Interagency coordination and engaging forward against U.S. adversaries bent on influencing 2018 congressional elections are ways the federal government will conduct future cyber operations to thwart them from interfering in the U.S., the head of U.S. Cyber Command said on Wednesday.
The defending forward approach to cyber security operations stems from the Defense Department's new cyber posture, which draws from the Trump administration's to be more proactive in the use of offensive cyber operations.
The new approach "allows us to sustain key competitive advantages while increasing our cyber capabilities," Army Gen. Paul Nakasone told a House Armed Services Committee panel.
U.S. Cyber Command worked "very, very closely with the Department of Homeland Security to protect our election infrastructure," Nakasone told the committee's Intelligence and Emerging Threats Capabilities Subcommittee. "We did work very, very closely with the Federal Bureau of Investigation to stop influence operations from other non-nation states and from nation states from impacting our people. And we did obviously conduct actions to ensure that any adversary that was attempting to interfere with our democratic processes, that we'd address."
The proactive approach to cyber security is "different than what we had done in the past," he said. "And I think that that's a very, very good model of where we need to move forward because we have to make sure that our adversaries, and certainly the American people understand that this is something that obviously is worth defending."
In addition to DHS and the FBI, Cyber Command also supported U.S. European Command, Northern Command and others to defend the mid-term elections, he said.
USCYBERCOM's top priority last year was a "safe and secure" election, Nakasone said, which led him to establish a joint effort called the "Russia Small Group" between the command and the National Security Agency (NSA) to protect the elections. Nakasone is also the director of NSA.
"The Russia Small Group tested our new operational approach," he told the subcommittee. "With direction from the president and the Secretary of Defense, the Russia Small Group enabled partnerships and action across the government to counter a strategic threat. Our response demonstrated the value of a tight-knit relationship between U.S. Cyber Command and the National Security Agency, bringing together intelligence, cyber capabilities, interagency partnerships and our willingness to act."
Nakasone said the interagency cooperation and coordination was "unparalleled" and was part of a "persistent presence" by USCYBERCOM and NSA that "contested adversarial actions, improving early warning and threat identification in support of DHS and the Federal Bureau of Investigation."
"The Russia Small Group effort demonstrated that persistent engagement, persistent presence, and persistent innovation enable success," he said.
Persistent engagement is working, the Army general said.
"Our actions are impacting our adversaries. Our shift in approach allows us to sustain key competitive advantages while increasing our cyber capabilities. As we review lessons learned from securing the 2018 mid-term elections, we are now focused on potential threats we could face in 2020."
Nakasone said the transition to the more aggressive approach to cyber operations was helped by the administration's policy guidance and congressional support for DoD cyber operations in the fiscal year 2019 National Defense Authorization Act.
The U.S. also partnered with its allies and partners in the public and private sectors "to build resiliency" and "for the first time we sent our cyber warriors abroad to secure networks outside of the DoD information network," he said. "Our operations allowed us to identify and counter threats as they emerged to secure our own elections and prevent similar threats interfering in those of our partners and allies."
USCYBERCOM needs to build a "warrior ethos," Nakasone said, noting that the country's cyber warriors are "in constant contact with our adversaries" and that "there are no operational pauses or sanctuaries."
The DoD is reviewing whether to separate command of USCYBERCOM and the NSA from its current dual-hat structure. Nakasone said he completed an assessment for the department on the issue and submitted it last August. He declined to discuss his findings in the subcommittee's open session. The panel moved to a closed session afterward.
Rep. Jim Langevin (D-R.I.), chairman of the subcommittee, and Rep. Don Bacon (R-Neb.), said they support leaving the dual-hatted structure of command of USCYBERCOM and the NSA intact.