Marines experimenting with defensive cyber teams for reconnaissance
Written by Marc Pomerleau
A Marine Corps information warfare unit is experimenting with how to use its defensive cyber teams for reconnaissance, according to the organization’s commander.
The Marine Expeditionary Force (MIG) Information Groups, which were established in 2017 and support each MEF within the Corps, integrate electronic warfare with intelligence, communications, military information support operations , space, cyber and communications strategy to provide MEF commanders with an information advantage.
Each of these units incorporates what is known as an Internal Defense Measures and Cyber Defensive Operations Company (DCO-IDM), which protects networks and hunts adversaries on friendly systems at the tactical edge.
II MIG is the leader among MIGs in experimenting with reconnaissance and counter-reconnaissance, its commanding officer, Col. Brian Russell, said Wednesday in a podcast hosted by the Navy’s Brute Krulak Center for Innovation & Future Warfare. University Corps.
Through this experimentation, Russell said they seek to use their DCO-IDM companies as a reconnaissance force.
“As we define our network terrain and determine what is critical from a reverse targeting methodology, malicious cyber actors are certain to come after our kill chains,” he said. “We basically draw named areas of interest around these critical nodes and that’s where we apply our resource with a sensor [that] I call the electronic version of the binoculars to watch and confirm the presence of the opponent so that we can do something about it. For me, it is a form of cyber-reconnaissance that we experiment here at II MEF.
Russell has previously discussed the need to reimagine how these defensive cyber teams can be used in the gray zone against adversaries, or the competitive space that exists below the threshold of armed conflict.
“We can use this capability to influence adversary decision-making by combining DCO-IDM operations with any other element of the Fleet Marine Force,” he said in 2020. “These operations, below the level of armed conflict (grey zone), allow us to understand the adversary, to condition his behavior before the conflict and even to impose costs on his operations and his strategic intention.
These DCO-IDM teams are trained to the same standards as US Cyber Command’s high-end defensive cyber protection teams that respond to and defend against malicious activity on corporate networks, Russell said, adding that they are essentially interoperable.
This interoperability “opens doors that allow you to work on other people’s networks with allies and partners who trust you because you are trained to a certain standard,” he said, noting that it is the same approach they will take with offensive teams adhering to Cyber Command standards.
II MIG primarily supports European Command, but also serves as the Marines’ global response MEF. They have already conducted exercises and experiments in theater, learning that building and winning narratives before conflict is important and that everything happens in the information environment.
Officials have long maintained that the MIGs would not be built overnight. Exercises and experimentation help the Marine Corps shape the direction of these forces and better understand what needs to change.
In fact, based on lessons learned from exercises and experimentation, the Marine Corps made modifications to MIGs three years after they were trained.
Additionally, officials noted that despite the tactical nature of these teams and much of what the Marine Corps does, units must also be tied to operational and strategic trends to be successful.
“For you to be successful tactically, you must be aware of the strategic and operational effects, usually non-lethal, that shape the environment to enable your tactical action to occur,” said Colonel Ray Gerber, commanding officer of III MIG. on the same podcast. “I would say the Marine Corps struggles with this because we grew up in a world where tactical action is the thing that everything is centered around.”
This force, however, can project power globally from a single location, a break from traditional domains that is unique to the information environment.
“I have Marines in this building right now supporting operations in USEUCOM AOR, supporting conflict in USEUCOM AOR from an analysis or capability delivery perspective,” Russell said. “I think it’s a growing industry. [Continental U.S.] base operational support… I don’t need to deploy forward to provide operational value. I can do it from the docking station or other places that aren’t necessarily in quotes, in the conflict zone. This modern information environment allows us to do that.