GENERAL ROBERT M. SHEA
DIRECTOR, COMMAND, CONTROL, COMMUNICATIONS, AND COMPUTERS
HEADQUARTERS, UNITED STATES MARINE CORPS
ON 17 MAY 2001
Chairman and distinguished members of the committee,
I am Brigadier General Robert Shea, the Marine Corps
Director of the Command, Control, Communications and
Computers Department. Thank you for this opportunity to appear before the committee
to discuss how the Marine Corps is meeting the significant
challenge of Information Assurance. Today, I plan to
provide you an overview of the Marine Corps Information
Assurance program and the success we have achieved in
fortifying our defense
of the enterprise computer network.
Assurance supports expeditionary maneuver warfare extending
from the Operating Forces to the Supporting Establishment.
Information Assurance ensures the end-to-end
capability to deliver secure information at the right
time, to the right place, and in a useable format, allowing
commanders to exercise command and coordination, regardless
of proximity to their assigned forces.
To support Marine Corps Strategy 21 and our Marine
Air-Ground Task Force (MAGTF) command and control needs,
C4 systems must integrate Information Assurance capabilities
to satisfy a number of challenging threats and environments. Commanders, regardless of their location, must have the ability
to securely and rapidly access and transfer voice, data,
video and imagery information.
concert with the development of new DoD IA policy, we
are revising directives that govern the Marine Corps
IA program and attendant responsibilities for protecting
critical processes that depend on information technologies.
In addition to implementing DoD directives, the
intent of our evolving policy is as follows:
require an IA capability that supports a robust
infrastructure-wide defense in depth
specify IA duties and requisite training for
IA personnel (Designated Approving Authority, System
Administrator, Information Systems Security Manager,
and Information Systems Security Officer)
use web technology to the greatest extent possible
in support of training, especially the delivery of annual
IA awareness training
delineate the IA responsibilities for Marine
Corps Commands and Directorates
validate IA operational requirements and ensure
they are incorporated into all our architectures and
develop appropriate Military Occupational Specialty
(MOS) Individual Training Standards (ITS) that encompass
validated IA requirements
Marine Corps' specific objective for achieving Information
Assurance is to employ state-of-the-art technology,
provide awareness training to all users, and to deploy
computer network defense tools across the enterprise.
This is achieved by deploying a defense in depth
strategy integrating the capabilities of people, sound
procedures, and technology to achieve strong effective,
multi-layer and multi-dimensional protection.
The goals of the Marine Corps Information Assurance
program include confidentiality, integrity, availability,
authentication, and non-repudiation of information transported
along the Marine Corps Enterprise Network (MCEN).
This is achieved through the efforts and policy
included in the Marine Corps computer network defense
Marine Corps Enterprise Network provides worldwide connectivity
of both classified and unclassified networked communications
to every Marine Corps Command, both in the supporting
establishment and deployed.
It is one network. The MCEN represents the result of comprehensive planning, engineering,
and provisioning of "long haul" circuits using
the Defense Information Systems Network (DISN) as the
Marine Corps' single service provider.
The enterprise itself is the product of centralized
management of each connection point between a Marine
Corps installation's internal network and any external
network, referred to as a Point of Presence (POP).
Each POP provides stringent security to defend
against external and internal threats and to manage
the flow of electronic information across the Marine
Marine Corps' Information Technology Network Operations
Center (MITNOC), located aboard MCB Quantico, Virginia
Marine Corps' enterprise Network Operations Center.
is the nerve center for the central operational direction
and configuration management of our enterprise network.
Collocated with the Marine Corps Forces Computer
Network Defense (MARFOR CND), our component to the Joint
Task Force for Computer Network Operations (JTF-CNO),
and the Marine Corps' Computer Incident Response Team
(CIRT), known as the Marine Intrusion Detection Analysis
Section (MIDAS), this synergistic relationship provides
a strong framework for integrated network management
to network management provides network wide solutions
for Marine Corps portion of the Global Information Grid.
centralized control of each connection point
between the MCEN and external networks, such as the
network connection contains a suite of equipment that
enables connectivity and provides security to defend
against malicious activity or unauthorized access.
MCEN uses the "best-of-breed" of information
assurance technologies to produce a fully integrated
network boundary defense.
MCEN incorporates filtering routers, firewalls,
network intrusion detection and virtual private network
significantly reduces the risk associated with targets
of opportunity for today's cyber adversaries.
The MITNOC, as the MCEN Designated Approving
Authority (DAA), is instrumentally involved with the
DoD Information Technology Security Certification and
Accreditation Program (DITSCAP). The MCEN and its enclaves
are assessed to ensure compliance with all DoD IA metrics.
MARFOR CND and MITNOC team enjoys a fully integrated
and mutually supporting relationship.
A number of personnel hold key billets in both
This arrangement facilitates greater speed in
decision-making and executing actions in response to
These organizations located together at Quantico
serve as a center of excellence for enterprise network
operations, management, and most importantly - computer
MARFOR CND analyzes information available from Marine
Corps and national intelligence channels and works in
collaboration with MIDAS to develop and maintain an
intelligence perspective of the cyber battlefield.
Based on intelligence and analysis, the COMMARFOR
CND is able to rapidly direct specific defensive actions
taken across the MCEN to counter potential threats.
The Marine Corps' cyber warfare Observe, Orient,
Decide, and Act (OODA) Loop is short and responsive
as a result of centralized command and control of the
A third element within
our composite organizations is the Marine Intrusion
Detection and Analysis Section (MIDAS).
It is the Marine Corps Computer Incident Response
Team (CIRT) whose specific mission it is to identify
and respond to network security incidents, to include
leading Marine Corps efforts in combating malicious
code or viruses.
The MIDAS coordinates enterprise efforts around
the clock to identify the "real time" intrusion
detection "events." We employ a thorough 7-step taxonomy
including forensic analysis and correlation of historical
detailed process enables the Marine Corps to not only
identify amateur hackers with malicious intent but also
advanced potential adversaries such as state sponsored
information is reported to the JTF-CNO via the Joint
CERT Database (JCD) and the Joint Threat Database (JTD).
Marine Corps exists to fight and win on the battlefield.
Therefore, our operating forces are equipped
with the same IA and CND capabilities for the tactical
and deployed environments as they have in the supporting
The Marine Corps has fielded the Deployed Security
Interdiction Device (DSID).
The DSID consists of a suite of equipment that
includes the same CND technologies that are found at
our supporting establishment connection points to external
networks. DSIDs have been distributed throughout the Marine Corps and
provide our operating forces with a CND capability that
they can take with them to any corner of the globe.
The DSID proved its worth last year in support
of U.S. Support Group East Timor (USGET).
The DSID successfully provided computer network
defense for this joint service operation within USCINCPAC's
theater of operations.
MITNOC is heavily involved with providing deployed CND
support to our operating forces.
This support includes dispatching MITNOC teams
to deployed locations to provide on-site assistance
throughout all phases of an exercise or real world operation.
MITNOC deployed support in the aggregate is focused
on provisioning end-to-end secure and reliable communications
operating under a common umbrella of computer network
the Marine Corps migrates toward the Navy Marine Corps
Intranet (NMCI), the MITNOC and MARFOR CND are engaged
with Electronic Data Systems (EDS) and their Information
Strike Force (ISF) to ensure the existing end-to-end
capability is matched or exceeded under the NMCI concept
The Marine Corps continues to build upon a
solid foundation of Information Assurance based on seven
principles supporting our enterprise approach for network
Robust Network Infrastructure
Information Technology Standards'
Information Technology Policy
Control of Information Technology Resource Acquisition
Administrator Training and End User Education
Enterprise Network Management and Configuration
Robust Network Infrastructure:
From the initial design of MCEN, security was our core
concern and remains vital as we continue to sustain
our global enterprise architecture.
As articulated herein, we have implemented aggressive
measures to employ state-of-the-art technologies representing
speed, integrity, and most importantly security of the
Marine Corps takes a disciplined and enterprise approach
to provisioning and employing information technology.
This approach has resulted in our single, centrally
controlled and defended, global Marine Corps Enterprise
to our success is effective policy and specific standards
coupled with a disciplined acquisition process.
From this, the Marine Corps gains economic efficiency
and a high degree of integration and system interoperability.
Information Technology Policy: We strictly adhere to the basic principle that in order
for an information technology structure to survive,
particularly in terms of Information Assurance, support
from the highest levels of leadership is paramount.
We instill this philosophy
at all levels of the Marine Corps to ensure we are
setting the example through policy and procedures for
our Marines and Civilians to follow, no matter where
they are stationed.
Information Technology Standards:
The CIO establishes service wide Information Technology
specific service standards insure the development of
a homogenous IT environment.
This insures DoD wide interoperability and provides
for commonality for acquisition, procurement economies
of scale, reduced training cost, and improved integration
Control of Information Technology Resource Acquisition:
Leveraging the foundation provided by centralized standards,
the Marine Corps has continued its success of centralized
acquisition of all IT resources by a single entity.
Devices such as routers, servers, switches and
other network specific resources are
By controlling the process that acquires end-user
components, we continue to ensure strengthened end-to-end
configuration-control of our network.
also achieves economies of scale in our procurement
as well as life cycle sustainment. This
entire process represents a key function for our enterprise
Information Assurance architecture.
Administrator Training and End User Education: The single most important element of any Information
Assurance program is the active role of each participant.
Our local system administrators as well as users
are continually reminded that they are critical participants
in the success of our IA program, and therefore receive
annual mandatory training as well as being participants
in computer network defense exercises.
The Marine Corps is also participating in the
Information Assurance Scholarship Program (IASP) as
an avenue to qualify Marines as Information Assurance
are attending the Navy Network Systems Vulnerability
Technician class to attain the certification.
Quickly following our participation in the global
CND exercise "Positive Force" in April of this year,
real-world events caused a DOD wide INFOCON change.
In concert with this action, COMMARFOR-CND directed
additional MCEN wide CND measures to be implemented
throughout the Marine Corps.
Enterprise Network Management and Configuration Control:
The Marine Corps exercises centralized operational,
technical and configuration control of the 29 sites
that comprise MCEN.
To ensure consistency across the MCEN, we use
one set of standard DOD-compliant software tools for
all enterprise applications.
Our focus on the warfighter and commitment to
interoperability is further reflected in our acquisition
of long haul service solely from DISA.
command and control approach to our enterprise network
will allow us to transition seamlessly to NMCI beginning
3rd quarter FY-02.
Our enterprise defense in depth strategy addresses
the assumed risk of the NIPRNET connecting with the
is accomplished through a series of four layers of defense
in relation to the physical network.
The four layers combined create a defense in
depth that mitigates risk while enabling needed interconnectivity.
The first layer is our boundary defense, which
exists at each point where our MCEN connects to external
networks, such as the NIPRNET. I have spoken at length about this first layer.
The remaining layers of defense lie within the
MCEN itself. The
second layer provides protection between communities
of interest within a base level network.
Layer three addresses security concerns within
a single local area network.
The fourth and final layer encompasses end users
and individual computer workstations.
Although the Marine Corps has been engaged at
all four layers, the priority of effort was initially
focused on boundary defense.
With a mature boundary defense in place, we are
now shifting the focus to address internal network security
line with this focus, we have initiated a program to
field the Base Network Infrastructure Protection Suite
(BNIPS). BNIPS will place intrusion detection on key devices within
our internal network enclaves.
BNIPS monitoring consoles will provide commanders
with information regarding the nature of activity within
their local networks.
I will comment on the recent GAO report (01-0341)
of March 2001, that identified several Incident Response
Capability shortcomings and
discuss each of their four salient points.
ACTIVITIES; The Marine Corps response to JTF-CNO
issued Information Assurance Vulnerability Alerts (IAVA)
is a responsibility of the MARFOR-CND.
The Marine Corps has promulgated a service wide
procedure in which the MARFOR-CND acknowledges receipt
for any IAVA's from the JTF.
Then MARFOR CND, working closely with the MITNOC,
determines the technical challenges and requirements
of the particular IAVA before implementing any changes
upon the MCEN.
the IAVA has been completed, the MARFOR-CND employs
its organic resources to verify compliancy.
The MIDAS Vulnerability Assessment Assistance
Program (VAAP) team working with the Marine Web Risk
Assessment Cell (MWRAC) perform this IAVA verification
VAAP team consists of skilled analysts, utilizing automated
assessment tools to quickly and efficiently audit compliance
of each IAVA as they are applied upon the MCEN.
The MWRAC is comprised of Marine Corps Reservists
stationed around the country scanning our externally
accessible network devices for technical and operational
The MWRAC working in concert with the VAAP constitutes
an encompassing review mechanism to ensure all aspects.
ACTIVITIES: The MIDAS monitors network traffic continually between MCEN
and the Defense Information Infrastructure (DII) for
network intrusions, incidents, and anomalies and provides
appropriate impact assessment and response in real time.
The MIDAS acts as the MCEN malicious code reaction
cell as well as serving as a centralized network vulnerability
The MIDAS also strives to maintain a network
incident and forensics team capable of assisting major
subordinate commands within 24 hours with on-site support
and forensics capability when required.
AND DIAGNOSTIC ACTIVITIES: The MARFOR-CND has law enforcement/counterintelligence support
from the Naval Criminal Investigative Service (NCIS)
on the staff.
As 'incidents'are captured by MIDAS, NCIS is
responsible for conducting criminal and counterintelligence
investigations as well as coordinating involvement of
other law enforcement agencies.
NCIS has the authority to conduct investigations
into all matters warranted by this evidence or requested
HANDLING AND RESPONSE ACTIVITIES:
identifies events, our taxonomy process distinguishes
the event from system malfunctions, unintentional configuration
errors, and actual malicious activity.
From this point, working with the MARFOR-CND,
the categorized 'incident' is weighed against technical,
operational and intelligence assessments within the
confines of the Joint CERT database (JCD) where DOD
incident information is maintained.
Working with the MITNOC, the MARFOR-CND directs
the Marine Corps CND response in order to restore the
functionality of the MCEN with a minimum of disruption.
In those instances in which incidents cross service
boundaries, the MARFOR-CND coordinates with the JTF-CNO,
as well as other service CERTs to implement DOD wide
We have made great strides in the execution of our Information
The "pearl" of those accomplishments is the Marine
Corps' computer network defense capability.
Information Assurance, however, is a journey,
not a destination, and to that end, our journey continues.
As outlined in our Marine Corps C4 Campaign Plan,
the focus of the next "leg" of our journey is the following:
a strong Marine component relationship in support of
Joint Task Force Computer Network Operations (JTF-CNO)
optimum entry-level and sustaining IA training for
all personnel including the creation or modification
of occupational specialty
effective user/system administrator training and
a Key Management Infrastructure (KMI) that provides
a single interface for the secure creation, distribution,
and management of the cryptographic solutions implementing
a Public Key Infrastructure (PKI) that incorporates
public key certificates and public key-enabled applications
Smart Card Technology (SCT) to enhance the accuracy
and security of business processes, electronic transactions
and computer networks
a Critical Infrastructure Protection (CIP) program
to ensure the availability of USMC C4 systems and
assets that support MAGTF mobilization, deployment,
Continuity of Operations Plans (COOP) to ensure
the continuity of automated processes and information-based
a networked world, " A risk assumed by one is a risk assumed by all"
would like to extend an invitation to you and your staff
to visit our MITNOC and CND facility at Quantico, Virginia
at your earliest convenience.
Thank you for the opportunity to address the
committee on this important topic.