Using IT to Defeat Evolving Threats: The Case of the Marine Corps

Cyberspace has created yet another domain for national competition and military conflict. History has shown that criminals and foreign entities infiltrate cyber to try to steal technology information, disrupt the U.S. economy and government processes, and threaten critical infrastructure, according to a 2018 DOD report.
Malware attacks can be particularly damaging to national security. Notably, in 2008, foreign actors conducted a cyber-attack on the Department of Defense, breaching U.S. military computers and compromising critical data. The event sparked the creation of the United States Cyber Command.

IT threats are real,” said Michael Cirillo, senior IT advisor at MCSC. “You cannot read the news without seeing a headline about how IT failed, was compromised or was used to cause problems.”
The Marine Corps is dedicated to positioning itself to counter such threats while still supporting the warfighter. MCSC does this in several ways. The first is by educating its workforce. The command has inculcated its culture with the awareness, training and knowledge of the risks and threats IT can pose.

To adapt to evolving threats, MCSC has also enhanced its IT acquisition process. Pasagian said the command understands the cyberspace manifests threats through the internet as well as the Marine Corps’ use of IT in certain missions and functions.

In 2015, the Marine Corps analyzed its cyber acquisition model and ultimately derived 26 recommendations for improving Marine Corps IT acquisition, which the commandant approved. MCSC went to great lengths to implement them into their acquisition process.

That course of action involved developing and implementing an emergency and urgent cyber acquisition process. An emergency cyber acquisition process delivers capability needs in less than 30 days. The urgent process delivers in less than 180 days.

It did not take long for MCSC to leverage this new process.

In 2015, the fleet urgently needed a piece of IT equipment. MCSC implemented the emergency cyber acquisition process, assembling experts in contracting, finance, engineering, logistics and more. The command ultimately procured the software in less than seven days and the hardware in less than 21 days.

It was the DoD’s first rapid cyber procurement, said Cirillo. MCSC shared their IT acquisition process with the other services, the Joint Chiefs of Staff and National Security Agency. MCSC also assisted the USCC in standing up their congressionally mandated Cyber Acquisition Authority.

“Fielding this capability enabled [Marine Forces Cyber Command] to achieve initial operational capability,” said Cirillo. “Although not applicable for all IT procurements, when something is needed rapidly, MCSC can deliver it.”

Not only can MCSC deliver IT systems rapidly, these teams of skilled professionals ensure the capabilities are effective through a painstaking develop-and-assess process. This will be particularly important in the coming years, as adversaries attempt to advance their own technologies.

Capt. Frank A. Wleklinski, a cyberspace warfare officer and team lead at Marine Corps Forces Cyberspace Command, said controlling the cyber domain is a priority for the Marine Corps. The service strives to achieve offensive or defensive effects on the most important terrain to give commanders and leaders options to seize and maintain the initiative.

“Competition and conflict will increasingly play out simultaneously in the both the virtual and physical domains,” said Wleklinski. “As we begin networking more and more assets, the overlap between the physical and virtual will be heavily contested.”

One of those virtual assets is the cloud—an invisible network that provides remote data storage and processing services without the need for direct, active management by the user. Efforts are underway by MCSC to deliver cloud capabilities, as the Marine Corps continues to work with the Navy to acquire cloud services collaboratively.

Bailey said migrating to the cloud allows the Marine Corps to consolidate applications, security and infrastructure in a smart, secure and scalable way. Cloud computing offers both cost, security and operational benefits.

“The Marine Corps is intelligently moving to the cloud,” said Bailey. “The goal is to leverage enterprise infrastructure, security, services and platforms when feasible, and to continue to deliver critical warfighting capabilities when operating in a communication-disadvantaged environment.”

Cloud computing will be particularly important in meeting Force Design goals.

Commandant of the Marine Corps Gen. David Berger has espoused the need for the Corps to become a more naval force. He believes becoming a more amphibious, expeditionary force can support both the Marine Corps and Navy.

The concept of expeditionary advanced base operations will require a more mobile force that may operate in denied, degraded, intermittent or low bandwidth environments. The cloud enables Marines to access network through the Marine Corps Enterprise Network in such austere environments.

“We want to understand how our Marines operate at echelon and providing them the services, applications, security and infrastructure they need to be successful while considering the employment,” said Bailey.
Working with the Navy
Bailey said the Marine Corps continues to establish and leverage existing development and delivery pipelines that can increase the frequency of software capability delivery and enhancement. He believes this will also make the Marine Corps more nimble and responsive to cyber threats.

MCSC has found ways to create similar tactical network engineering environments to those employed by the Navy. The Marine Corps has replicated its command and control architecture with partners at Naval Information Warfare Centers who are performing similar missions for shipboard environments.

“We are actively becoming a more naval force, and part of that is partnering with the Navy and developing the naval network,” said Bailey. “We are looking for opportunities to share resources and follow the same technical paths where it makes sense, with an eye towards interoperability.”

The Marine Corps is not only using this environment with the Navy but also with the Army and Joint Force. MCSC is contributing to the Army’s “Project Convergence” efforts, which is their contribution to the military-wide Joint All Domain Command and Control. JAD2C is a concept where data will link together land, air, sea, cyber and space capabilities.

The network serves as an effective risk identification and mitigation tool, said Bailey.

“This is going to save us money, accelerate capability delivery and make us smart quickly by modeling these architectures with both hardware and virtualized capabilities in the loop,” he said.

Continuing to develop IT capabilities can assist in building partnerships with private-sector entities vital to helping support military operations. The Marine Corps can also share information with other federal agencies, foreign partners and allies who have advanced cyber capabilities, increase communication and effectiveness.

“We are using the tools and processes and leveraging relationships and partnerships in effective ways,” said Pasagian. “We embrace change in the areas that will ultimately make us better.”

This article is published courtesy of DVIDSHub