Ravi Nayyar on Nostr: '[Interviewer:] And so the number that's been thrown around is 39 cyber teams, 2000 ...
'[Interviewer:] And so the number that's been thrown around is 39 cyber teams, 2000 military and civilian personnel. Are those numbers more or less accurate?
'[Maj. Gen. Hartman:] So those numbers are accurate. What we have done is organize our teams into jointly manned task forces. So we have six task forces that focus really against the major nation-state adversaries: Iran, China, Russia, North Korea. We have a task force that really looks at emerging threats, mostly ransomware threats to national security. And then we have a task force that really focuses on cyber access, weapons and tactics.
'You know, the first thing that you really have to do is gain a real good understanding of the network, get a baseline, right? And then you're going to identify anomalous activity — and the anomalous activity may be bad, it may be some misconfiguration, it may be bad user hygiene. [Reminded of the criticality of knowing your assets, networks and people.]
'And so ultimately we want to execute an intelligence-driven mission. Because we have intel that tells us that an adversary that threatens us is also threatening one of these partners.
'But we also sit with the Cybersecurity Collaboration Center, which is the NSA element that really works with hundreds of industry partners, in order to exchange information. We have an organization called Under Advisement that sits out there.
'We bring unclassified equipment. When we execute a defensive hunt operation we install that equipment on a partner's network based on an agreement with that partner. And when we identify either malware or some type of misconfiguration on a network, we instruct the partner and the partner will take the remediation actions on their own network.
'In this case, the team deployed early December 2021. The Russians [were] amassing 130,000 soldiers on the border with Ukraine. When the team arrived there, there was an immediate assessment by the team lead that the original plan probably was going to be insufficient. And so instead of executing the normal plan, the team lead immediately got on the phone and asked to deploy the rest of the team. And we immediately went into a hunt operation... And then to further complicate it, the team remained there until the end of February.
'I think the difference now is that we've done these enough times that we have a formula. One of the great things is I get a mission brief and approve all these things before I go out. You know, I'll get a chart that'll show me the unit members that are going on the mission. I always ask, Hey, how many people have been on one of these missions before? And generally it's about 50/50... Before, if we did a 60-day hunt forward operation, we might get really smart at about day 50. Now, generally within the first couple weeks of an operation, I think we're having meaningful conversations and meaningful mission outcomes for the teams.
'So I've been in command for almost four years, and it's safe to assume there are always teams deployed in the European theater of command'.
https://therecord.media/maj-gen-william-hartman-interview-ukraine-russia-click-here
'[Maj. Gen. Hartman:] So those numbers are accurate. What we have done is organize our teams into jointly manned task forces. So we have six task forces that focus really against the major nation-state adversaries: Iran, China, Russia, North Korea. We have a task force that really looks at emerging threats, mostly ransomware threats to national security. And then we have a task force that really focuses on cyber access, weapons and tactics.
'You know, the first thing that you really have to do is gain a real good understanding of the network, get a baseline, right? And then you're going to identify anomalous activity — and the anomalous activity may be bad, it may be some misconfiguration, it may be bad user hygiene. [Reminded of the criticality of knowing your assets, networks and people.]
'And so ultimately we want to execute an intelligence-driven mission. Because we have intel that tells us that an adversary that threatens us is also threatening one of these partners.
'But we also sit with the Cybersecurity Collaboration Center, which is the NSA element that really works with hundreds of industry partners, in order to exchange information. We have an organization called Under Advisement that sits out there.
'We bring unclassified equipment. When we execute a defensive hunt operation we install that equipment on a partner's network based on an agreement with that partner. And when we identify either malware or some type of misconfiguration on a network, we instruct the partner and the partner will take the remediation actions on their own network.
'In this case, the team deployed early December 2021. The Russians [were] amassing 130,000 soldiers on the border with Ukraine. When the team arrived there, there was an immediate assessment by the team lead that the original plan probably was going to be insufficient. And so instead of executing the normal plan, the team lead immediately got on the phone and asked to deploy the rest of the team. And we immediately went into a hunt operation... And then to further complicate it, the team remained there until the end of February.
'I think the difference now is that we've done these enough times that we have a formula. One of the great things is I get a mission brief and approve all these things before I go out. You know, I'll get a chart that'll show me the unit members that are going on the mission. I always ask, Hey, how many people have been on one of these missions before? And generally it's about 50/50... Before, if we did a 60-day hunt forward operation, we might get really smart at about day 50. Now, generally within the first couple weeks of an operation, I think we're having meaningful conversations and meaningful mission outcomes for the teams.
'So I've been in command for almost four years, and it's safe to assume there are always teams deployed in the European theater of command'.
https://therecord.media/maj-gen-william-hartman-interview-ukraine-russia-click-here