U.S. Cyber Command Saw 'Unique' Challenges in 2020
The command’s leader reports no compromise of DOD information networks from SolarWinds breach.
The last year presented “unique challenges” to the military combatant command in charge of defending U.S. related interests in cyberspace. The three-year old U.S. Cyber Command, which plans and executes global cyberspace operations, activities and missions in regard to defending and advancing national interests, has spent the last year defending and mitigating against the continuing cyber threats from China, Russia, Iran and nonstate actors and criminals, reported Gen. Paul Nakasone, USA, commander, U.S. Cyber Command (CYBERCOM); director, National Security Agency (NSA); and chief, Central Security Service (CSS); in testimony before the Senate Armed Services Committee today.
“We saw increasingly capable cyber adversaries target the United States via influence operations, efforts to compromise sensitive data, and attempts to gain access to our weapons systems,” Gen. Nakasone said. “Adversaries still seek to exploit gaps and seams between our organizations and authorities.”
CYBERCOM’s operations in 2020 naturally focused on the presidential election, helping to lead the successful defense against foreign interference. The command conducted more than two dozen operations to block foreign threats intending to interfere with or influence the elections.
Part of this effort included the formation of the Election Security Group (ESG) with the NSA. “The ESG ensured that intelligence informed whole-of-nation efforts to harden defenses and prevent or disrupt threats to the U.S. elections,” Gen. Nakasone indicated. “We built on lessons from earlier operations and honed partnerships with the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA), sharing information with those who needed it as fast as possible.”
National Guard units also shared information about election-related incidents. “We called it the Cyber 9-line, given the nine lines of information a reporting entity would complete,” he said. “As the election approached, every state had joined this program. I am proud of the work the command and the ESG performed, as part of a broader government effort, to deliver a safe and secure 2020 election.”
More recently, the SolarWinds breach has taken much of CYBERCOM’s attention, as the command works to mitigate the threat to federal systems. Again, a combined team with the NSA supported the U.S. government’s efforts through the Unified Coordination Group to mitigate the compromise.
“Using both automated and manual processes, we worked to determine the scope of SolarWinds Orion software products employed across the DODIN [DOD Information Networks],” Gen. Nakasone said. “Each instance was immediately isolated and disconnected from DOD networks. Meanwhile, NSA worked to understand the adversary’s intent and illuminate additional tradecraft and infrastructure to inform threat detection and asset response activities. Finally, we prepared to support and assist other federal departments and the defense industrial base in bounding their respective problems.
“To date, we have yet to identify any compromise of Department of Defense information networks in the unclassified or classified domains,” the general added.
In addition, CYBERCOM supported the other unified combatant commands in “a wide range” of operations over the last year, the commander said. This included continuous counterterrorism operations, helping to protect forces and prosecute targets in Afghanistan and in other regions on behalf of the U.S. Central Command and U.S. Special Operations Command.
“We are also shifting Joint Task Force-Ares’ focus (though not all of its missions) from counterterrorism toward heightened support to great power competition, particularly in U.S. Indo-Pacific Command’s area of responsibility,” Gen. Nakasone told Congress. “Finally, we are working across the board to ensure that the data links that our warfighters rely on are protected and resilient.”
Gen. Nakasone emphasized that the command’s partnership with the NSA “remains the foundation of our success,” as seen through the election defense and SolarWinds breach. Addressing critics of the need for his dual-hatted role with NSA and CYBERCOM, he reported that “working together under one leader again demonstrated the ability of both organizations to operate with speed and agility to achieve outcomes for the nation.”