US Cyber Command sets up defensive activity aimed at improving concepts and coordination
U.S. Cyber Command plans to use a global event to improve how it performs defensive operations and works with partners.
The International Coordinated Cyber Security Activity (INCCA), as the command is calling it, is a defensive effort where participants will search for publicly known malware on Department of Defense networks and systems, a Cybercom spokesperson said.
This is not a named operation and thus, no new agreements or authorities are needed to conduct the internally focused defensive actions. The event was slated to take place “during the month of October,” according to a press release issued Monday. The release did not provide a more specific start date or end date.
While defensive operations are a regular activity for Cybercom and similar under the INCCA, this activity involves real-time sharing of information and insights gleaned from internal defensive cyber efforts, with other partners, the spokesperson said.
“The most important thing to convey about INCCA, is that these activities are internally focused, allowing CYBERCOM to refine our processes as we collaborate and share best practices with key DoD stakeholders and broader partners. This activity enhances interoperability and real-time information-sharing with our existing and future partners to address cyber threats targeting and undermining national security interests,” according to the spokesperson.
A variety of cyber protection teams — Cybercom’s defensively oriented units that hunt for malicious activity on DOD networks — are involved in the activity, searching for, intercepting and halting cyber threats and malicious activity targeted at the Pentagon’s networks and systems. But the command declined to offer more specifics regarding who was involved, only acknowledging that it’s collaborating with combatant commands, the services, DOD agencies, field activities and “broader partners.”
Due to the rapidly changing nature of cyberspace and cyber threats, both the offensive and defensive side are constantly updating their tactics.
“Cyberspace is an increasingly dynamic environment where malicious cyber actors attempt to exploit networks, data, and critical infrastructure the Joint Force relies upon,” Maj. Gen. Ryan Janovic, director of operations, J3, at Cybercom, said in a statement.
The objective of the event is to improve processes, readiness and coordination with partners, according to the command.
“By synchronizing and sharing the activities occurring during INCCA, we help further our collective defense, enhance our capacity, and strengthen internal defensive measures with a community of partners,” Janovic said. “This will ultimately improve our unity of effort to defend against foreign malicious cyber threats.”
Cybercom said that if operators identify a potential threat, all information associated with that threat, to include tradecraft, is shared with partners.