Marine Corps CIO seeks to cordon off network
The uniqueness of the Marine Corps network and the threat of adversaries manipulating data require the Corps to segment parts of its network to make it more defensible, CIO Dennis Crall said.
When it comes to warfighting data, the Marine Corps has all its eggs in one basket. Having a single network entails particular risks, especially when it comes to data manipulation. Marine Corps CIO Brig. Gen. Dennis Crall said the solution is to fortify the network via compartmentalization.
"The Marine Corps is the only service that has one warfighting network," Crall said, in reference to classified SIPRNet. "For all the advantages that I have with a single network of defense come the vulnerabilities associated" with having one warfighting network.
Segmenting the network into enclaves of more secure data is the way to mitigate that risk, he said at a Nov. 13 luncheon hosted by AFCEA's Northern Virginia chapter.
Crall took over in July for Brig. Gen. Kevin Nally as the Corps' top IT official. Nally had stressed the need to collapse Marine Corps networks to save money and bolster security.
By his own account, Crall has his work cut out for him. He echoed a line from current and former Defense Department officials about data manipulation being a new front in cyberwar.
Adversaries seek "to manipulate the information that we see so it's hard to determine the integrity of that," Crall said. "That is the most dangerous course of action because when you're looking at position, navigation and timing, for example, can you really trust the GPS coordinates that you're given?"
In the past several months, Marine Corps leaders have made tackling cyberspace a priority. In January, Gen. Joseph Dunford, who was then the Corps' commandant and is now chairman of the Joint Chiefs of Staff, issued guidance that emphasized understanding cyberspace as increasingly critical to the Marine Air-Ground Task Force.
A debate among top brass over network security spilled into the open in May when Col. Gregory Breazile, director of the Corps' C2/Cyber and Electronic Warfare Integration Division, said the Marine Corps network was a "mess" shortly after transitioning from the privately operated Navy Marine Corps Intranet. Breazile predicted it would take "many years, unfortunately, to clean it up because it's not a standardized network."
That characterization incensed Nally, who responded by saying, "I have never had a commander call me and complain about the network."
Crall told FCW that, challenges notwithstanding, the Corps was making progress in securing its network.
The Wild West of apps
One key area of concern for Crall is how the Corps stores and recalls data.
"Today we're operating in a level of degradation because our systems cannot possibly receive, process, distribute and store the vast amount of information that is coming into it now," he said at the AFCEA luncheon.
Some of the service's data centers are aging to the point that "we're not able to do the mission that we need to given the resources that we have," he added.
He described application development at the Marine Corps as the Wild West, with apps being developed to different standards. Deputy CIO Ken Bible is preparing a developer's toolkit that will help establish standards for applications, Crall added.
Another remedy he sees for the applications challenge is a Marine Corps IT center in Kansas City that he described as "tremendously capable and grossly underutilized."
That facility could be a way station for examining application standards, reformatting software and making sure it's scalable and capable of being deployed to Marines the world over, Crall said.