Latvia, Canada, Belgium, and ENISA Join Forces in a Cyber Threat Hunting Operation
CERT.LV, the Information Technology Security Incident Response Institution of Latvia, has conducted a threat hunting operation to identify adversarial presence on Latvian critical infrastructure.
Since early 2022, CERT.LV has increased the amount of threat hunting operations conducted to successfully deter adversarial activities across Latvian networks. However with an increased number of networks needed to be defended, the decision was made to conduct a focused large-scale threat hunting operation.
To conduct this operation, the CERT.LV reached out to international partners to form a joint cyber team with the Canadian Military Cyber Forces, the Communications Security Establishment’s Canadian Centre for Cyber Security (Cyber Centre), the Belgian Military Cyber Command, and the European Union Agency for Cybersecurity (ENISA).
The joint team carried out threat hunting operations on multiple critical information systems of the Republic of Latvia. This joint operation was a unique opportunity to verify cyber threat intelligence sharing and incident response procedures between multiple NATO allies in cyberspace, as well as to further develop operational capabilities and enhance interoperability. The mutual collaboration enabled testing and establishment of the best practices for conducting effective joint threat hunting operations. This unique operation gave a better understanding of the adversary and significantly contributed to raising the cyber abilities of the allied teams, and their nations to further defend systems based on the collected threat intelligence.
CERT.LV deputy manager Mr. Varis Teivans stresses the importance of ensuring network inventory and visibility, operating system and used software timely updates, system security event collection and monitoring, and incident response. Furthermore, CERT.LV lead cybersecurity expert Dr. Bernhards Blumbergs reminds on the significance of maintaining the supply chain integrity when it comes to the external vendor dependencies, controlling their access and assigning the minimal required permissions.
Latvia highly values the close partnership with our allies, which helps it to enhance its own capabilities. The level of flexibility and commitment that ENISA, the Cyber Centre, the Belgian Military Cyber Command, and the Canadian Military Cyber Forces were able to deliver was instrumental to the success of these operations.