Officials from the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Cyber Command’s (USCYBERCOM) Cyber National Mission Force (CNMF) revealed this week that collaboration between their agencies was able to prevent two potentially dangerous cyberattacks, including the disruption of an Iranian effort to target election infrastructure.
At the RSA Conference on April 24, officials from both agencies detailed two previously unknown cyber incidents where their information sharing has yielded positive results.
“We are able to effectively enable each other’s operations – CISA to defend domestic networks, Cyber Command CNMF to take action against our adversaries overseas – in a way that really does bring to bear the best of our authorities, our resources, and our abilities,” said Eric Goldstein, CISA’s executive assistant director.
One example the officials shared was the disruption of Iranian targeting of an election reporting website during the 2020 election. Gen. William Hartman, commander of CNMF, explained how CNMF identified a compromise of an election reporting website that an Iranian actor –referred to by industry as Pioneer Kitten – gained access to.
Hartman said that CNMF immediately tipped off CISA to the compromise and then took action to mitigate the adversary’s access so that it could not impact the reported election results.
“There was no impact to election infrastructure, no impact to voting systems, no impact to the free and fair conduct of the election,” Goldstein said. “This is a case where we had an adversary with the potential intent to take action relating to an election, and we were able to effectively get in front of that activity.”
“There is no more important mission than ensuring that there are safe and secure elections,” Hartman said. “Safe and secure from foreign influence, safe and secure from foreign interference.”
In another vignette the officials shared, Goldstein said CISA identified three Federal agencies facing an “intrusion campaign from foreign-based cybercriminals.”
CISA was able to reach out immediately to the affected agencies – which Goldstein did not name – to notify them of the activity and provide guidance on mitigations.
“At the same time, and simultaneously with all that work to protect those Federal agencies, we gathered all this information about the adversary infrastructure, what they were doing, where it was coming from, and we shared that really quickly with our partners at CNMF,” Goldstein said.
“The ability for DHS CISA to rapidly provide us information has become a large driver for CNMF operations around the globe,” added Hartman.
“I just want to highlight that this isn’t something that we would be talking about if this was a couple of years ago,” Hartman continued. “The maturation in this relationship, and the fact that it happens real-time every day, has really become a significant driver for our mission.”