CYBERCOM Seeks ‘Hunt Forward’ Funding Boost
WASHINGTON: CYBERCOM’s 2022 budget request includes an increase for overseas hunt-forward operations, as well as the addition of the first four of 14 total planned new teams to its Cyber Mission Force, a CYBERCOM spokesman told Breaking Defense.
Hunt-forward operations are an intriguing element of cybersecurity. CYBERCOM teams deploy to scan the networks of allies and partners — with their permission — looking for vulnerabilities, threats, and risks and then they share the information.
The OSD Comptroller’s 2022 budget overview provides $147.2 million for “‘hunt-forward’ defensive cyberspace operations.” But the comptroller’s budget overviews do not break out sub-categories under top-line items. The $147.2 million line item, in this case, includes CYBERCOM’s hunt forward and the Air Force’s Cyber Vulnerability Assessment (CVA-Hunt) programs, according to the CYBERCOM spokesman.
Dig down, and there is a $14.7 million increase for hunt-forward operations — to $26.7 million requested for 2022 from the $12 million appropriated in 2021 — the CYBERCOM spokesman said. These figures are not provided in the comptroller’s budget overview.
“The teams deploy at the invitation of a host nation to gather insight and a better understanding of adversary behavior on the host nation’s government networks,” the spokesman said. “These robust information-sharing operations are just one part of our ‘defend forward’ strategy — where we see what our adversaries are doing and share that information with our partners in an effort to better bolster both our homeland defenses.”
CYBERCOM said that hunt-forward operations are defensive — not offensive.
CYBERCOM and NSA chief Gen. Paul Nakasone told Congress this spring that CYBERCOM conducted “11 hunt-forward operations in nine different countries for the security of the 2020 election.”
One of those operations took place in Estonia. Another operation took place on an unnamed overseas partner’s network, which uncovered new malware associated with the SolarWinds cyberespionage campaign.
“When we disclose adversary malware used to conduct espionage,” the spokesman said, “we not only harden our own networks, inoculate more broadly, and improve collective cybersecurity, but we also impose costs disrupting adversaries time, money, and access.”
The spokesman also clarified what the proposed expansion of the Cyber Mission Force means. Overall, CYBERCOM plans to phase in 14 new teams to the Cyber Mission Force through 2024. The proposed 2022 budget includes the first four of the 14 total, including two Cyber Mission teams and two Cyber Support teams.
Cyber Mission teams “generate integrated cyberspace effects in support of operational plans and contingency operations for combatant commanders,” according to the budget overview. Support teams “provide analytic and planning support to National Mission and Combat Mission teams.”