The U.S. Cyber Command (CYBERCOM), the U.S. military combatant command in charge of cybersecurity and cyberwarfare, revealed for the first time this week that it has been waging offensive cyber operations to help Ukraine.
In an exclusive interview with Sky News published Wednesday, CYBERCOM’s commanding officer, Gen. Paul Nakasone, said the U.S. has been conducting offensive operations against Russia and in support of Ukraine since Russian forces launched their invasion of the eastern European country in late February.
“We’ve conducted a series of operations across the full spectrum; offensive, defensive, [and] information operations,” said Nakasone, who also serves concurrently as the director of the National Security Agency (NSA).
Nakasone did not provide Sky News with many details about the extent of the U.S. cyber operations since the start of the invasion of Ukraine.
“My job is to provide a series of options to the secretary of defense and the president, and so that’s what I do,” Nakasone said.
Nakasone spoke about the high risk of Russian cyber attacks against the U.S., saying, “We remain vigilant every single day. Every single day. I think about it all the time.”
Nakasone provided some insights about the defensive side of cyber operations in Ukraine, noting Ukraine has been the target of numerous Russian attacks.
“If you asked the Ukrainians, they wouldn’t say it’s been overblown,” he said. “If you take a look at the destructive attacks and disruptive attacks that they’ve encountered – you wrote about it in terms of the attack on [satellite company] Viasat – this is something that has been ongoing.”
Near the start of the Russian invasion of Ukraine, a cyber attack targeted the U.S. satellite broadband internet service Viasat. On May 10, the U.S., United Kingdom and European Union assessed Russia was responsible for the cyber attack.
“We’ve seen this with regards to the attack on their satellite systems, wiper attacks that have been ongoing, disruptive attacks against their government processes,” Nakasone said. “This is kind of the piece that I think sometimes is missed by the public. It isn’t like [Russian cyber operators] haven’t been very busy, they have been incredibly busy. And I think, you know, their resilience is perhaps the story that is most intriguing to all of us.”
Nakasone also described so-called “hunt forward” operations carried out by U.S. military cyber experts. The goal of a “hunt forward” operation is to identify potential foreign hacking vulnerabilities and develop defenses against them before they are exploited by hostile actors. These operations entail sending cyber specialists to partner nations to observe their cyber vulnerabilities. Nakasone said such operations are highly useful “because of the fact that we see our adversaries and we expose their tools.”
“If you’re an adversary, and you’ve just spent a lot of money on a tool, and you’re hoping to utilize it readily in a number of different intrusions, suddenly it’s outed and it’s now been signatured across a broad range of networks, and suddenly you’ve lost your ability to do that,” Nakasone said.
Nakasone said U.S. military cyber specialists began a “hunt forward” operation in Ukraine in December of last year that last almost 90 days, placing those U.S. cyber specialists in the country just days before Russia launched its invasion on Feb. 24. A spokesperson for CYBERCOM told Sky News that the U.S. hunt forward team left Ukraine along with other U.S. Department of Defense personnel before the invasion began.