IWS - The Information Warfare Site
News Watch Make a donation to IWS - The Information Warfare Site Use it for navigation in case java scripts are disabled


STATEMENT OF

BRIGADIER GENERAL ROBERT M. SHEA
DIRECTOR, COMMAND, CONTROL, COMMUNICATIONS, AND COMPUTERS
HEADQUARTERS, UNITED STATES MARINE CORPS
CONCERNING
INFORMATION ASSURANCE

ON 17 MAY 2001

Mr. Chairman and distinguished members of the committee, I am Brigadier General Robert Shea, the Marine Corps Director of the Command, Control, Communications and Computers Department.  Thank you for this opportunity to appear before the committee today to discuss how the Marine Corps is meeting the significant challenge of Information Assurance. Today, I plan to provide you an overview of the Marine Corps Information Assurance program and the success we have achieved in fortifying our defense of the enterprise computer network.

Information Assurance supports expeditionary maneuver warfare extending from the Operating Forces to the Supporting Establishment.  Information Assurance ensures the end-to-end capability to deliver secure information at the right time, to the right place, and in a useable format, allowing commanders to exercise command and coordination, regardless of proximity to their assigned forces.  To support Marine Corps Strategy 21 and our Marine Air-Ground Task Force (MAGTF) command and control needs, C4 systems must integrate Information Assurance capabilities to satisfy a number of challenging threats and environments.  Commanders, regardless of their location, must have the ability to securely and rapidly access and transfer voice, data, video and imagery information.

In concert with the development of new DoD IA policy, we are revising directives that govern the Marine Corps IA program and attendant responsibilities for protecting critical processes that depend on information technologies.  In addition to implementing DoD directives, the intent of our evolving policy is as follows:

·       require an IA capability that supports a robust infrastructure-wide defense in depth 

·       specify IA duties and requisite training for IA personnel (Designated Approving Authority, System Administrator, Information Systems Security Manager, and Information Systems Security Officer) 

·       use web technology to the greatest extent possible in support of training, especially the delivery of annual IA awareness training

·       delineate the IA responsibilities for Marine Corps Commands and Directorates

·       validate IA operational requirements and ensure they are incorporated into all our architectures and systems

·       develop appropriate Military Occupational Specialty (MOS) Individual Training Standards (ITS) that encompass validated IA requirements

The Marine Corps' specific objective for achieving Information Assurance is to employ state-of-the-art technology, provide awareness training to all users, and to deploy computer network defense tools across the enterprise.  This is achieved by deploying a defense in depth strategy integrating the capabilities of people, sound procedures, and technology to achieve strong effective, multi-layer and multi-dimensional protection.  The goals of the Marine Corps Information Assurance program include confidentiality, integrity, availability, authentication, and non-repudiation of information transported along the Marine Corps Enterprise Network (MCEN).  This is achieved through the efforts and policy included in the Marine Corps computer network defense program.

The Marine Corps Enterprise Network provides worldwide connectivity of both classified and unclassified networked communications to every Marine Corps Command, both in the supporting establishment and deployed.  It is one network.  The MCEN represents the result of comprehensive planning, engineering, and provisioning of "long haul" circuits using the Defense Information Systems Network (DISN) as the Marine Corps' single service provider.  The enterprise itself is the product of centralized management of each connection point between a Marine Corps installation's internal network and any external network, referred to as a Point of Presence (POP).  Each POP provides stringent security to defend against external and internal threats and to manage the flow of electronic information across the Marine Corps.  

The Marine Corps' Information Technology Network Operations Center (MITNOC), located aboard MCB Quantico, Virginia is the Marine Corps' enterprise Network Operations Center.  The MITNOC is the nerve center for the central operational direction and configuration management of our enterprise network.  Collocated with the Marine Corps Forces Computer Network Defense (MARFOR CND), our component to the Joint Task Force for Computer Network Operations (JTF-CNO), and the Marine Corps' Computer Incident Response Team (CIRT), known as the Marine Intrusion Detection Analysis Section (MIDAS), this synergistic relationship provides a strong framework for integrated network management and defense.  

Our enterprise approach to network management provides network wide solutions for Marine Corps portion of the Global Information Grid.  The MITNOC exercises centralized control of each connection point between the MCEN and external networks, such as the NIPRNET.  Each network connection contains a suite of equipment that enables connectivity and provides security to defend against malicious activity or unauthorized access.  MCEN uses the "best-of-breed" of information assurance technologies to produce a fully integrated network boundary defense.  MCEN incorporates filtering routers, firewalls, network intrusion detection and virtual private network technology.  This significantly reduces the risk associated with targets of opportunity for today's cyber adversaries.   The MITNOC, as the MCEN Designated Approving Authority (DAA), is instrumentally involved with the DoD Information Technology Security Certification and Accreditation Program (DITSCAP). The MCEN and its enclaves are assessed to ensure compliance with all DoD IA metrics.

The MARFOR CND and MITNOC team enjoys a fully integrated and mutually supporting relationship.  A number of personnel hold key billets in both organizations simultaneously.  This arrangement facilitates greater speed in decision-making and executing actions in response to emerging threats.  These organizations located together at Quantico serve as a center of excellence for enterprise network operations, management, and most importantly - computer network defense.  

The MARFOR CND analyzes information available from Marine Corps and national intelligence channels and works in collaboration with MIDAS to develop and maintain an intelligence perspective of the cyber battlefield.  Based on intelligence and analysis, the COMMARFOR CND is able to rapidly direct specific defensive actions taken across the MCEN to counter potential threats.  The Marine Corps' cyber warfare Observe, Orient, Decide, and Act (OODA) Loop is short and responsive as a result of centralized command and control of the enterprise.  

A third element within our composite organizations is the Marine Intrusion Detection and Analysis Section (MIDAS).  It is the Marine Corps Computer Incident Response Team (CIRT) whose specific mission it is to identify and respond to network security incidents, to include leading Marine Corps efforts in combating malicious code or viruses.  The MIDAS coordinates enterprise efforts around the clock to identify the "real time" intrusion detection "events." We employ a thorough 7-step taxonomy including forensic analysis and correlation of historical data.  This detailed process enables the Marine Corps to not only identify amateur hackers with malicious intent but also advanced potential adversaries such as state sponsored attacks.  This information is reported to the JTF-CNO via the Joint CERT Database (JCD) and the Joint Threat Database (JTD).  

  The Marine Corps exists to fight and win on the battlefield.  Therefore, our operating forces are equipped with the same IA and CND capabilities for the tactical and deployed environments as they have in the supporting establishment.  The Marine Corps has fielded the Deployed Security Interdiction Device (DSID).  The DSID consists of a suite of equipment that includes the same CND technologies that are found at our supporting establishment connection points to external networks.  DSIDs have been distributed throughout the Marine Corps and provide our operating forces with a CND capability that they can take with them to any corner of the globe.  The DSID proved its worth last year in support of U.S. Support Group East Timor (USGET).   The DSID successfully provided computer network defense for this joint service operation within USCINCPAC's theater of operations.  

The MITNOC is heavily involved with providing deployed CND support to our operating forces.  This support includes dispatching MITNOC teams to deployed locations to provide on-site assistance throughout all phases of an exercise or real world operation.  MITNOC deployed support in the aggregate is focused on provisioning end-to-end secure and reliable communications operating under a common umbrella of computer network defense.

As the Marine Corps migrates toward the Navy Marine Corps Intranet (NMCI), the MITNOC and MARFOR CND are engaged with Electronic Data Systems (EDS) and their Information Strike Force (ISF) to ensure the existing end-to-end capability is matched or exceeded under the NMCI concept of operations.  

The Marine Corps continues to build upon a solid foundation of Information Assurance based on seven principles supporting our enterprise approach for network centric operations.  These include

  • A Robust Network Infrastructure

  • Enterprise Information Technology Standards'

  • Enterprise Information Technology Policy

  • Centralized Control of Information Technology Resource Acquisition

  • System Administrator Training and End User Education

  • Centralized Enterprise Network Management and Configuration Control

  • Enterprise Defense-in-Depth Strategy

A Robust Network Infrastructure: From the initial design of MCEN, security was our core concern and remains vital as we continue to sustain our global enterprise architecture.  As articulated herein, we have implemented aggressive measures to employ state-of-the-art technologies representing speed, integrity, and most importantly security of the MCEN.  

The Marine Corps takes a disciplined and enterprise approach to provisioning and employing information technology.   This approach has resulted in our single, centrally controlled and defended, global Marine Corps Enterprise Network.  Critical to our success is effective policy and specific standards coupled with a disciplined acquisition process.  From this, the Marine Corps gains economic efficiency and a high degree of integration and system interoperability.

 Enterprise Information Technology Policy: We strictly adhere to the basic principle that in order for an information technology structure to survive, particularly in terms of Information Assurance, support from the highest levels of leadership is paramount.  We instill this philosophy at all levels of the Marine Corps to ensure we are setting the example through policy and procedures for our Marines and Civilians to follow, no matter where they are stationed.  

Enterprise Information Technology Standards: The CIO establishes service wide Information Technology standards.  The specific service standards insure the development of a homogenous IT environment.  This insures DoD wide interoperability and provides for commonality for acquisition, procurement economies of scale, reduced training cost, and improved integration and interoperability. 

Centralized Control of Information Technology Resource Acquisition: Leveraging the foundation provided by centralized standards, the Marine Corps has continued its success of centralized acquisition of all IT resources by a single entity.  Devices such as routers, servers, switches and other network specific resources are centrally procured.  By controlling the process that acquires end-user components, we continue to ensure strengthened end-to-end configuration-control of our network.   This also achieves economies of scale in our procurement as well as life cycle sustainment.  This entire process represents a key function for our enterprise Information Assurance architecture.

System Administrator Training and End User Education: The single most important element of any Information Assurance program is the active role of each participant.  Our local system administrators as well as users are continually reminded that they are critical participants in the success of our IA program, and therefore receive annual mandatory training as well as being participants in computer network defense exercises.  The Marine Corps is also participating in the Information Assurance Scholarship Program (IASP) as an avenue to qualify Marines as Information Assurance Technicians.  Marines are attending the Navy Network Systems Vulnerability Technician class to attain the certification.  Quickly following our participation in the global CND exercise "Positive Force" in April of this year, real-world events caused a DOD wide INFOCON change.  In concert with this action, COMMARFOR-CND directed additional MCEN wide CND measures to be implemented throughout the Marine Corps.  

Centralized Enterprise Network Management and Configuration Control: The Marine Corps exercises centralized operational, technical and configuration control of the 29 sites that comprise MCEN.  To ensure consistency across the MCEN, we use one set of standard DOD-compliant software tools for all enterprise applications.  Our focus on the warfighter and commitment to interoperability is further reflected in our acquisition of long haul service solely from DISA.  This command and control approach to our enterprise network will allow us to transition seamlessly to NMCI beginning 3rd quarter FY-02.

Enterprise Defense-in-Depth Strategy:  Our enterprise defense in depth strategy addresses the assumed risk of the NIPRNET connecting with the Internet.  This is accomplished through a series of four layers of defense in relation to the physical network.  The four layers combined create a defense in depth that mitigates risk while enabling needed interconnectivity.  The first layer is our boundary defense, which exists at each point where our MCEN connects to external networks, such as the NIPRNET.  I have spoken at length about this first layer.  The remaining layers of defense lie within the MCEN itself.  The second layer provides protection between communities of interest within a base level network.  Layer three addresses security concerns within a single local area network.  The fourth and final layer encompasses end users and individual computer workstations.  Although the Marine Corps has been engaged at all four layers, the priority of effort was initially focused on boundary defense.  With a mature boundary defense in place, we are now shifting the focus to address internal network security priorities.  In line with this focus, we have initiated a program to field the Base Network Infrastructure Protection Suite (BNIPS).  BNIPS will place intrusion detection on key devices within our internal network enclaves.  BNIPS monitoring consoles will provide commanders with information regarding the nature of activity within their local networks.  

I will comment on the recent GAO report (01-0341) of March 2001, that identified several Incident Response Capability shortcomings and  discuss each of their four salient points.   

PREVENTIVE ACTIVITIES; The Marine Corps response to JTF-CNO issued Information Assurance Vulnerability Alerts (IAVA) is a responsibility of the MARFOR-CND.  The Marine Corps has promulgated a service wide procedure in which the MARFOR-CND acknowledges receipt for any IAVA's from the JTF.   Then MARFOR CND, working closely with the MITNOC, determines the technical challenges and requirements of the particular IAVA before implementing any changes upon the MCEN. 

Once the IAVA has been completed, the MARFOR-CND employs its organic resources to verify compliancy.  The MIDAS Vulnerability Assessment Assistance Program (VAAP) team working with the Marine Web Risk Assessment Cell (MWRAC) perform this IAVA verification function.  The VAAP team consists of skilled analysts, utilizing automated assessment tools to quickly and efficiently audit compliance of each IAVA as they are applied upon the MCEN.  The MWRAC is comprised of Marine Corps Reservists stationed around the country scanning our externally accessible network devices for technical and operational security compliance.  The MWRAC working in concert with the VAAP constitutes an encompassing review mechanism to ensure all aspects.

DETECTION ACTIVITIES:  The MIDAS monitors network traffic continually between MCEN and the Defense Information Infrastructure (DII) for network intrusions, incidents, and anomalies and provides appropriate impact assessment and response in real time.  The MIDAS acts as the MCEN malicious code reaction cell as well as serving as a centralized network vulnerability assessment center.  The MIDAS also strives to maintain a network incident and forensics team capable of assisting major subordinate commands within 24 hours with on-site support and forensics capability when required.

INVESTIGATIVE AND DIAGNOSTIC ACTIVITIES:  The MARFOR-CND has law enforcement/counterintelligence support from the Naval Criminal Investigative Service (NCIS) on the staff.    As 'incidents'are captured by MIDAS, NCIS is responsible for conducting criminal and counterintelligence investigations as well as coordinating involvement of other law enforcement agencies.  NCIS has the authority to conduct investigations into all matters warranted by this evidence or requested by COMMARFOR-CND.  

EVENT HANDLING AND RESPONSE ACTIVITIES:  As MIDAS identifies events, our taxonomy process distinguishes the event from system malfunctions, unintentional configuration errors, and actual malicious activity.  From this point, working with the MARFOR-CND, the categorized 'incident' is weighed against technical, operational and intelligence assessments within the confines of the Joint CERT database (JCD) where DOD incident information is maintained.  Working with the MITNOC, the MARFOR-CND directs the Marine Corps CND response in order to restore the functionality of the MCEN with a minimum of disruption.  In those instances in which incidents cross service boundaries, the MARFOR-CND coordinates with the JTF-CNO, as well as other service CERTs to implement DOD wide defensive measures.  

CLOSING: We have made great strides in the execution of our Information Assurance Program.  The "pearl" of those accomplishments is the Marine Corps' computer network defense capability.  Information Assurance, however, is a journey, not a destination, and to that end, our journey continues.   As outlined in our Marine Corps C4 Campaign Plan, the focus of the next "leg" of our journey is the following:

·       Foster a strong Marine component relationship in support of Joint Task Force Computer Network Operations (JTF-CNO)

  • Ensure optimum entry-level and sustaining IA training for all personnel including the creation or modification of occupational specialty

  • Implement effective user/system administrator training and certification

  • Employ a Key Management Infrastructure (KMI) that provides a single interface for the secure creation, distribution, and management of the cryptographic solutions implementing CND

  • Employ a Public Key Infrastructure (PKI) that incorporates public key certificates and public key-enabled applications 

  • Field Smart Card Technology (SCT) to enhance the accuracy and security of business processes, electronic transactions and computer networks 

  • Implement a Critical Infrastructure Protection (CIP) program to ensure the availability of USMC C4 systems and assets that support MAGTF mobilization, deployment, and sustainment 

  • Refine Continuity of Operations Plans (COOP) to ensure the continuity of automated processes and information-based operations

In a networked world,   " A risk assumed by one is a risk assumed by all"

I would like to extend an invitation to you and your staff to visit our MITNOC and CND facility at Quantico, Virginia at your earliest convenience.  Thank you for the opportunity to address the committee on this important topic.

House Armed Services Committee
2120 Rayburn House Office Building
Washington, D.C. 20515