Contractors to Handle Marines Corps' Cyber Arsenal

Lt. Gen. Richard P. Mills, commander of the Marine Corps Forces Cyberspace Command

Lt. Gen. Richard P. Mills, commander of the Marine Corps Forces Cyberspace Command Defense Department

Reliance on non-government employees for sensitive operations raises questions about insider threats.

One-third of the 1,000 personnel slated to handle cyber weapons for Marine Corps troops overseas will be contractors, according to the chief of the service's cyber command. Providing outsiders with inside knowledge of the military's cyber operations raises questions about the risk of leaks, now that a Booz Allen Hamilton computer specialist supporting the U.S. intelligence community has admitted to exposing the classified surveillance of Americans.

In coordination with U.S. Cyber Command, the Army, Navy, Marine Corps and Air Force each have their own cyber organization assigned to arm troops with network exploits and network defenses. The Marine command is the most focused on providing prompt support to overseas expeditionary service members, Lt. Gen. Richard P. Mills, commander of the Marine Corps Forces Cyberspace Command, told the American Forces Press Service in a story published today. 

More than 300 of the Marine Corps' cyber forces expected to be on staff by 2016 will come from the private sector, with civilian federal employees and uniformed service members fleshing out the rest of the command, he said.  Currently, there are 300 service members, federal civilians and contractors, total, conducting Marine cyber operations.

"They all operate under the same clearance requirements, the same authorities, the same rules," Mills told AFPS. It is unclear whether Edward Snowden, the Booz Allen Hamilton employee who leaked classified information about National Security Agency operations, was restricted by the same authorizations and rules as U.S. intelligence employees while on the contractor's payroll. 

His alleged leak "represents a grave violation of the code of conduct and core values of our firm," according to a statement by the company posted online. Snowden disclosed, among other classified directives, a top secret court order instructing Verizon to supply the government with call records on millions of Americans, according to The Guardian.

A former NSA official told Nextgov Snowden would have been held to the same rules and restrictions as NSA employees. Yet NSA should not have granted Snowden, and even equivalent government staff, access to the assorted information. “What gave him the authority to do that?” the official questioned. “How was he able to gain access to these top secret documents that were leaked -- and particularly that court order?”

Intelligence agencies should have segregated the data files with system permissions. “They've got to do some internal homework about how to keep that data separate,” the former official said, adding that technical controls are not very difficult to configure. “How the heck did this guy in Hawaii gain access to all that [information]?”

On Monday, Booz spokesman James Fisher said company officials "have no additional information to provide beyond what is in our statement," which also said that Snowden had been an employee for less than three months and assigned to a team in Hawaii.

The reason for the Marines' heavy reliance on contractors: Private sector programmers know the latest techniques to confront constantly evolving threats that active-duty Marines haven't necessarily learned yet, Hill said.  

"You need people who are educated and current in their specialties and who are available to stay on the job for long periods of time, whereas Marines come and go in the normal assignment process," he said. "That's one of the things that make them so expensive. They come at a cost, but you have to bear it to make sure that your cyber capabilities are current and that you stay on the cutting edge."

Within Cyber Command, a mix of civilians, contractors and uniformed service members will operate from consoles located within each geographic military command, Maj. Gen. Jennifer Napper, Cyber Command director of plans and policy, told Nextgov in February. As far as private sector staff numbers, "each service is helping to decide for themselves because each service looks at it a little bit differently on all these teams that they are building out,” she said.