U.S. cyber specialists toiled in more than a dozen countries last year as part of a push to fortify networks and expose tools used by hackers, according to the leader of Cyber Command and the National Security Agency.
The so-called hunt-forward missions, conducted by CYBERCOM’s elite Cyber National Mission Force, or CNMF, totaled 22 deployments, with some happening simultaneously across the world, Air Force Gen. Timothy Haugh said in testimony submitted to the Senate Armed Services Committee on April 10.
“Enhancing the security of government, private sector and critical infrastructure systems grows ever more imperative,” said Haugh, who took the helm at CYBERCOM and NSA in February. “Foreign adversaries continuously update how they operate, and frequently work through American-owned networks and devices.”
Hunt-forward missions are executed at the invitation of a foreign government and are not always disclosed. They’re part of CYBERCOM’s persistent engagement strategy — a means of being in constant contact with adversaries and ensuring proactive, not reactive, moves are made.
Haugh’s disclosure offers a rare look at the CNMF workload, which is often nebulous, as some countries prefer to keep quiet the digital cooperation.
The mission force has in the past worked with Ukraine, ahead of Russia’s invasion; Albania, on the heels of Iranian cyberattacks; and Latvia, where malware was unearthed. Other previous deployments included Estonia, Croatia, Lithuania, Montenegro and North Macedonia.
President Joe Biden said in late March that he’ll tap Michael Sulmeyer, the U.S. Army’s principal cyber adviser, to be the Department of Defense’s inaugural cyber policy chief. The role of assistant secretary of defense for cyber policy was established by the fiscal 2023 National Defense Authorization Act.
The Defense Department sought $14.5 billion for cyber activities in fiscal 2025. The figure is about $1 billion more than the Biden administration’s previous ask. It is also up from FY23, when it sought $11.2 billion.
“We work every day against capable and determined cyber actors, many of them serving adversary military and intelligence services,” Haugh said. “Our operational experience reinforces the importance of campaigning globally in and through cyberspace across the conditions of competition, crisis and armed conflict.”
Colin Demarest was a reporter at C4ISRNET, where he covered military networks, cyber and IT. Colin had previously covered the Department of Energy and its National Nuclear Security Administration — namely Cold War cleanup and nuclear weapons development — for a daily newspaper in South Carolina. Colin is also an award-winning photographer.