News   Partnerships

Estonia, U.S. Conduct Joint Defensive Cyber Operation

Dec. 3, 2020 | BY U.S. Cyber Command

U.S. Cyber Command conducted a joint defensive cyber operation with the Estonian Defense Forces' cyber command on EDF networks, Sept. 23-Nov. 6. The operation was designed to counter malicious cyber actors and strengthened the cyber defense capability of both nations' critical assets.

Three soldiers in combat uniforms talk outside a tent.
Soldier Talk
A U.S. soldier talks with Estonian soldiers during the Rail Gunner Rush live-fire exercise in Tapa, Estonia, Sept. 5, 2020. The U.S. Army signed an agreement with the Estonian Defense Ministry that will enable the countries to conduct collaborative science and technology in cyber defense.
Photo By: Army Maj. Joe Bush
VIRIN: 200905-A-BG594-983M

"Combined operations with our closest allies like [the] U.S. are vital for ensuring [the] security of our services," Mihkel Tikk, the deputy commander of EDF's cyber command, said.

"These kind[s] of operations provide our operators an opportunity to exchange best practices as well as give us objective feedback on our current defense posture in [the] cyber domain. This operation is another successful milestone in our cooperation with U.S. partners," he said.

U.S. cyber specialists, referred to as "Hunt Forward" teams, and Estonian cyber personnel from Defense Forces Cyber Command, hunted for malicious cyber actors on critical networks and platforms. The U.S. has partnered with various countries throughout Europe, but this defensive cyber operation marked the first of its kind between the U.S. and Estonia.

"Despite the challenges of a global pandemic, we safely deployed to Estonia and other European countries for several weeks to gain unique insight into our adversaries’ activities that may impact the U.S.," Army Brig. Gen. Joe Hartman, the commander of the Cyber National Mission Force, said.

"Our teams proactively hunt, identify and mitigate adversary malware and indicators," he said. "We then share that malware broadly, not just with the U.S. government but with private cybersecurity industry and allies, which directly increases the overall security of U.S. critical infrastructure and related networks."

For the U.S., the Hunt Forward teams play a crucial role in Cybercom’s "persistent engagement," an effort aimed at countering malicious cyber activity below the level of warfare. Cybercom personnel are specially trained to secure and defend government networks and platforms against adversaries. The U.S. military’s "defend forward" strategy leverages key partnerships to address malicious cyber activity that could be used against U.S. critical infrastructure.

Two soldiers in combat uniforms sit behind laptops at a table.
Tactical Ops
A U.S. soldier and an Estonian soldier work in the tactical operation center during a live-fire exercise as part of Rail Gunner Rush in Tapa, Estonia, Sept. 5, 2020. The U.S. Army C5ISR (Command, Control, Computers, Communications, Cyber, Intelligence, Surveillance and Reconnaissance) Center and the Estonian Ministry of Defense have established a cyber domain working group to identify opportunities for interoperability experimentation and demonstrations.
Photo By: Army Spc. Ryan Barnes
VIRIN: 200905-A-BJ454-906M

"Estonia is a digital society, and we depend on cyber everywhere, as well as in defense," Margus Matt, Estonia's undersecretary of defense for cyber defense, said. "For us, it's really important to be one of the first allies with whom the U.S. has initiated this kind of joint operation, which enabled us to obtain an independent assessment on our networks. As a leader in cyber, it also provided Estonia an opportunity to share best practices to better protect our networks."

Both nations benefit from such partnerships as they provide opportunities to improve cyber defense by assessing potential threats while contributing to global cybersecurity. Disclosing malware enables greater protections for users both in public and private sectors around the world.

"Cyber is a team sport — when it comes to halting threats from cyberspace, no one can go it alone," Thomas Wingfield, deputy assistant defense secretary for cyber policy, said. "Our strategy hinges on collaborating with our allies and partners with the private sector and academia and with state and local governments to ensure cyberspace remains a safe, secure and open engine of innovation and prosperity."

U.S. Cyber Command, in cooperation with U.S. European Command and NATO allies, continuously works to deter malicious cyber activity in the region.

The two countries have ongoing cooperation at various levels within Cybercom, U.S. European Command, the Maryland National Guard and the Sixteenth Air Force — U.S. Air Forces Cyber.

The logos of the Estonian Defense Forces' Cyber Command, U.S. European Command and U.S. Cyber Command.
Cyber Ops
The Estonian Defense Forces' Cyber Command, U.S. European Command and U.S. Cyber Command conducted a joint defensive cyber operation on EDF networks, Sept. 23-Nov. 6, 2020.
Photo By: Air Force Graphic
VIRIN: 201203-F-LA132-0000M

"U.S European Command’s robust Cyber Security Cooperation program is focused on building allied and partner cyberspace operational capabilities, which strengthens trust and cultivates strong ties with our cyber partners throughout Europe," Army Brig. Gen. Maria Biank, director of Eucom’s command, control communications, and computers, or C4, and cyberspace directorate, said.

"Through bilateral and regional security cooperation efforts and information sharing initiatives, we are able to further enhance our collective cybersecurity posture as well as enable Hunt Forward operations in our area of responsibility," she said.

Estonian Cyber Command provides command support to the governance area of the Estonian Defense Ministry. The command was established in 2018 as part of the effort to strengthen Estonian cyber defense posture and contribute to ensuring the security of Estonia in general.