Marines experimenting with defensive cyber teams for reconnaissance
One Marine Corps information warfare unit is experimenting with how to use its defensive cyber teams for reconnaissance, according to the organization’s commander.
The Marine Expeditionary Force Information Groups (MIGs), which were created in 2017 and support each MEF within the Corps, integrate electronic warfare with intelligence, communications, military information support operations, space, cyber and communication strategy to provide MEF commanders with an information advantage.
Each of these units incorporates what is known as a defensive cyber operations-internal defense measures (DCO-IDM) company, which protect networks and hunt adversaries on friendly systems at the tactical edge.
II MIG is the lead within the MIGs for experimenting with reconnaissance and counter reconnaissance, its commander Col. Brian Russell said in a podcast hosted by the Brute Krulak Center for Innovation & Future Warfare at Marine Corps University, Wednesday.
Through that experimentation, Russell said they are looking to use their DCO-IDM companies as a reconnaissance force.
“As we lay out our network terrain and determine what’s critical from a reverse targeting methodology, certainly, malicious cyber actors are coming after our kill chains,” he said. “We draw essentially named areas of interest around those critical nodes and that’s where we apply our resource with a sensor [that] I call the electronic version of binoculars to look and confirm that adversary presence so we can do something about it. That to me is a form of cyber reconnaissance that we’re experimenting here at II MEF.”
Russell has previously discussed the need to reimagine how these defensive cyber teams can be used in the gray zone against adversaries, or the competition space that exists below the threshold of armed conflict.
“We can employ this capability to influence adversary decision-making by combining DCO-IDM operations with any other element of the Fleet Marine Force,” he said in 2020. “These operations, below the level of armed conflict (gray zone), enable us to understand the adversary, condition their behavior in advance of conflict, and even impose costs on their operations and strategic intent.”
These DCO-IDM teams are trained to the same standards as U.S. Cyber Command’s high end defensive cyber protection teams that respond to and defend against malicious activity on enterprise networks, Russell said, adding they are essentially interoperable.
This interoperability “opens some doors that lets you work on other people’s networks with allies and partners who trust you because you’re trained to a certain standard,” he said, noting this is the same approach they’ll take with offensive teams abiding by Cyber Command standards.
II MIG primarily supports European Command but also services as the Marines’ global response MEF. They have previously conducted exercises and experiments in the theater, learning that building and winning narratives before a conflict is important and everything takes place in the information environment.
Officials have long maintained that the MIGs would not be built overnight. Exercises and experimentation help the Marine Corps shape the direction of these forces and better understand what needs to be tweaked.
In fact, based upon lessons learned from exercises and experimentation, the Marine Corps made alterations to the MIGs three years after they were formed.
Additionally, officials noted that despite the tactical nature of these teams and a lot of what the Marine Corps does, units must also be tied into the operational and strategic trends to be successful.
“In order for you to be tactically successful, you have to be aware of strategic and operational level effects, usually non lethal, that shape the environment to allow your tactical action to occur,” Col. Ray Gerber, commander of III MIG, said on the same podcast. “I would say that the Marine Corps is struggling with this because we have grown up in a world where the tactical action is the thing that everything centers around.”
This force, however, can project power globally from one location, a departure from the traditional domains that is unique to the information environment.
“I’ve got Marines in this building right now supporting operations in the USEUCOM AOR, supporting the conflict in USEUCOM AOR from either analysis or capability provision perspective,” Russell said. “I think that is a growth industry. [Continental U.S.] base operational support … I don’t need to deploy forward to provide the operational value. I can do that from home station or other locations that aren’t necessarily quote unquote, in the conflict zone. That’s what this modern information environment enables us to do.”