August 26, 2020
by Michael Laff
Cybersecurity experts from the U.S. Cyber Command are working with other nations to identify malware and network attacks.
Cyberattacks undermine elections and threaten democracy. By working with host nations, Cyber Command has identified more than 40 malware samples since 2018.
The best way to fight cyberattacks and false information campaigns is to expose the weapons used in the attack. When an attack is identified, officials post the malware on Virus Total, a publicly available site. The site is an online community that permits testing of suspicious files and sharing of malware identified by other users.
U.S. cyber experts worked alongside Montenegrin government officials in 2018 and 2019 to counter malicious cyberattacks on critical networks and platforms.
“Because of our direct cybersecurity cooperation with Montenegro, we have been able to develop patches against the latest Russian malware that now protect billions of devices worldwide,” Secretary of State Michael R. Pompeo said during an October 2019 visit to Podgorica.
Montenegrin officials said the joint initiative proved valuable for their country, which joined NATO in 2017.
“It is precisely in the face of new challenges with the United States that we seek a way, using their resources, to protect democracy in the Western Balkans from those who would keep this part of Europe in conflicts, setbacks and economic decline,” said Montenegrin Defense Minister Predrag Bošković.
U.S. cyber experts also worked in North Macedonia and Ukraine to help both countries defend their networks. During the collaboration, experts learned about various types of malware being used.
“They invited us in to work with them within their networks in a defensive role,” David Luber, the executive director of the U.S. Cyber Command, told the Fifth Domain, an online publication dedicated to cyberspace conflict. “And then we gleaned some tremendous insights into advanced persistent threats and malware and were able to bring that to the world through publishing on websites.”
In May 2020 the National Security Agency issued an advisory about Russian military cyber actors known as the Sandworm Team. The attackers found weaknesses in the Exim message transfer agent (MTA) software for Unix-based systems that allowed users to be added and security settings to be disabled. The software developer then created a countermeasure through software patching for users to update their systems.
The National Defense Authorization Act of 2019 allowed Cyber Command teams to work outside Department of Defense networks to help allies with their defense operations when invited by host countries. The U.S. Cyber Command and the U.S. European Command help NATO allies and European countries identify potential threats and share information by working with military and civilian cyber experts in several countries.
Annual training exercises in the Panama Canal, known as PANAMAX, were expanded in 2019 to include cyber defense. Experts from 20 nations participated in training designed to protect the Panama Canal.
The United States has signed agreements on computer network defense with several other countries, including Germany and South Korea.
The U.S. Department of State also uses diplomatic engagement and foreign assistance to support states working to strengthen their cybersecurity. The State Department does this work directly with partner governments and through regional and global organizations.
By working with its partners and allies to build cybersecurity capacity around the world, the United States reduces the risk of conflict from the use of cyber weapons and defends an open and secure global internet for all.