“This kind of partnership in cyber security is necessary in today’s world because it expands our reach and capabilities,” said the director of the Croatian Security and Intelligence Agency, Daniel Markić.
“We face the same adversaries and threat actors in cyberspace, and we both gain and share valuable insights into cyber resilience as it has become a key national security goal,” Markić added.
US Cyber Command’s Cyber National Mission forces routinely conduct ‘hunting operations’ on a global scale to learn adversary activities for homeland defense and to enable the collective cyber security of partner nations.
The team, made up of US military and civilian personnel, worked side-by-side with experts from the Cyber Security Center of the Croatian Security Intelligence Agency (SOA), searching for priority networks of national importance and looking for malicious cyber activities and vulnerabilities. The forward hunting team recently returned to the United States, with a hostile and shared understanding of each other’s methodologies and capabilities.
“For us, it’s not just about looking for similar threats to our networks on partner networks and bringing that back home to defend our nation’s networks,” said the head of the U.S. search team, whose name could not be used for operational security reasons.
“It was also about the personal relationships we’ve built and the partnerships we can develop. I was personally impressed by the level of organization, visibility and proactivity of the SOA Cyber Security Center, as we sat side by side in search of bad actors”, claims the head of the US team.
Hunt Forward operations are part of US Cyber Command’s persistent engagement strategy, aimed at proactively strengthening US defenses and disrupting malicious cyber activity in US infrastructure.
“It was an honor to send some of our best defense operators to Croatia, to hunt common threats together with our partners—we want to bring both expertise and talent to our partner nations, as we look at the cyber adversaries that may be threatening our nation,” said Major General US Army William J. Hartman, commander of the Cyber National Mission Force.
“Our teams return not only with insights that strengthen our defenses and support our allies, but also with professional relationships, and those relationships will continue to grow as we work together, against common adversaries, for years to come,” Hartman points out.
As of August 2022, the CNMF has conducted 35 forward search operations in 18 countries, including Estonia, Lithuania, Montenegro, North Macedonia, and Ukraine—doing so on more than 50 foreign networks, mostly during the global pandemic.
In cyber security, ‘hunting’ is a proactive cyber defense activity, to observe and mitigate undetected threats on a network or system. While forward search operations teams do not mitigate threats on partner networks, they enable their colleagues to monitor and address threats found.
“These defense operators are hunters, trained to know the behavior of their target,” said the CNMF’s defense cyber chief against Russian threats.
“They are experts at looking for these behaviors and finding some of their more malicious and subtle techniques. We share this information with our partners so that they can take action on their networks”, emphasizes the CNMF’s defense cyber manager against Russian threats.
By countering malicious cyber actors targeting partner nation networks, data, and platforms, the U.S. and allies gain valuable insight into adversary tactics, techniques, and procedures. Knowledge of these plans, capabilities and tools further enables the US and its allies to disrupt and even stop malicious cyber activities before they reach friendly networks and cause significant damage.
“The international partnerships we have built are key to preventing numerous state-sponsored cyberattacks and attacks that threaten our national security,” said Markić, whose organization is focused on preventing activities that threaten Croatian national interests.
“The more complex the cyber security challenges become, the more comprehensive our response must be,” concludes Markić.