FORT GEORGE G. MEADE, Md. -- In an increasingly contested and evolving cyber domain, the bridge between government and private industry has become crucial in defending against malicious cyber-attacks; for U.S. Cyber Command, this bridge is ‘Under Advisement.’
Under Advisement, or UNAD, is an unclassified program that allows partners across all sectors of industry to collaborate and share technical information on foreign threats, which has been pivotal in countering foreign cyber threats to the Nation.
This two-way information-sharing supports the Dept. of Defense’s mission outside of the United States, enabling a broader threat picture and bolstered network defenses for both the U.S. government and industry partners.
“Under Advisement, and the relationships we have built with our industry partners, is game-changing,” said U.S. Army Maj. Gen. William J. Hartman, commander of Cyber National Mission Force, the organization that launched UNAD. “We are able to enrich industry data with our expertise and unique insights, and share that back with trusted private sector partners—who then can better defend their networks at home, while we pursue malicious cyber actors abroad.”
For example, CNMF has unique authorities to conduct defensive cyber operations abroad in partner nations’ networks at their invitation. If novel malware or indicators of compromise are found on those hunt operations, UNAD can rapidly share with private industry and interagency partners, enabling them to harden cyber defenses before those threats can reach U.S. networks.
UNAD is one part of the U.S. government’s engagement with industry, and closely partners with fellow government-industry partner programs such as NSA’s Cybersecurity Collaboration Center and Department of Homeland Security’s Joint Cyber Defense Collaborative.
“We’re defending against the same adversary as industry,” said Holly Baroody, executive director of U.S. Cyber Command and former deputy to the Cyber National Mission Force commander. “By working together and sharing indicators of compromise, we can get a clearer view of what the adversary is doing in cyber and disrupt their attacks.”
UNAD is comprised of highly skilled technical experts, both military and federal civilians, who are in daily contact with industry via secure chat applications and invite-only industry forum. In every interaction, UNAD communicates in full, transparent attribution as members of Cyber Command’s Cyber National Mission Force.
“Partnerships in cyberspace gives us an advantage that our adversaries don’t have,” said U.S. Army Lt. Col. Jason Seales, chief of Under Advisement. “A threat to one of our networks is a threat to all, and it takes public stakeholders and private industry to build foundational cyber defenses in and through partnering.”
Developed by U.S. Marine Maj. (ret) Jason Kikta, Under Advisement was born out of an urgent need to share, and receive, unclassified cyber threat indicators with private sector partners during the 2018 U.S. midterm elections. Kikta and his small team of cyber experts quickly realized how critical it was to have unified responses to major cyber events. UNAD officially stood up in 2020, ahead of the Presidential elections, and enabled defense against foreign interference.
“We’ve seen how critical UNAD has been in major cyber events such as SolarWinds, Hafnium, and Colonial Pipeline,” said Seales. “UNAD can be described as ‘CYBERCOM’s canaries in the coal mine’…we’re an early warning to malicious cyber activity. We warn our partners in a way that allows them to act and it’s done daily on a foundation of collaboration, trust, and partnership.”
After three years of continuous, real-time information sharing and collaborative response to national-level events such as Solar Winds and Colonial Pipeline, the program hopes to build upon lessons-learned and successes while doubling the number of private-sector partnerships in 2023.
The Cyber National Mission Force is the U.S. military’s joint cyber force charged with defending the Nation in cyberspace through offensive, defensive, and information operations. CNMF’s mission is to plan, direct, and synchronize full-spectrum cyberspace operations to deter, disrupt, and defeat adversary cyber and malign actors. The organization supports national missions and U.S. Cyber Command priorities such as election security, ransomware, cyber espionage, and other crisis and contingencies.
For more information, or questions about participating in the program, reach out to U.S. Cyber Command’s Under Advisement team here.