close to 100 people – some of them civilian military personnel that will be “focused on the security of our infrastructure,” Nakasone told Task and Purpose, with a goal of having military personnel do repeat tours and “perform cyber operations all the time.”

When asked what “keeps him up at night” about future threats, Nakasone said it was the challenge of recruiting a cyber workforce.

Citing the military-wide challenges recruiting new troops, Nakasone said that cyber forces are open to people who “have the passion” and can be trained on the job or those with previous experience.

The pandemic was “an opportunity to look at ourselves differently” and ensure that the workforce the DOD recruits, trains and retains “has the resiliency and has the appreciation in terms of how we do our business,” Nakasone told attendees. “That’s why I said: what we do, it hasn’t changed, but how we do has changed tremendously.”

The latest on Task & Purpose