Marine Corps Leaders announce new forward deployable cyber force

The Marine Corps remains an expeditionary force today. Now, with cyber warfare becoming an emerging threat, Marine Corps leaders say that cyber defense capabilities must also become expeditionary in nature.

“We understand that our [Marine Air Ground Task Forces], specifically our [Marine Expeditionary Force], our war fighting center points, did not have the ability to provide an online presence to defend the networks they take out with them,” said Brig. Gen. Dennis Crall, Director of Command, Control, Communications and Computers, and Chief Information Officer, at the 2017 MILCOM conference produced by AFCEA.

To fill this capability gap, the Marine Corps is in the process of creating defensive cyberspace operations-internal defense measures (DCO-IDM) teams. The DCO-IDM teams are different because they will be forward deployed. Their main task will be to patrol the networks used by the Marine Expeditionary Forces (MEFs) as they move around in the field.

“We fight on one network, but we have those presences segmented in a few places,” explained Brig. Gen. Crall. “The MEFs didn’t have the prowess to baseline themselves to hunt on those networks and provide the level of remediation necessary for us to continue the fight.”

According to Marine Corps leaders speaking at MILCOM, the forward deploying DCO-IDM initiative involves three key elements: developing cyber warriors, enhancing maneuverability, and effectively using software. 

Select Marine cybersecurity and information security technicians are being brought into DCO-IDM training so that they can become “data warriors.”

“If you think of it as a pyramid, we’re flooding the bottom end of that with individual basic training and they’re going to sharpen that training up to the top where what we consider our…offensive cyber operations Marines with those special skill sets and authorities,” said Brig. Gen. Crall.

The DCO-IDM are largely being created so that Marine cyber defense has more maneuverability in the field. In the past, DCO-IDM teams have been formed in response to a specific threat or a specific incident with a specific mandate. However, although these DCP-IDM teams are being built as part of routine operations, they retain the maneuverability benefits of a small threat-response team. The goal is that these teams are able to hunt and protect networks rapidly, while on the move.

Finally, software is essential. According to Gregg Kendrick, Executive Director of MARFORCYBER, the software must be complex enough to not be recognized by adversaries as the cyber warriors conduct their network patrols and it also must offer distributed coordination among the other cyber patrolling services, such as other services’ or governments’ Cyber Protection Teams.

“We have to be very smart [about] where we’re going on patrol and also what software we use when we go on patrol,” said Kendrick. “If you go on patrol every day in the same pattern with the same weapons system, the adversary figures it out really quick.”

The Marine Corps already has three cyber defense teams that are part of Marine Corps Forces Cyberspace Command (MARFORCYBER) and focus on the warrior in cyber space. However, these new DCO-ID teams will operate outside of the traditional MARFORCYBER forward deploying into the future.