The Marine Corps’ senior leadership in July blessed a number or recommendations to improve how the service meets its operational needs for cyber security and the larger mission of information warfare, including making changes to how it acquires capabilities more rapidly to meet challenges in the cyber domain, according to a Marine Corps official.
In April, when the Marine Corps stood up its Task Force Cyber at the direction of Commandant Gen. Joseph Dunford, senior leaders “recognized that there were some things institutionally that we need to do to get after being more prepared to meet cyberspace operational needs,” Col. Gregory Breazile, director of the Marine Corps C2/Cyber and Electronic Warfare Division, told sister publication Defense Daily in an Aug. 20 telephone interview. The task force, which is led by Breazile, spent four months reviewing, problem framing and war gaming a “laundry list of tasks” with four main ones: how the service commands and controls its networks on the Marine Corps enterprise network, cyber manpower needs, rapid acquisition of cyber capabilities, and organizing better at the headquarters level to support future information warfare, he said.
In July, Dunford hosted another executive meeting of the service’s leadership to hear the findings and recommendations of Task Force Cyber, which led to various decisions on the “way forward” in cyberspace to get the Marine Corps “moving in the right direction,” Breazile said.
The cyber workforce is one of the most challenging areas for the Marine Corps to find its way forward, although the same can be said for the rest of the Defense Department and federal government.
Breazile said that service has struggled, and continues to do so, to find some of the highly skilled people it needs for certain cyber security roles. All the military services are having this difficulty due to competition from the commercial sector where these people can make a lot more money, he said.
The Marine Corps is trying to tackle this challenge through better pre-screening and coursework but also marketing the fact that the personnel it hires for these jobs “are going to do things they can’t do in the civilian world,” Breazile said. Still, he said, “we’re not doing very well up to this point.”
In the area of acquisitions, Task Force Cyber made 26 recommendations to improve the process to speed up acquisitions and better educate the acquisition workforce, including the ability to develop approved products lists and…to reach out and use other contracting vehicles outside of the service” if it’s an emergency, Breazile said. “We’re putting together a cyber acquisition playbook for our acquisition force so they know, ‘hey, this is an urgent need for cyber and it’s not just an urgent need, it’s an emergency and we’ve got to go do this now.’ What are all the steps we can go about for getting that capability the fastest? And so we’re in the development of those products right now.”
“Even on the fast end of the traditional acquisition process, it takes over a year [to obtain] IT capabilities,” Breazile said. “In this space if we find vulnerabilities that are unacceptable we need to get them patched and taken care of as soon as possible, we can’t wait a year.”
To strengthen the organizational structure at the headquarters level following the recommendations of the task force, the service is dual-hatting the commander of Marine Corps Forces Cyberspace to include the title of assistant deputy commandant for Information Warfare under the deputy commandant for Combat Development and Integration, Breazile said. The task force had decided that there should be a three-star deputy commandant for Information Warfare, but fell back on the dual-hatting arrangement at the two-star level knowing that the new position isn’t “going to happen anytime soon,” he said.
The new arrangement is still being organized in terms of roles and responsibilities and how to “interface” with the existing capability-based assessment process, Breazile said. The goal is that when the service begins long-term budget planning next year through the FY ’19 Program Objective Memorandum (POM), the new alignment “can have more influence in our POM process for the future of the Marine Corps,” he said.
As Task Force Cyber began working its assignments, it found that the Cyberspace Command didn’t “own all of the authorities across our enterprise” and that the service overall was “fractured” in how it managed these authorities, Breazile said. “We didn’t have a clean directed authority for cyberspace operations that they could direct other peer commands to take or the bases to take.”
Those high-level permissions are now consolidated within Marine Corps Forces Cyberspace.
“We’ve put them in control of the entire enterprise so they truly have to operate and defend the network mission,” Breazile said.
In addition to its recent efforts around operations and acquisitions, the Marine Corps in March stood up its own cyber range that it is using to rapidly assess its IT assets and weapon systems.
The cyber range has already been used to test some of the service’s major command and control systems, including an assessment of its aviation C2 system in two days versus eight or nine months previously, Breazile said.