Cyber specialists study computer data while on the job. The Marine Corps is placing a greater focus on cyber warriors as Marine Corps Forces Cyber Command prepares to double or triple its manpower over the next few years. (Senior Airman Brett Clashman / Air Force)
COLUMBIA, Md. — Buried in an unmarked office, within a nondescript business park just miles from Fort Meade and the National Security Agency, resides what is perhaps the Marine Corps’ most secretive organization.
Today, Marine Corps Forces Cyber Command is three years old. Based here in the national capital region, it consists of slightly more than 100 personnel. But rapid, substantial growth is coming as demand for cyberwarfare skills — both offensive and defensive — assumes greater precedence in the nation’s security strategy. For Marines, that means opportunity.
In March, Marine Corps Times was granted rare access to MARFORCYBER’s command post to interview the organization’s chief of staff, Col. Mark Butler, a career aviator turned cyber warrior. The missions conducted here are sensitive, to say the least, meaning outsiders coming in must follow strict protocols — far more stringent than those in place for journalists seeking access to senior leaders at the Pentagon.
Passing through an unmarked door, into what could have been the lobby outside any corporate office in America, a Marine escort laid out the ground rules: no cameras, no phones, no recorders. Just a pencil and paper would be allowed inside the SCIF, or Sensitive Compartmented Information Facility, where MARFORCYBER handles top-secret information.
Don’t be alarmed, the escort said, explaining he would yell out to those inside that a noncleared individual was entering the facility. There shouldn’t be any sensitive information on display, he said, but if there was, it would prompt a debrief and nondisclosure statements.
Passing through a second door, this one heavily fortified, a blue light whirled overhead until the entrance was secure again. Inside, no one wore thick-framed glasses or pocket protectors. The colonel and the rest of his Marines wore MARPAT and looked as though they’d be just as happy humping 75 pounds of kit. These Marines may be based in a fluorescent-lit office far from heat, grime and bullets, but they are waging war with real consequences.
Welcome to Cyber Command.
Staff NCOs, officers wanted
At a time when Congress and the Defense Department are slashing budgets and personnel, Butler sees his organization playing a crucial role on future battlefields. In the near term, MARFORCYBER is poised to double or triple its manpower, he said, indicating that soon, the command could offer the sorts of bonuses and retention incentives common in the Corps’ other hot career fields. During congressional testimony in late 2010, Lt. Gen. George Flynn, then the deputy commandant for combat development and integration, told lawmakers the Corps’ cyber capacity could one day reach 800 personnel.
There is no military occupational specialty, rank or qualification that will lead a Marine to MARFORCYBER, which falls under the joint U.S. Cyber Command. The 02 intelligence, 06 communications, and 26 signals intelligence/ground electronic warfare occupational fields are most often the straightest path into a cyber billet, Butler said. But that could change. By rank, the command is looking for officers and staff noncommissioned officers, but not exclusively.
A formal selection process and training pipeline are in development, he said, likening MARFORCYBER’s recruiting effort to that used by special operations forces. The command screens candidates for potential. It’s not looking for Marines who already posses cyber skills, but rather Marines who demonstrate a natural understanding of technology — individuals who can be molded, he said.
Once Marines are selected, training length depends on the job. “On-net” Marines who conduct cyber operations undergo six months of specialized training plus an 18-month apprenticeship, according to Lt. Col. Jeffrey P. Lipson, the command’s spokesman. It takes two years in all.
Those who are determined to join can improve their chances by reading books about computer technology. Earning certificates as a network administrator or a certified ethical hacker also could help, Butler said.
Job security, cash incentives
While some in Washington have voiced concern that growth in cyber operations is imperiled by future budget cuts, experts say if any corner of defense spending is likely to be spared, it is U.S. Cyber Command. In October, Lt. Gen. Richard P. Mills, the current deputy commandant for combat development and integration, said growth will come “at the expense of other organizations because manpower is a finite resource.”
Indeed, manning could be a challenge as the Corps reduces its active-duty force by 20,000 through 2016. But money should continue to flow, said Trey Herr, a fellow at George Washington University’s Cybersecurity Policy Research Institute.
“Cyber is hot right now,” he said. “This is as much a function of military requirements as congressional intention, but it is probably the safest bet in the defense budget to grow or at least remain static.”
Cyber threats are here to stay and defensive capabilities must continue to be developed, said Paul Rosenzweig, founder of Red Branch Consulting, who advises The Chertoff Group, a security and risk-management company founded by former Homeland Security Secretary Michael Chertoff. “I don’t think anybody will ever go to war again without cyber warriors,” he said. “Going to war without cyber warriors would be like going to war without artillery backup or close-air support. You can do it, but you wouldn’t want to.”
For those who make the cut, there is likely to be a large reward. Although there are no monetary incentives unique to MARFORCYBER yet, that will change, Butler said. Too frequently, cyber Marines are lured out of uniform by six-figure salaries common for this type of work in the private sector, where companies are seeking help to defend their networks against foreign and domestic hacking attacks. Banks, petrochemical companies, defense contractors and even Coca-Cola have been targeted.
To help ease the churn, the Corps soon may institute incentives for cyber Marines comparable to those previously enjoyed by pilots. Those could include tens of thousands of dollars to re-enlist and thousands more each year to remain qualified in the cyber field. But like pilots, those who might enjoy future financial incentives at MARFORCYBER also may have longer commitments — perhaps six years — meant to offset the amount of time and money the Marines Corps dedicates to making them battle ready.
As the command continues to develop formal requirements, cyber Marines should find healthy opportunities to climb the ranks while spending most, if not all, of their career at MARFORCYBER. In his 2010 remarks to Congress, Flynn explained that one challenge facing the Corps in this arena will be providing Marines a “comprehensive roadmap for training and career development.”
To provide a clear career path and the opportunity for advancement without leaving the command, Herr suggests creating a series of new MOSs. The unmanned aerial vehicle community faced a similar retention problem: By the time Marines acquired institutional knowledge and on-the-job experience, they had to move on to ensure they remained competitive for promotion. Marine leaders solved the problem by creating the 7315 Mission Commander primary MOS. It’s unclear if MARFORCYBER will do the same, but it is an option for leaders focused on keeping these Marines.
And when cyber Marines decide to leave the Corps, they’ll have highly marketable skills for which civilian companies will pay top dollar. A search of Marine Corps Times’ online civilian jobs database, http://www.marinecorpstimes.com/jobs, reveals dozens of current openings throughout the country — jobs that can pay well over $100,000 a year, according to the U.S. Bureau of Labor Statistics.
Missions at home and abroad
MARFORCYBER is tasked with protecting the Marine Corps’ networks from attacks and supporting operational forces. They do that by providing commanders with electronic intelligence and attacking enemy networks to limit their ability to communicate, collect information and maneuver — all while defending their own.
In many cases, cyber Marines carry out such missions from Maryland, where they’re able to reach out to nearly any corner of the globe via the cyber domain. However, others do deploy with fleet forces. Cyber Marines have gone overseas in support of operations in Afghanistan and are slated for a deployment with the 31st MEU out of Japan, Lipson said.
Key to understanding what cyber Marines do requires first divorcing Hollywood from reality. Scenarios of dams collapsing, entire swaths of the country plunged into darkness and oil rigs exploding are a bit of a stretch, say cybersecurity experts. Most cyber attacks result in theft of information, whether it’s financial data, corporate trade secrets or state secrets, Rosenzweig said.
In 2011 and 2012, one such Chinese-based cyber attack targeted Defense Department Common Access Cards. The cyber weapon would infect a user’s computer when they unwittingly opened a PDF email attachment disguised as official military or government communications. Once it took hold, the virus could log key strokes to obtain personal information or access codes. It’s a cyber Marine’s job to identify those vulnerabilities and guard against them.
Regional blackouts could happen, Butler said, citing the 2003 outage that left 10 million people without electricity in the New York City metropolitan area and elsewhere in the Northeast and parts of Canada. That was the result of a software glitch, not a malicious attack. But it offers insight into the sort of havoc a cyber attack can wreak, he said.
Already, the U.S. government has proved the destructive potential of cyber attacks with the release of Stuxnet on Iran’s Natanz nuclear facility. It was discovered in 2010 that the virus, aimed at stifling that country’s nuclear arms ambitions, effectively disrupted the delicate balance of the nuclear centrifuges used to refine uranium, destroying them.
Rosenzweig and Herr caution against fear-mongering, however. The potential for physical damage is limited because each piece of infrastructure is unique and requires a specifically tailored attack to do damage. Stuxnet, for example, spreads via Microsoft Windows, and it specifically targeted Siemens brand industrial software and equipment used at the enrichment facility.
“Almost every piece of infrastructure is relatively unique, so it’s like you need a separate, differently manufactured guided missile for each different bunker you are going to bust,” Rosenzweig said.
For that reason, surgical attacks on the U.S. are more likely. Today, the greatest threats stem from what is likely a Chinese People’s Liberation Army-run hacking group out of Shanghai. It has unleashed countless attacks on U.S. companies and government agencies over the past few years. A recent report by Mandiant, a cybersecurity firm, exposed the group, although Chinese officials have denied government-sponsored attacks.
Iran also is emerging as a wild card. Whereas China’s efforts have primarily focused on theft of proprietary information and state secrets, the Iranians pose a destructive cyber threat.
“Iran seems to have made great strides in the past decade and would appear to be more interested in data destruction than theft,” Herr said.
But cyberwarfare is not the exclusive domain of state-funded actors. In Russia, Ukraine and Brazil, for example, criminals are committing large scale financial fraud. Some estimates say these enterprises steal upward of $1 trillion worldwide every year, Rosenzweig said. While those nations are not actively supporting attacks, they do little to stem them.
Additionally, terrorist organizations and other nonstate actors eventually will make the jump to offensive cyber operations, experts predict.
“The resources required to be a threat are just not that large,” Herr said. For that reason, Rosenzweig has proposed that the Defense Department adopt a counterinsurgency approach to cyberspace.
A practitioner of counterinsurgency in Afghanistan and Iraq, and even going back to the Banana Wars of the early 20th century, the Marine Corps could be well-positioned to meet that challenge. Ultimately, Butler said, success is a matter of bringing traditional philosophies to bear, regardless of the battle space.
“The same principles of any military operations — Sun Tzu, Clausewitz — all apply to the cyberspace domain,” he said. “Same principles. Same mission. Different tools.”