During the midterm elections last year, U.S. Cyber Command had three teams deployed in Europe working with partner nations to hunt and track adversaries attempting to disrupt U.S. democratic processes, Cybercom's commander said.
Army Gen. Paul M. Nakasone spoke at the Association of the U.S. Army's "Hot Topics" forum on Army cyber and networks today. He said the big difference between defensive cyberspace operations today those of more than a few years ago is the ability to deploy teams forward and project power.
"This was done exquisitely in the midterm elections," he said, "with three different elements being able to move forward into Europe," the general said, noting that Cybercom was able to tell partner nations, "We know that adversaries are within your network, and let's identify them."
The small deployed elements were able to fall back on larger capabilities here in the states, he said. "Among the key players: an Army team that was able to get on the net and provide effects in support of the defense of our midterm elections," he added.
Stopping attempts to interfere with democratic processes is one of the ways Cybercom supports national security objectives, Nakasone said. Another is stopping adversaries from stealing intellectual property and even personally identifiable information, known as PII.
Recent ransomware attacks in Louisiana and Texas had governors call out their National Guard cyber teams, he said. Ransomware attacks last month that affected 23 local governments in Texas had that state's governor call out Army and Air Guard cyber personnel to conduct an assessment and help with recovery efforts.
In July, three different school districts in Louisiana came under cyberattacks, and the governor declared an emergency, asking National Guard cyber personnel to help so that thousands of students could get back into their classrooms.
"This is a new venue. This is a new capability," Nakasone said.
The National Guard and Army Reserve are adding 21 cyber teams to the 20 defensive cyber protective teams already in the active component, he said.
The nation invests just under $2 billion annually in its cyber force, and it gets much more in return in terms of its capabilities, its options and its response times, he said.
In the last 10 years, the Army has stood up a cyber branch and a Cyber cchool at Fort Gordon, Georgia, Nakasone noted. Since 2015, more than 330 cyber officers have been trained at Fort Gordon, and the school's capacity is growing. Soon, about 200 officers a year should be trained there, he said.
About 250 soldiers have been trained so far as 17C cyber operations specialists, he said, and that number will also grow dramatically.
The Army will stand up a "persistent cyber training environment" within the next six to 12 months, he said. Cyber teams will be able to train virtually on realistic adversary networks, similar to how brigade combat teams face a realistic enemy at the National Training Center on Fort Irwin, California.
"How do you actually take a look at the network that you're going to have to access, to move through, and get to some type of effect at an end state?" Nakasone said, explaining that's what the persistent training environment will soon provide. It will make a huge difference in collective training for cyber teams and improve their readiness, he said.
Some cyber teams have already deployed with brigade combat teams to the National Training Center and the Joint Readiness Training Center, he said, and those lessons learned are becoming doctrine.
An integrated network of cyber, electronic warfare and information operations is already bringing capabilities to commanders around the globe, he said, adding that capability will continue to grow exponentially.
"Every single day as we take a look at operations in Afghanistan and Iraq and other places within Central Command, [they are] leveraging the capabilities of Army Cyber," he said.