Marines take prominent role in DOD cyber operations

QUANTICO, VA.

Marine Corps' cyber operatives have been at the forefront of two of the U.S. military's most prominent offensive and defensive cyber missions in the last year, reflecting the kind of maturity of capabilities the Pentagon is counting on to wield power in cyberspace.

Pentagon leaders called on a Marine Corps cyber protection team, among other network defenders, to evict hackers that had breached the Joint Chiefs of Staff's unclassified email network last summer, according to Brig. Gen. Lori Reynolds, head of Marine Corps Forces Cyberspace Command.

"That was probably the first real attack that we had…a finished CPT really get after," Reynolds said in an April 19 speech to AFCEA's Quantico-Potomac chapter.

Media reports have blamed that intrusion, which downed the Joint Chiefs' email network for about two weeks, on Russian spear phishers. Such cleanup operations can be laborious and time intensive. A 2013 operation to rid Iranian hackers from the unclassified portion of the Navy Marine Corps Intranet took three to four months.

Reynolds also shed light on recent offensive operations against the Islamic State terrorist group.

"There is a tremendous amount of signals intelligence that goes into developing a cyber target…and so the dependency on the National Security Agency right now is enormous," she said. Reynolds declined to talk further about the counter-ISIS cyber operation after her speech.

Defense Secretary Ash Carter in late January ordered U.S. Cyber Command, of which Reynolds' Marines are a component, to step up its hacking of ISIS operatives. Carter and other officials have been vocal about their intent to disrupt the group's communications, with Deputy Defense Secretary Robert Work saying recently that the U.S. military was dropping "cyber bombs" on ISIS.

'Operating on trust'

The annual Marine Corps IT Day at which Reynolds spoke is an opportunity to rally the Corps' IT professionals, as well as contractors, behind recent progress in network security. Marine Corps CIO Brig. Gen. Dennis Crall boasted that the Corps is leading the way on a Defense Department-wide directive to move IT systems to the Windows 10 operating system.

However, with the accomplishment-tallying came blunt talk about the shortcoming of the Corps' IT enterprise. Crall said the Corps could do more to deliver a standard toolkit for software development, something that he said vendors have requested. The lack of a standard makes it difficult to manage software upgrades, he added.

For her part, Reynolds worried about network visibility.

"Our current architecture makes seeing and understanding the battle space a significant challenge," she said. "In many cases I am operating on trust," when asking a domain owner to run a script to test compliance, for example.

The Marine Corps Enterprise Network has about 60 domains, Reynolds said, quipping: "that's like 59 too many."

Like the other service branches, the Marine Corps is adopting the Joint Regional Security Stacks, a set of servers, switches and software that is tantamount to a big firewall.  The Corps has been trying to time the switch from its own firewall to JRSS without sacrificing security. 

While praising the JRSS initiative, Crall also warned that it "could degrade our mission if we're involved too early." In other words, JRSS has to least provide the same level of security as the Corps' own firewall – "and then some," Crall said, adding, "depending on what version of JRSS we're talking about, that is kind of still an open-ended question."