US, Canada sent cyber experts to Latvia to bolster digital defenses

U.S. Cyber Command recently finished a second mission to Latvia meant to strengthen the Baltic nation’s networks against digital attacks and uncover malicious activity that could be used against the U.S. and its allies.

The command’s elite Cyber National Mission Force (CNMF) sent a team of about 12 people to the former Soviet state and current NATO member on a three-month “hunt forward” mission from February through April, the organization announced on Wednesday.

There, specialists teamed up with CERT.LV — Latvia’s main cybersecurity response center — on a defensive digital operation focused on the country’s critical infrastructure.

U.S. personnel also worked alongside Canadian Armed Forces, who were in the country on a mission of their own. It marked the first time the two allies simultaneously scoured another nation’s networks to obtain unfamiliar malware samples and glean adversary tools and techniques.

“With our trusted allies, the U.S. and Canada, we are able to deter cyber threat actors and strengthen our mutual resilience,” Baiba Kaškina, General Manager of CERT.LV, said in a statement. “This can only happen through real-life defensive cyber operations and collaboration. The defensive cyber operations conducted allowed us to ensure our state infrastructure is a harder target for malicious cyber actors.”

Since the start of last year, Cyber Command has acknowledged it sent teams to several Eastern European countries — including Ukraine, Lithuania and Croatia — to help shore up network defenses amid concerns about potential Russian cyberattacks or other devastating digital effects spilling out of Moscow’s invasion of Ukraine.

The first hunt forward mission to Latvia was in 2020, according to a CNMF spokesperson.

Over the last five years, Cyber Command has deployed personnel 47 times to 22 countries and conducted operations on more than 70 networks around the globe. The missions are commonly disclosed after completion, usually at the request of the country that invited the U.S. to examine its systems.

Popular assistance

The command’s top officials believe the demand for U.S. digital expertise will only increase as the conflict between Ukraine and Russia drags on and countries look to bolster their cyber defenses.

“I bet you there's a bigger call for that in terms of hunt forward operations,” Cyber Command and National Security Agency chief Paul Nakasone told reporters last week.

His remarks echoed ones made last month by Army Maj. Gen. William Hartman, the CNMF’s commander.

“The demand for that only increases and they are not all the same,” he said of the missions while speaking on the sidelines of the RSA Conference in San Francisco.

The U.S. and Canadian teams worked on different networks, according to CNMF. The two sides shared information and threat indicators with each other and Latvian officials. Canada has helmed NATO’s enhanced Forward Presence (eFP) Battle Group in Latvia since 2017.

“Latvia has demonstrated incredible resilience for the past year, having been among the most targeted EU states by Russian hacktivists and Russian state-supporting hacking groups,” according to Kaškina. “We remain focused on making sure critical infrastructure and e-services are secure and are available for [the] general public and the government.”

In a statement, Hartman noted that adversaries “often use spaces outside the U.S. as a testbed for cyber tactics, which they may use later to access U.S. networks.”

“But with our hunt forward missions, we can deploy a team of talented people to work with our partners, find that activity before it harms the U.S., and better posture the partner to harden critical systems against bad actors who threaten us all,” he added.