Search:  

 Blog     e-Newsletter       Resource Library      Directories      Webinars     Apps     EBooks
   AFCEA logo
 

Cybersecurity, Marine Corps Style

March 2012
By Rita Boland, SIGNAL Magazine
E-mail About the Author

 

Marines in Afghanistan radio their patrol’s security element and observe a reconnaissance robot’s camera feed on a laptop. Cybersecurity professionals around the Marine Corps strive to ensure the confidentiality, availability and integrity of the information provided through Marines’ networks at all times in all locations.

From insider threats to cyberwar, experts aim to maintain the confidentiality, availability and integrity of information.

U.S. Marines are tasked with battling enemies in any environment or domain and increasingly that location is cyberspace. Information assurance officials around the Corps are striving to ensure the reliability and trustworthiness of the service’s systems, and though they are aware of the potential for attack from the outside, misuse from the inside is a more prevalent concern.

Organizations leading the protection of Marine networks are divided into geographic regions representative of the rest of the Corps. Marine Corps Installations East (MCIEAST) Cyber Security Division personnel manage locations on the East Coast of the United States, including Marine Corps Base Quantico and Camp Lejeune, home of II Marine Expeditionary Force (MEF). Cybersecurity personnel in Marine Corps Installations West (MCIWEST) handle facilities on the West Coast, including Camp Pendleton, home of I MEF. The Cyber Security Section of Marine Corps Installations Pacific (MCIPAC) manages the cybersecurity for Marine bases in Korea, mainland Japan, Hawaii and Okinawa, encompassing III MEF. Though all three units follow the same rules and regulations, providing standards across the entire Marine Corps, they identify some different problems and disaster scenarios.

Carolyn Harrison, director of the MCIEAST Cyber Security Division and cybersecurity manager, explains that her organization classifies internal dangers as the biggest threat to ensuring network viability. This includes users falling for phishing schemes and chain emails, visiting hazardous websites or plugging unauthorized devices into computers connected to the network. Experts monitor the networks at all times to try to prevent potential problems caused by these activities, and they also offer ongoing training in an attempt to educate users about the dangers of unsafe network behavior. Unfortunately, even with all those efforts, systems users still fail to follow protocols. She says the most common attacks come from email and malware attempts where someone downloads malware that then filters through the networks.

Harrison wants Marines and others who use the Corps’ networks to acquire the proper training and then follow it. She also wants them “to be more active to help us help them.” She urges users not to plug BlackBerrys, iPods, MP3s or any other devices into their computers and not to install any unauthorized software. Even more simply, they can run patches when prompted. “If you see the shield, install the patch,” Harrison states. In most cases, all users have to do is shut down their machines at the end of every day, which will result in an automatic installation of security measures. “If they allow that to happen, that’s 90 percent of the battle,” she explains.

In certain cases, users actively attempt to cause problems, approaching circumvention of security as a challenge or a badge of accomplishment. Harrison says all online activity is like a video game to them, but their choices can cause serious damage. “I would hope they realize that if something is blocked, it’s for a good reason,” she states. These offenders may be surprised by the number of tools the Cyber Security Division has to counter their activities. Personnel can monitor all activity live. They know when an unauthorized device is connected to a machine, but Harrison says what really surprises network users is when her people can tell them the make and model of their cell phone.

At times, rule violators believe they got away with their behavior if cybersecurity officials did not contact them immediately. Harrison explains that if 1,000 people perform the same illicit action, and her office can  take action on only 20 of them, the others think no one noticed what they did. “We just didn’t get to them that day,” she says. “We have it in a database.” Officials are able to collect a history of offenders and their actions. Harrison urges network users to remember that a risk to one is a risk to all; and that by employing hardware and software correctly, avoiding social engineering attempts and following physical security procedures, much can be accomplished to ensure that systems perform correctly.

The Cyber Security Division also has to deal with growing amounts of other threats. As the numbers of people and devices with Internet connectivity increase, so do the possibilities for unauthorized access into Marine Corps networks. Harrison explains that outside adversaries constantly are trying to gain access, searching to find ways into the networks. While cybersecurity professionals put tools in place to detect intruders, Harrison says everyone has to take an active part in defending the network.

 

Connecting devices such as thumb drives and smartphones to a computer is one way government systems can contract malware. Marine Corps cybersecurity professionals conduct training to educate system users about the dangers inherent in hooking up unauthorized devices to computers tied into Marine networks, and they monitor the networks for such security breaches.

Adding to the challenge is the ever-changing nature of cyberdangers. Information assurance professionals have to remain current on enemy tactics because new vulnerabilities are introduced regularly. Harrison says threats never reduce in number; adversaries may switch methods—such as sending fewer chain emails—but they move on to new ploys for which there are no known fixes. She describes attacks as becoming more advanced and more difficult to detect.

With II MEF deployed to Afghanistan since early last year, her office has the additional responsibility of ensuring that they have the technology and support they need. Harrison’s division must provide protection on different levels to ensure networks remain available. However, problems are not unique to East Coast installations or even to the Marine Corps. Harrison says that the U.S. Defense Department as a whole is under cyber attack.

She further explains that her organization’s role is to ensure the confidentiality, integrity and availability of all data on the network, and that her ultimate disaster scenario would be the loss of those factors. Users need to know that the right information reaches the right people, that it will be available when needed and that it has not been changed or altered. A compromise to any of that would eliminate credibility and confidence in the ability to provide warfighters what they require, Harrison explains.

Over on the other side of the country, David Robbins, cyber security manager for MCIWEST, concurs with Harrison’s assessment of threats and disasters. He says that, “Insider threats have always presented the biggest threats to the network. Policies, procedures and training help to mitigate risks and manage the threat.” His organization most frequently resolves target vulnerabilities occurring from misconfigured systems and unprotected (unpatched) assets. Cybersecurity personnel spend much of their time verifying that systems remain compliant with approved certification and accreditation configurations. In addition, “Scanning for vulnerability status requires constant monitoring and vigilance,” Robbins says.

His nightmare scenario aligns with Harrison’s. He states, “An attack that has any detrimental impact or affects the confidentiality, integrity, timeliness and/or availability of information to the commander that may have an impact on command and control is of the greatest concern.”

Though Robbins does not know of a recent review of the latest studies on network attack trends, he says there seems to be an approximately 10 to 15 percent annual increase in vulnerability alerts and therefore patch requirements. He attributes that increase to five reasons: inexpensive means with which to mount an attack or
exploitation attempt; notoriety within the cyberterrorist community; commercial software vulnerabilities; special interest or political gain; and disruption of operations.

Despite all the dangers, Robbins says that networks can remain safe and reliable with the support of a balanced and flexible defense-in-depth approach by having a professional cyberdefense work force, state-of-the-art hardware and software and support of information technology governance. “Further, network users are on the front line and thus a key component in the defense-in-depth approach to network security,” Robbins explains. Users can aid the cybersecurity battle by adhering to sound computing safeguards and practices, by complying with Defense Department, Navy and Marine Corps cybersecurity training and regulations, and by immediately reporting any real or perceived computer or network abnormality.

“Our communications and information systems are in fact weapons systems and force multipliers,” Robbins explains. “They demand the very best of us all to best support the warfighter and his or her mission. Cybersecurity is everyone’s duty and responsibility.”

On the other side of the globe, Michael Miglionico, cybersecurity manager for MCIPAC’s Cyber Security Section, says that even though all the posts for which his team has responsibility sit outside the contiguous United States (OCONUS), there are no differentiating operations of the network. “All bases, posts and stations must adhere to the same governing policies and directives for maintaining networks,” he explains. “However, being OCONUS brings other aspects of security into account, such as a heightened physical security posture.”

Miglionico differs from his counterparts on what he views as the “keep you up at night” scenario. He describes it as “a full-out cyberwar between nations. There are nations out there that want our data or to disrupt the stream of data. Unfortunately, no one knows the full capability of these nations because such a war has not been conducted yet. When and if a cyberwar is initiated, these attacks will happen in seconds because of the speed of networks in today’s world. Responding to them will require a huge effort to thwart [the threats] and protect our networks. Having a cyberwar would also be costly if we cannot get the information to where it is needed for the warfighter.”

On a more everyday level, the threat to military networks is still complex, covering a broad spectrum of potential sources such as hackers, disgruntled insiders and terrorists as well as foreign intelligence activities. Here, Miglionico’s concerns align with Harrison and Robbins. “We must ensure these threats do not disrupt the confidentially, integrity and availability of information to the warfighter,” he says. “Getting the correct information to right person in a timely matter will enhance our information warfare superiority. All of these threats can be exacerbated by careless or poor security practices by network users, so training is an intricate part of mitigating these threats.”

Miglionico says viruses are a common concern, and MCIPAC cybersecurity personnel use antivirus protection along with user education to combat them. Raising awareness of potential email scams, fake antiviruses, phishing attacks and social networking scams will curb these types of attacks, he explains.

WEB RESOURCES
I MEF: www.i-mef.usmc.mil
II MEF: www.iimef.marines.mil
III MEF: www.marines.mil/unit/mcbjapan