With ‘hunt forward’ ops, democracies strike back

Across the ever-expanding galaxy of the internet, it’s interesting how relationships grow and take shape according to their purpose.

In the way ransomware gangs can function as an extension of an authoritarian state, attacking economic targets of democracies at will, democratic cyber forces have found their way to leverage the network effect for defensive purposes: they’re called “hunt forward” operations.

(credit svgsilh cc)

Rather than wait around for infrastructure to be attacked, as has been the custom, US cyber forces partner with the cyber defence forces of friendly nations and look for trouble. You could claim it is akin to a search and destroy operation, but with some key differences. It’s search and destroy waged from the friendly ridges of allies. And, like everything online, it’s Janus-faced. Not only does it re-enforce the defensive muscle of allies like Lithuania, or that larger country much further to the south, Ukraine, but the spoils of the operation support the broader cause of cyber security.

As this cybercom release makes clear:

“…cyber operators sit side-by-side with the partner and hunt on the networks of the host nation’s choosing, looking for bad cyber activity and vulnerabilities. These insights are shared with the host nation and then brought back to share with public and private sector networks– bolstering homeland defense before those adversary tactics, techniques, and procedures may be used against the US.”

The information passes easily from cyber defender to partner cyber defender, then right back to the private sector who are in the position to take some of the most effective and lasting action.

US Cybercom commander General Paul Nakasone, who has been key to pushing this strategy, said hunt forward operations are “so powerful… because of the fact that we see our adversaries and we expose their tools”.

“If you’re an adversary, and you’ve just spent a lot of money on a tool, and you’re hoping to utilise it readily in a number of different intrusions, suddenly it’s outed and it’s now been signatured across a broad range of networks, and suddenly you’ve lost your ability to do that.”

Now that I’ve introduced the term, here is a link to the song ‘Search and Destroy’ by the Stooges.