Navy League Web
Redesign in Progress!
 
February 2003 Join Now

Flexibility, Response Time, And Warfighting Capabilities

Marine Corps Enterprise Network Provides Secure and Reliable Computer Communications

By OTTO KREISHER

Otto Kreisher is a reporter for Copley News Service.

Rapid and secure computerized communications that can reliably link bases in the United States with forces deployed overseas are essential for modern military operations.

Also, a convenient email service to keep in touch with family and friends at home is a good morale booster for deployed service personnel, many of whom grew up with the Internet.

Providing both of those vital communications functions is among the missions of the Marine Corps Enterprise Network, a constantly evolving high-tech system managed from Marine Corps Base Quantico, Va. The network provides a wide range of data communication services that include the handling of personal email to relaying highly classified operational orders and intelligence. It operates on a global basis and is protected by a layered defense against attack.

The staff that operates the Corps' Enterprise Network may assume new missions in offensive information warfare because of its new ties to the reorganized U.S. Strategic Command.

Upgrading the Tradition

The current operation "grew out of a long-standing Marine Corps tradition of providing enterprise networks to connect individual computers," said Lt. Col. Daniel A. Hickey, chief operating officer for the Enterprise Network. The Corps has provided that service "since main frames were the big buzz word," Hickey said.

The need for networking grew with the advent of the personal computer and distributive computing. As units began to link individual PCs in local networks, the Marine Corps saw a need to pull them together on a service-wide basis to establish uniformed operating standards.

The process was started in 1989 using Banyan VINES, a commercial networking system similar to Microsoft. It provided a single communications system for both email and operations, he said. But Banyan VINES had certain limitations, so the Marines shifted to a more common transmission-control protocol/Internet protocol (TCP/IP) suite to drive the network.

That protocol, however, was familiar to hackers and the network experienced increasing attacks via the Internet. The attacks, during a number of joint exercises over the years, provided "a rude wake-up call for all of DOD [Department of Defense]. ... We had a long way to go to ensure the networks were secure."

Direct Access to DISN

Under orders from the Marine Corps commandant to secure the networks, the director of command, control, communications, computers, and intelligence (C4I) at the Marine Corps Systems Command formed a working group in 1995 to create a network operations center (NOC).

The NOC, named the Marine Corps Tactical Systems Support Activity-East, became operational on 15 February 1996 with a staff of 24 uniformed Marines and civilian employees, plus a director and his deputy. Many had provided support for the Banyan VINES system.

The NOC quickly selected Cisco routers, which gave the Marine network direct access to the Defense Department's computer grid--the Defense Information Systems Network, or DISN.

The working group also decided to switch to Microsoft Windows New Technology (NT) as the future network operating system, beginning in November 1998. Within 13 months, about 70,000 computer workstations were switched to Windows NT and more than 4,000 technicians and support personnel at 27 Marine Corps installations were trained to use it.

However, the Marine network had no boundary protection against intrusion. So, starting from scratch in March 1998, the NOC personnel created a service-wide security architecture to protect against network attack. "Within six months, they established 41 firewall devices" at each point where the Marine network touched DISN.

Although DISN has its own security systems, it is considered untrustworthy because it does not follow the Marine Corps' security policy, Hickey explained. "Best business practice is to assume that, if you don't have any control, a system is not living within your security policy."

Warnings and Firewalls

The push to secure the system gave birth to what is now known as the Marine Corps Enterprise Network, Hickey said. Originally part of the Marine Corps Systems Command, the network operations were put under control of the director of C4 at Marine Corps headquarters in October 1999 and merged with the Marine Corps Computers and Telecommunications Agency.

In the merger, the Marine Forces Computer Network Defense office was created to develop and implement enterprise network defensive measures that relied on indications and warnings from intrusion-detection devices and from the firewalls established on the network's perimeters.

"We now can say we have a truly secure network," Hickey said.

In the process, the operations center was renamed the Marine Corps Information Technology and Network Operations Center (MITNOC). The Quantico-based center is the brains of the enterprise network.

The MITNOC, commanded by Brig. Gen. John R. Thomas, is operated by about 213 people, 123 of whom work for contractors: Smartronix, Northrop Grumman, SAIC, and Booz-Allen Hamilton.

Most MITNOC personnel are based in Quantico. Some are at Marine posts and headquarters across the United States and around the world.

Putting those skilled network technicians with the dispersed Marine forces has proved to be very popular with the units, Hickey said. When not fully engaged with managing the network, the technicians help with other information-technology problems. The contractor personnel are "as much a part of the team" as those in uniform, he said.

Hickey said the MITNOC organization "is unique within DOD and is a model that is being copied by other services and at the joint level."

Located in one building are the network operators, responsible for the "day-to-day care and feeding of the network," and the Computer Emergency Response Team, which watches the network for events, or attacks, and reacts as needed, he explained. There also is an antivirus cell to ensure that antivirus defenses are maintained.

The staff also has a "forensic" capability to help with events that may warrant a law-enforcement response.

Connecting With the MEU

"The fact that we have all those capabilities under one roof has generated a synergy'' that gives the center "a flexibility and speed of response" that might not be possible in separate locations, he said.

Hickey emphasized that the enterprise network is "global in scope, covering both garrison and deployed forces." Each Marine Expeditionary Unit (MEU) that deploys is able to establish connectivity and become part of the network.

As a MEU begins training for deployment, the MITNOC establishes liaison, determines what its requirements are, and either sends personnel to help train the MEU personnel or provides assistance by telephone.

Each deploying unit takes its own network security system with it in a portable container that includes the hardware and software needed to provide firewall protection, routers, switches, and intrusion detection systems.

The equipment is called the Deployable Security Interdiction Device (DSID) for larger units and the DCID Small Wall--a smaller, less capable set that goes with a MEU.

The MITNOC personnel also provide around-the-clock technical support and a "help desk" that is available to deployed forces and can dispatch "fly-away teams," within eight hours of a request for help, to provide more extensive assistance.

The Marine Corps Enterprise Network and the MITNOC are facing a number of changes. One involves the widening application of the Navy-Marine Corps Intranet (NMCI), a massive $6 billion program intended to provide common computers and operating systems to virtually all Navy and Marine Corps units and operations within the United States. It will provide high-speed digital communications, both unclassified and secure, to the domestic bases, offices, and agencies of the two services and a link to their deployed and overseas commands.

After considerable start-up problems and trials, the prime contractor, Electronic Data Systems (EDS), received approval to start a rapid expansion of the system, from the initial 48,000 workstations in the system to about 410,000 by the end of 2004. That expansion will include the first significant numbers of Marine workstations.

Control "Absolutely Critical"

When the NMCI is completed, "most of the network services we provide for U.S.-based Marine commands will be provided by the contractor," Hickey said.

But the Marine network will continue to provide the global services to deployed units and overseas Marine commands and will retain ultimate responsibility for oversight. And, although EDS must provide protection from intrusion for both the open and the classified services, the MITNOC will continue to ensure the security of the network, he said.

"Control over the security posture for the Marine Corps community of interest is absolutely critical because the networks are part of your warfighting capability," Hickey explained. "We must ensure flexibility and speed of response."

The only way to do that, he said, is to retain the ability to make changes autonomously, without having to seek approval from higher authority. "Operational decisions have to be made with the speed of light."

Other changes could result from the merger of the U.S. Space Command into the new U.S. Strategic Command. One of the more important missions of the new unified command is to "bring together all the capacity for information operations under one commander," Hickey said. That would include computer network operations as well as network defense, exploitation, and attack, he said.

The Marines are tied to Strategic Command through the commander of Marine Forces Atlantic and an organization called the Marine Corps Network Operations and Security Command, which shares offices and personnel with the MITNOC.

"We historically ... have been focused on computer network defense," Hickey said--but "there is the potential," he added, "that we would be involved in other aspects of computer operations, including an offensive role.

"That's under discussion," he said. "There has been no decision made." *
Back to Top
Home | About Us | Contact Us | Links | Online Community
U.S.Navy | U.S. Marine Corps | U.S. Coast Guard | U.S.Flag Merchant Marine
Membership | Ways of Giving | Meeting & Events | Public Relations
E-Store | Legislative Affairs | Navy League Councils | Naval Sea Cadets
Scholarship Program | Sea Power Magazine | Search

 
©2006 Navy League of the United States. All Rights Reserved.