Apr 25, 2023 - Technology

Cyber Command, CISA unveil secret joint operations

Illustration of a US flag made of semiconductor chips.

Illustration: Shoshana Gordon/Axios

A little-known partnership between the country's military cyber forces and homeland defenders has stymied the impact of two state-linked attacks, senior officials disclosed at the RSA Conference.

Why it matters: With so many cyber-related agencies in the U.S., it's often difficult for anyone outside of the government to understand which office is responsible for what during an attack.

  • These disclosures are some of the first clear examples of how the Pentagon-based Cyber Command and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) cooperate during an active event.

Driving the news: Eric Goldstein, CISA's executive assistant director for cybersecurity, and Maj. Gen. William Hartman, chief of the command's Cyber National Mission Force (CNMF), detailed two previously unknown incidents involving the agencies during a panel talk Monday.

Details: During the 2020 presidential election, CNMF discovered Iranian-linked hacking group Pioneer Kitten lurking on a city's infrastructure "used to report the results of voting," Hartman said. CNMF looped in CISA, which contacted the jurisdiction — resulting in an immediate remediation of the threat, the officials said.

  • In another incident, CISA identified three federal agencies facing an "intrusion campaign from foreign-based cybercriminals," Goldstein said. CISA handed this information over to the command, which weighed how it could thwart the malicious hackers. The officials did not name the affected agencies.

Between the lines: CISA and Cyber Command have unique roles in these incidents.

  • CISA acts as the liaison between private and public sector organizations about what sectors are impacted in an ongoing incident and what threats everyone should track.
  • Meanwhile, Cyber Command has the power to shut down the online infrastructure a malicious actor uses.

Yes, but: Much of this partnership still relies heavily on input from private sector partners.

  • "Increasingly over the last number of years, we have realized that partnership with private industry — while working really closely with Eric's team at [CISA's Joint Cyber Defense Collaborative] — really allows us to get at scale in ways that previously we were unable to," Hartman said.

Sign up for Axios’ cybersecurity newsletter Codebook here

Go deeper