At a glance.
- Joint US-Estonian cyber operation.
- US and Australia agree to creation of a joint cyber range.
- A warning issued via alert?
US Cyber Command’s deployment to Estonia for cooperative operations.
A US Cybercom unit shipped out to Tallinn for six weeks this fall for a joint defensive exercise with Estonian Defense Force counterparts, the US Defense Department has revealed. The New York Times says such units are typically a dozen strong, and have in the past discovered and defanged novel malware. Cybercom is often vague about the location of its deployments, and Estonia says cooperative US operations will likely continue, though we may not hear about them. Tallinn has invited a permanent detail. Though this was an inaugural exercise for the countries, longstanding collaborations exist within Cybercom, the Maryland National Guard, and other bodies.
An instance of persistent engagement and defend forward, the operation allowed the US to probe Russian tactics, techniques, and procedures (TTP) ahead of the election. Estonia received the benefit of observing a Cybercom operation, and of swapping feedback and best practices with Washington, Voice of America reports. Until recently a favored punching bag of Russia’s for trying out new moves, the former Soviet state has deterred its unruly neighbor by ramping up information sharing and strengthening defenses. (Estonia has long punched far above its weight in cyberspace.)
US Defense official Thomas Wingfield called cybersecurity “a team sport” and explained that “inaction in cyberspace contributes to escalation more than reasonable action.”
US-Australian joint cyberattack training range.
In another example of allied cooperation, Washington’s Cybercom and Canberra’s Information Warfare Division (IWD) are going in together on a $215 million “virtual cyber training platform,” the first bilateral arrangement of its kind, according to BleepingComputer. IWD will enhance Cybercom’s Persistent Cyber Training Environment (PCTE), helping to create a space that allies can use on short notice. Combined drills will no longer require months of preparation.
The PCTE, which went live earlier this year, simulates active networks in a contained environment. The secure platform can be configured for simultaneous diverse exercises.
Warning as signaling.
Nextgov says a CISA alert about potential Iranian activity may serve more as a warning for Tehran than possible victims. Using nearly identical language to an alert issued after General Soleimani’s battlefield death by a targeted drone strike, CISA cautions readers about DDoS attacks, PII pilfering, influence campaigns, webpage vandalism, malware, and cyber-powered kinetic actions that followed Mohsen Fakhrizadeh’s assassination. Former DHS official Mike Hamilton said the publication is likely meant to put Tehran on notice that “our defenses are up” and “we know their TTPs.”