An official website of the United States government
Here's how you know
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

NEWS | Dec. 29, 2021

2021: A Year in Review

By U.S. Cyber Command Public Affairs U.S. Cyber Command

Here are some of U.S. Cyber Command’s (CYBERCOM) most impactful moments of 2021:

Over the last year, the cyber security community has encountered new challenges and worked to adapt and respond in innovative ways. Ransomware is no longer considered just criminal activity, but a threat to national defense and infrastructure; deterrence is conducted across multiple domains simultaneously; and the value of cyber defense partnerships across nations is reasserted again and again.


This year started with the dissemination of vaccines to essential workers as well as vulnerable populations. Pictured here is U.S. Army Maj. Gen. William J. Hartman, commander of the Cyber National Mission Force, receiving his first dose of the COVID-19 vaccine Jan. 11, 2021. Despite a global pandemic, CYBERCOM still conducted cyber operations vital to the Nation’s defense. Read more about the Command’s early vaccination approach here.



This year also saw a rise in cyber challenges that CYBERCOM rose to meet and overcome through various means, including full-spectrum cyber operations.

CYBERCOM Commander U.S. Army Gen. Paul M. Nakasone recently highlighted the work both CYBERCOM and the National Security Agency (NSA) have performed against foreign ransomware actors, including conducting successful offensive cyber operations that disrupted their malicious activity. CYBERCOM focuses on the away game, executing operations in foreign spaces against foreign actors.

For example, when Russian intelligence actors compromised a supply chain of cybersecurity vendors to conduct espionage, CYBERCOM deployed an elite defensive cyber unit, called a hunt forward team, to hunt for additional Russian activity. They found and disclosed new malware that was being used to enable malicious cyber activity. That malware was shared with our partners to stop the actors and mitigate the ongoing compromise. These operations were conducted by the Cyber National Mission Force, the Command’s national offensive and defensive cyber unit. Read more about this mission and the benefit of hunt forward operations here.




As General Nakasone said this year, partnerships are the lifeblood that makes us so different than our adversaries.  The Command has benefited from a historic partnership with the Five Eyes, but there are other partnerships with likeminded nations that we will continue to work.

Cyber is a team sport, and training and working along with our partners ensures we know how each of our cyber operations teams would respond in any situation. We accomplish this through CYBERCOM’s bilateral exercise programs.

Cyber Fort III – With our partners from France’s Cyber Defense Forces, cyber defenders from the two countries exercised with more than 70 participants, 400 simulated users, 450 simulated networks and subnets, and 1,000 different simulated systems.

Cyber Dome VI – Brought our partners from the Israel Defense Forces’ Joint Cyber Defense Directorate (JCDD) for a hands-on-keyboard defensive cloud-based training exercise. The exercise brought together joint defensive cyber operators from the two countries and involved more than 75 participants.

Both bilateral exercises simulate the relevant tactics, techniques, and procedures of advanced persistent threats that we confront both today and in the future.

Read more about Cyber Fort III here.



Integrated Deterrence is a key aspect of our Nation’s success in the era of strategic competition. Strategic competition is alive and well in cyberspace, and the Command does its part every single day via persistent engagement efforts. How does CYBERCOM stay persistently engaged in multi-domain and multi-capable operations? One example is by sending a U.S. Air Force Cyber Protection Team to defend vital networks on a B-1 Lancer during a U.S. Strategic Command and U.S. European Command strategic deterrence mission. Cyber defense is one part of integrated strategic deterrence, achieved by denying any malicious cyber actor access to critical platforms like the B-1 Lancer.  Read more here.



Pictured here are two Estonian defensive cyber operators, wearing the insignia of the Estonian Defence Forces’ Cyber and Information Operations Centre, testing their skills and ability to detect enemy presence, expel it, and identify solutions to harden simulated networks during CYBERCOM’s CYBER FLAG 21-1 exercise. More than 200 cyber operators from 23 countries participated in the Department of Defense’s largest multinational cyber exercise, designed to help us bolster our collective defense against cyber-attacks targeting critical infrastructure and key resources. Defensive cyber teams from Canada, Denmark, Estonia, France, Germany, Lithuania, Norway, the Netherlands, Poland, Sweden, the United Kingdom and others participated in CYBER FLAG 21-1 using CYBERCOM’s real-time virtual training environment. Read more about this exercise here.



We wrapped up the year with our Commander, Gen. Nakasone, who provided ABC News and the public with an exclusive look into our Joint Integrated Cyber Center and insight into how we defend the nation in cyberspace. It was a great opportunity to showcase how CYBERCOM and NSA work with our interagency, industry and international partners. You can view ABC’s special report here.