MARINE CORPS BASE QUANTICO, Va. – The Marine Corps Cyber Task Force stood up last week to create courses of action to address manpower, organizational, acquisition and other problems for cyberspace operations, the director of the Marines’ cyber and electronic warfare integration division told USNI News.
Marine Corps Commandant Gen. Joseph Dunford had addressed offensive and defensive cyber operations when he released his commandant’s planning guidance in January, which sparked an operational planning team to look at framing the Marines’ cyber problem, Col. Gregory Breazile said in an interview at Marine Corps Base Quantico. Dunford followed up with additional guidance asking for a cyber task force during an executive offsite two weeks ago, and the resulting task force will take the problem-framing and create courses of action to improve Marine Corps cyber operations.
“We’ve got organizational issues, we’ve got command and control issues, we’ve got acquisition issues, we’ve got manpower and training issues. Across the entire capability of cyberspace operations we’ve got issues,” Breazile said.
“So the commandant wanted us to get after nailing down these issues – what are some things we can do now immediately to change our organization to kind of fix us and align us properly so that we as an institution can move forward smartly with building capacity and capabilities within cyberspace? So because we’re still new in the game – even [U.S. Cyber Command] is still fairly new as a command – there’s not a lot of good top-level doctrine and guidance.”
Breazile said he met last week with the Navy’s Task Force Cyber Awakening to understand what they’ve accomplished so far and determine if the Marine Corps can leverage any of the work. The task force will need to work quickly – it will send its ideas to Marine Corps Combat Development Command commanding general Lt. Gen. Kenneth Glueck to aggregate and brief to the commandant this summer.
“The number one issue that we see upfront is the way we do command and control in the cyberspace operations. A lot of these problems are policy-based, so it’s just the way we’ve organized and evolved as an organization. So we’ll have to adjust quite a bit of internal policy that says certain organizations have certain tasks to do certain things, and once we sort all that out and we develop these courses of action then we’ll take them back to leadership,” Breazile said.
“You have to have your command and control structure right really upfront before you can get anything else right. Everything hinges on having the right decision-makers with the right authorities to do what they need to do to accomplish the mission. So that’s task one.”
Addressing manpower problems – both building out a military occupational specialty to be properly manned and to create the right training pipeline – could take years to accomplish, but Breazile said the Marines would at least determine a path for doing so by this summer. Fixing cyber acquisition will also be a long-term issue – Breazile noted the Fiscal Year 2011 National Defense Authorization Act directed the Marines to develop a more agile cyber acquisition process and no one has been able to get it quite right in the past five years.
Cyber vulnerability assessments will be part of the process as well, but the Marine Corps is now well positioned to tackle this part of the task force’s work. The Marines began building the Marine Corps Cyber Range in November 2014 with $9 million the service reprogrammed at the end of the previous fiscal year – and Breazile said the service has more than made up for that investment after the first cyber vulnerability assessment in March on the Common Aviation Command and Control System (CAC2S).
“That took what would normally be an eight- or nine-month process into two days. It’s huge. It is giant. I can’t express it enough how big that is because when we start applying that type of testing across the whole portfolio of systems, we’re talking about a significant cost-avoidance to the Marine Corps that’s going to be game-changing, I think, as far as we’re concerned,” Breazile said.
“And every year every system that we have has got to be reviewed for vulnerability assessments. It’s a huge cost, and it eats up a lot of time.”
Breazile said CAC2S is the largest system the Marine Corps will have to assess. The others may take as little as a few hours, leading Marines to celebrate the idea of “Certification and accreditation – C&A in a day,” he said.