CYBERCOM increasing intel collection in light of Russia-Ukraine conflict

TECHNET CYBER 2022: Russia’s invasion of Ukraine has given defense communities around the world the first real taste of what modern state-on-state warfare looks like, and everyone is looking for lessons learned — including US Cyber Command, according to its director of operations. 

Speaking at the AFCEA TechNet Cyber 2022 conference, Maj. Gen. Kevin Kennedy said that as a result of what they’ve seen over the last two months, CYBERCOM is looking at vulnerabilities in its intelligence collecting activities.

“This is one of the lessons, as we looked at the Ukraine crisis and we’ve seen the open source reporting and understanding, having frank conversations about whether our SICR [specific intelligence collection requirement] is and the level of defenses that we have on it and the potential vulnerabilities that exist,” Kennedy said. 

RELATED: Learning From Ukraine Conflict, Info Security Agency Pushes Ahead On JADC2

Although he didn’t tie it directly into the Ukraine situation, Kennedy also said that over the next year CYBERCOM wants to expand partnerships with allies, which he sees as its “fundamental advantage.”

“Our partnerships in the Pacific are more robust, more varied than anything that the [People’s Republic of China] has,” he said. “Our partnerships in Europe are much more varied, more solid than I think Russia is. Our partnerships in the Middle East are more robust, more varied, more strong than anything Iran has. That is the advantage that we have as we’re looking forward to taking on the adversaries that we see.”

CYBERCOM has also had a pivot in the last year when it comes to thinking about ransomware, Kennedy said. 

“I think about a year and a half ago if you had asked me what the…responsibility of the Department of Defense in ransomware was, [it] was purely in support of [the Department of Justice] and that activity is primarily a [law enforcement] activity,” Kennedy said. “What we’re finding, though, in recent times is that ransomware is a national security imperative as well.”

Last year, Gen. Paul Nakasone, head of CYBERCOM and the NSA, said similarly that views on ransomware has changed, and that when it affects “critical infrastructure, it’s a national security issue.” 

When it comes to intelligence collecting, Kennedy said partnerships with the FBI and CISA have been “critical” to sharing information with the industrial base and “maybe being some level of deterrence” when it comes to making the operating environment risky for adversaries. 

CISA, along with the FBI, NSA and allied cybersecurity authorities earlier in April released a joint advisory in wake of increased threats by Russian cyber groups targeting critical infrastructure both within and outside the Ukraine region.

The advisory urged critical infrastructure network defenders to prepare for and mitigate potential cyber threats, including ransomware and cyber espionage, by hardening their cyber defenses.