In the same way that the ships of the USS America Expeditionary Strike Group (ESG) patrol the seas to provide safety and maritime security against any threat, so too do the Marines of Defensive Cyberspace Operations-Internal Defensive Measures (DCO-IDM) in the cyber realm, according to 2nd Lt. Adam Kosianowski, 31st Marine Expeditionary Unit DCO-IDM officer in charge.
“For the first time, the 31st MEU embarked aboard the America ESG with DCO-IDM to ensure naval integration between Marine Corps and Navy networks, and that the networks are defended in the cyber domain in order to operate unimpeded by enemy probing and malicious activity,” said Kosianowski. “By supporting the America ESG, 31st MEU team, DCO-IDM provides another line of defense to friendly networks.”
The ability for the MEU to process information, communicate, and execute a wide range of missions relies on a safe and secure cyber network. While the wars of the early 21st century saw the Marine Corps operate uncontested in the cyber realm, preparation for the next conflict requires a robust cyber defense capability. DCO-IDM functions as a roving guard force that searches for unusual trends, benign content, or malicious solicitation in the cyber realm.
“The Marine is DCO-IDM. The Marine hunts, views the network from enemy points of view, and mitigates damage before the bad actor can anticipate and act,” said Kosianowski. “Practicing security standards and policies are important because it prevents the enemy from figuring out vulnerabilities, especially through lack of attention to detail.”
“Defensive cyberspace operator Staff Sgt. Ulises Villegas described how the adversary can take many actions to potentially exploit friendly networks. “Bad actors probe the network they are looking to penetrate, looking for vulnerabilities and openings on networks that are exploitable. Once inside, the enemy can insert malware, deny service and access, and manipulate and delete information. In worst-case scenarios, the enemy can export and copy stolen data onto their own networks for manipulation and nefarious activity.”
“DCO-IDM can identify and mitigate this threat instantly, using tools or applications that analyze data, filter content and counter enemy procedures for exploiting networks in order to give real-time information of any anomaly,” Villegas continued. “Marines can trace enemy breaches, complete counter-intelligence, surveillance, and reconnaissance (ISR) back to their origin, and ensure the enemy doesn’t have access in friendly networks. The Marines review suspicious content and report out of the ordinary activity for follow on action.”
“In the past, the thought process of cyber security was reactionary with monitoring event logs waiting to be attacked,” said Villegas. “DCO-IDM is the opposite. The team, using up-to-date intelligence of the battlespace and potential enemy actions, is proactively conducting focused ISR of friendly networks, scanning for gaps, and closing potential vectors of attack and if directed upon identification, able to isolate, contain and even conduct local fires on threats.”
During Exercise Cobra Gold 2020 in the Kingdom of Thailand, 31st MEU DCO-IDM along with III Marine Expeditionary Force (MEF) Information Group (MIG) Marines, supported a Cyber Field Training Exercise at the Royal Thai Armed Forces Headquarters in Bangkok. The Marines as part of the U.S. team collaborated with five partner nations: Thailand, Japan, Malaysia, Indonesia, and Singapore, establishing baseline training and international standards to overcome language barriers and communicate in the same cyber language. U.S. Marine Col. Larry Jenkins, commander of III MIG, oversaw the collaboration between Marines and partner-nation forces as they worked together, problem-solving scenarios.
Anytime we work in a coalition environment, it’s positive, whether it’s cyber or one of the other elements of Cobra Gold,” said Jenkins. “Any time we have an opportunity to work with our coalition partners, it builds relationships and makes us a stronger.”
The refinement of DCO techniques, along with collaboration with Navy and other forces, improves how the team operates afloat. As the first DCO-IDM team embarked with the 31st MEU, their goal is to establish a framework so that follow-on teams are able to efficiently take over and improve the proactive defense operations. These teams will eventually build up and fully support all ships while forward-deployed.
The 31st MEU stays ahead of any threat by identifying world trends that may hinder its ability to maintain security. By employing DCO-IDM, the MEU stays true to its motto as “ready, partnered and lethal,” to face any threat including in cyber space, according to the 31st MEU commanding officer Col. Robert Brodie.
“The 31st MEU’s Cyber Unit patrols our network employing DCO-IDM to innovatively identify and engage potential cyber threats while reinforcing and maintaining the highest level of network security,” said Brodie. “As the U.S. Indo-Pacific Command’s crisis response force, our cyber operations demonstrate our adeptness to operate across all domains. We stand ready for crisis 24/7-365 and our cyber warriors ensure we are prepared to project combat power at a moment’s notice: ready, partnered, and lethal.”
The America Expeditionary Strike Group, 31st MEU team, is operating in the U.S. 7th Fleet area of operations to enhance interoperability with allies and partners and serve as a ready response force to defend peace and stability in the Indo-Pacific region. (1st Lt. Demond Glover, Communication Strategy and Operations, 31st Marine Expeditionary Unit)