By Zeba Siddiqui
SAN FRANCISCO (Reuters) – The United States is sending more of its cyber forces abroad to help foreign governments fight hackers, a top U.S. military official said at the RSA cybersecurity conference in San Francisco.
In the last three years, the U.S. military’s Cyber National Mission Force (CNMF) has conducted 47 such “hunt forward” defensive operations across 20 countries at the invitation of those nations, U.S. Army Major General William Hartman said on Monday.
“The demand for that only increases, and they are not all the same,” Hartman, CNMF’s commander, said of the missions, speaking on the sidelines of the conference.
The initiative reflects a broader push by the U.S. government to improve collaboration with foreign allies on combating cyber crimes, which often cross borders. Some of the largest known ransomware criminal gangs, for instance, have targeted multiple countries, including the United States.
Hartman said CNMF had dispatched 43 specialists to Ukraine, which has been battling Russian cyber onslaughts amid the war there, which Russia calls a “special operation”.
“Those are defense teams we send, and (they) hunt for shared adversaries, find tools and capabilities,” Hartman said.
He said the CNMF was working closely with the top U.S. cyber body, the Cybersecurity and Infrastructure Security Agency (CISA).
Both agencies had collaborated on thwarting potential attacks against three U.S. federal agencies by foreign adversaries, said Eric Goldstein, CISA’s executive assistant director.
“We notified the agencies, gave them guidance, and kicked off incident response. Simultaneously, we gathered all the information on the adversary infrastructure and shared it with CNMF,” he said. Goldstein and Hartman declined to offer further details on the incident.
A separate incident they disclosed during a joint presentation at the conference involved an Iranian hacking group that had breached voting systems in a U.S. city that were used to report the 2020 election results.
The CNMF feared the hackers could make the system’s website “look like the vote had been tampered with,” but the agency revoked access, Hartman said.
“There was no impact to any election infrastructure,” Goldstein added.
“We want to make this a model – find the technical evidence to hand over to CNMF,” he said, adding that securing the 2024 U.S. presidential election is a “top priority”.
(Reporting by Zeba Siddiqui; Editing by Gerry Doyle)