CHIPS Articles: Pushing the Boundaries of Cybersecurity for the Marine Corps Forces Cyber Command

MARFORCYBER plans, coordinates, integrates, synchronizes, and directs the full spectrum of Marine Corps cyberspace operations, including Department of Defense Global Information Grid (GIG) operations and defensive cyber operations.

When directed, it also plans and executes offensive cyberspace operations that support Marine Air Ground Task Forces (MAGTF), and joint and combined cyberspace requirements that enable freedom of action across all warfighting domains while destroying or crippling the enemy’s ability to make effective and timely decisions.

Through combined resources, both Space and Naval Warfare Systems Centers Pacific and Atlantic support MARFORCYBER in its mission to plan, coordinate, integrate, synchronize and direct cyberspace operations supporting U.S. Cyber Command (USCYBERCOM).

Organizational Relevance

Cyber is a vital focus area at SSC Pacific; this experience has become a key component in MARFORCYBER’s mission success and ultimately their proactive support for the U.S. Navy.

As an example, MARFORCYBER realized the potential security risks in networks that rely on the Secure Socket Layer (SSL) and Transport Layer Security (TLS) for authentication and privacy which is used throughout the DoD. This realization championed the development of the Service-oriented Public-key Enablement Compliance Testing & Reporting Application (SPECTRA) at SSC Pacific in fiscal year 2013, with funding from USCYBERCOM.

Why?

“Inexpensive jammers, signal detectors, computer processors and radios make it easier for unfriendly states, terrorists, and criminals to manage their efforts while jamming our own ability to sense and communicate. Meanwhile, the number of users in the EM spectrum has grown dramatically over the last two decades. The result is an environment we struggle to sense, understand and use in warfare. We need a concerted effort to harness the EM and cyber environment to give us a warfighting edge,” said Adm. Jonathan Greenert, Chief of Naval operations.

Technological Solution

SSC Pacific has supported Marine Corps Forces Cyber Command since December 2010, when it contacted SSC Pacific and asked for subject matter experts to help establish and operate the newly established MARFORCYBER.

As part of the Department of the Navy, MARFORCYBER works closely with Navy Fleet Cyber Command, and together they support U.S. Cyber Command. MARFORCYBER leads cyber operations that enable access across all warfighting domains, and deny the same to adversarial forces. It provides subject matter experts in intelligence, planning, and cyber operations. The command supports mission operations shift work and participates in cyber regional planning teams from the following commands:< /p>

• U.S. Central Command (CENTCOM)
• Special Operations Command Central (SOCCENT)
• U.S. Special Operations Command (SOCOM)
• U. S. European Command (EUCOM)/U.S. Africa Command (AFRICOM)
• U.S. Pacific Command (PACOM).

SSC Pacific and SSC Atlantic support MARFORCYBER on-site in day-to-day operations allowing MARFORCYBER to provide a broad range of intelligence, analysis, planning, training, operational and logistical support. Furthermore, SSC Pacific and SSC Atlantic provide technical assurance into their acquisition processes, as well as supporting MARFORCYBER’s contractual requirements through the systems command’s contractual capabilities.

Integrated Product Team (IPT) leads from both systems centers hold a regular weekly “sync” to discuss the latest in support, resource, and funding concerns for MARFORCYBER.

SSC Pacific’s team supports strategic and planning expertise inputs, while MARFORCYBER leadership determines current and future priorities.

SSC Pacific has also provided new technology development for MARFORCYBER.

The Service-oriented Public-key Enablement Compliance Testing & Reporting Application is a new science and technology (S&T) capability developed to ensure that deployed and future DoD web servers are properly secured using Public Key Infrastructure (PKI) concepts. The tool provides a dynamic and secure method for auditing web servers for proper PKI compliance. Misconfigured web servers can allow cyber attackers with a minimal skill-set and training to create the following security threats:

• Conduct man-in-the-middle attacks and eavesdrop on (believed to be) secure communications between users and a vulnerable web server;
• Extract sensitive public key information from the user's Common Access Card (CAC), which the attacker can then use to impersonate the user; and
• Steal session keys and other sensitive information and redirect the user to a malicious website with the intent of extracting additional critical information from the user.

SPECTRA was developed largely as a rapid S&T effort in which the team with limited time and resources delivered a new capability that accomplished the following:

• Provides the ability to test for complex PKI-related security settings;
• Provides robust reporting on identified deficiencies;
• Recommends remediation actions to the user;
• Automates part of the process, such as scheduling of periodic web server audits;
• Simplifies the user interface; and
• Supports the rapid integration of additional capabilities to detect emerging PKI vulnerabilities.

The SPECTRA development team developed a new technology that was scalable, used by a variety of users, and reported capabilities beyond MARFORCYBER’s expectations.

SPECTRA was delivered to MARFORCYBER in FY13. The Defense Information Systems Agency (DISA) is expected to deploy the tool DoD-wide on infrastructure that supports regular testing of web servers across the GIG.

Way Ahead

SPECTRA demonstrated to Marine Corps Forces Cyber Command that SSC Pacific could rapidly conceive new technology and deliver it. MARFORCYBER and DISA were pleased with SPECTRA because it helps identify vulnerabilities early on.

SSC Pacific is now looking into building extra plug-in logic that identifies new policies and test cases to detect new attacks such as the latest of many SSL attacks known as Heartbleed. Detecting attacks such as Heartbleed, is intrinsically difficult given our current reactive mechanisms, but with efforts such as SPECTRA, we are moving closer to DoD’s view of what cybersecurity means and how to achieve it.

The SSC Pacific team continues to explore how SPECTRA can support existing networks but also seeks to develop SPECTRA+, which will look at supporting future networks. SPECTRA+ will provide the following advantages, not available by any other tool today:

• Real-time configuration support for Host-Based Security System (HBSS);
• Targeted penetration testing of web servers; and
• Early indicators of warning and anomaly detection capabilities regarding web server attacks.

SPECTRA+ will continue to push the boundaries of security, especially with its projected ability to support users in understanding what a cyberattack looks like and in identifying such attacks early. Future work on security metrics and their visualization will be key in ensuring that efforts such as SPECTRA and SPECTRA+ make SSC Pacific’s vision of information dominance a reality.

For more information about Space and Naval Warfare Systems Center Pacific, please visit: http://www.public.navy.mil/spawar/Pacific/Pages/default.aspx.

For more information about Space and Naval Warfare Systems Center Atlantic, please visit: http://www.public.navy.mil/spawar/Atlantic/Pages/Home.aspx.