Brig. Gen. Dennis A. Crall assumed the duties of Director – Command, Control, Communications, Computers (C4), Headquarters Marine Corps / Chief Information Officer (CIO) of the Marine Corps on July 21, 2015.
Brig. Gen. Crall is a career Aviation Command and Control Officer who has commanded at the Squadron and Group levels. He deployed as the Direct Air Support Center (Airborne), Officer-In-Charge in support of Operation Iraqi Freedom, conducting thirty-four combat missions spanning over three hundred fifty flight hours. He has also served as the Joint Liaison Officer to the 7th Air Force, 607th Air Support Operations Group in Osan, Korea.
CHIPS senior editor spoke with General Crall in December.
Q: Can you talk about your first 100 days on the job? What did you learn about how to improve the Marine Corps’ networking environment and expeditionary requirements to maximize integration with the U.S. Navy and coalition partners?
A: This is a great position to be in for the Marine Corps and to move out an enterprise network to support the warfighter. It’s all about command and control and that is why prior to coming into this job the Commandant personally told me to focus on the C2 of C4. C2 enables the commander to make good decisions. It’s about C2 agility within a seamless MCEN. It’s been our banner and litmus test. It really is about empowering the warfighter from fighting hole to flagpole using big data, data analytics, integrating health care systems — in all functional areas that support warfighting.
Having a robust C2 that is scalable to the tactical edge, and having the right standards to tame the ‘Wild West’ of all the different applications that the Marine Corps has is another example [of what I found]. It is about giving developers a toolkit to build to common standards, reducing legacy platforms and moving to more affordable applications for the IT center (Marine Corps Enterprise Information Technology Services) in Kansas City.
It will require standardizing business IT apps and processes. For example, the Marine Corps Recruiting Command was one of the first to come to me to help them find efficiencies and better recruiting software. Recruiters are using their own devices, in many cases, much better than I can provide with GFE (government furnished equipment). This force preservation helps prepare the warfighter. In other words, there are very few things that are off limits to me to try to improve.
Q: How are you coordinating your efforts in alignment with the Commandant’s Expeditionary Force 21 guidance?
A: It really is the heart and soul of what we do, and it puts us somewhat at odds with the other services in our fighting hole to flagpole approach. EF-21 challenges how we do business. In the past when Marines were to go from garrison to deployment, gear would be taken out of warehouses, over the course of weeks, and it would be dusted off, and tested for connectivity. The challenge is that it is not how the force operates today. The Commandant has said Marines will deploy form disparate places with an immediate need to connect for services and data exchange. Marines are in [a cycle of] continuous retraining, reconstitution and redeployment. Marine Corps warfighters operate under austere conditions but they must have access to services, applications and data down to the squad level. We are a smaller, lighter more lethal force.
Q: I understand that you plan to concentrate your efforts on the command and control aspects of C4. Why focus on C2?
A: I would reiterate what I just said. If you look at my title, Director – Command, Control, Communications, Computers, and some would separate cyber, they are all enablers and exist for C2. I could also bring in waveforms — and they all go back to C2 — having the right information, in the right hands at the right time.
Q: In view of the Office of Personnel Management data breach and other recent cyber incidents, cyber has finally received the urgent attention of national leadership. Will this make your job easier?
A: Attention is not enough. It is having good policies and a good funding strategy, and having baked in security. The DoD CIO’s work with the Joint Information Environment is an example of this, using common standards, and standardizing to Windows 10. It is how we will do business and improve access. One-off applications can’t be defended. So I am excited about the level of standardization occurring for better access, but it can’t sacrifice what is unique to the services, and what Marines need at the tactical edge. It has to be a balance of both.
Q: The Marine Corps has assumed operational management of its share of the Navy Marine Corps Intranet, going to a government-owned/government-operated (GO/GO) model. Has the transition been a success? Has the Marine Corps changed how the network is operated and defended since transition?
A: Work is still in progress. The transition phase is complete and we have laid out the remaining work in phases. We had to make some concessions on legacy systems because we couldn’t shut down the network during transition. I describe it as akin to building an airplane in flight. We are now in phase two which is unification, and we are eliminating those legacy systems that we intentionally left operating. We are doing data center consolidation, and the Marine Corps is in perfect alignment with DoD CIO policy. Data center consolidation will lessen the threat surface, be safer, and save money. In the third phase, we will be merging with the Joint Regional Security Stacks which are starting to be fielded and which will solidify the JIE.
Q: Can you talk about your priorities in how to make the Marine Corps Enterprise Network (MCEN) a seamless network?
A: I can talk, not in terms of my priorities or in any particular order, but rather as 10 to 12 things that need to be done simultaneously. It brings us back to the concept of fighting hole to flagpole. We are working on single sign-on and not having to change email addresses when deploying, all things that allow immediate network accessibility for warfighters, like common standards and security defend-ability.
One thing the Commandant has made very clear is that: “We are going to have to fight for information.” We will be fighting in denied environments where adversaries will attempt to deny our access to satellite data, GPS and the network. Warfighters must be able to join the fight immediately, integrating with naval forces, extending and projecting force on shore, and JIE compliance will help us do that.
Q: How would you evaluate progress on the Marines’ data center consolidation and establishment of Marine Corps Enterprise Information Technology Services (MCEITS) repository in Kansas City?
A: We are making progress but not at the pace I would like. The Marine Corps made a very good decision with MCEITS for compliance with OMB’s data center consolidation (Office of Management and Budget Federal Data Center Consolidation Initiative). It is cheap and the other services are also using it. The Navy, in particular, has moved its COOP, Continuity of Operations Planning to MCEITS. But it is moving the bigger and more complex applications that will make a difference to the fight, and the scalability of the mobile applications across the RF (radio frequency), for tactical radio, as an example. MCEITS was recognized by DISA (Defense Information Systems Agency) for its excellent security. MCEITS was a brilliant call by the Marine Corps, but I am impatient to move more quickly for the warfighter.
Q: Can you talk about the Marine Corps C4 relationship with U.S. Marine Corps Forces Cyberspace Command (MARFORCYBER) and U.S. Cyber Command, how you work together and how you coordinate cyber training requirements?
A: I work with USCYBERCOM through MARFORCYBER. MARFORCYBER is the network defender by definition for the Marine Corps. We are in a close battle rhythm with them and by that I mean there is not a meeting that I have that they are not invited to. Our relationship has to be close so we can reduce the threat vector and develop the right policies. MARFORCYBER rates the cybersecurity scorecard [by which all DoD components are] evaluated by the DoD CIO.
There are two parts to training: individual responsibility, what we call cyber hygiene, and training for professionals. For individuals, responsibility has to be enforced. There are honest mistakes and then there is irresponsibility.
For the professional force, as part of force modernization, we are looking at the training, fields and specialties that make a cyber warrior because the old ones just don’t work anymore. We are looking at the credentials that are needed. Right now the study is with various boards and groups that are also looking at training structures, like the schoolhouses.
Q: Can you talk about your responsibilities as the Marine Corps CIO and your work with the Department of the Navy CIO, Rob Foster, and Navy Deputy CIO, Adm. Ted Branch?
A: First, our relationship is fantastic, and not just with them, but across the MILDEPs (military departments), DoD CIO front office and the Joint Staff J6. We have learned a lot from the Navy’s Cyber Awakening, to bake in security from the onset, and its CYBERSAFE program the Navy created and fielded modeled after SUBSAFE. (SUBSAFE was launched following the 1964 sinking of the USS Thresher to avert undersea casualties.) I have copied the lessons learned and enduring principles for MCEN and also learned from the DON CIO Cybersecurity Strategy Guidance which is easy to follow.
Q: I understand that you are working on how the Joint Information Environment (JIE) and Joint Regional Security Stacks (JRSS) will best support forward deployed Marines?
A: For the JIE a lot still has to be defined, the JRSS is further along and we are helping in the design through the EXCOM, the Executive Committee. We want to make sure that support extends to the fighting hole. So far, we have no reason to think that it won’t, and we are involved in writing the CONOPS, concept of operations. The JRSS will free us from our B1 security level boundaries. There should be savings involved, by that I mean security requirements should not be additive. The idea is standardized security that employs B1 boundaries in the IPN, Installation Processing Node. So by aggregating licenses, the JRSS should be cost-effective, the network should be more secure, and we will have more visibility into security and price points.
Q: Do you plan to expand the Marines’ current mobility pilot and include a BYOD, bring your own device option?
A: Only about 5 percent of the Marine Corps is in the pilot with GFE connectivity. Recruiters have expressed that they would like to keep their own devices — BYOD — Android and iOS devices have better cameras and applications. Recruiters should be able to process an applicant without having to go back to a recruiting station, and be able to do this with an applicant from contact to contract. Any sales organization automates its sales process. Eventually, I would like to see BYOD extended to all Marines.
Q: In regard to procurement reform, I understand that you have concerns about the pace of taking advantage of new technology under the current paradigm. Do you have any suggestions on how to improve the procurement process?
A: I do believe that we will always be chasing technology, even if we have the very latest; there is always something new just around the corner. What we can do is make sure that we are buying technology with the ability to grow, that meets current needs but doesn’t lock us in. It comes down to old-fashioned relationships. I work closely with MARFORCYBER and the Marine Corps Combat Development Command; there is no daylight between us. We don’t want to rush to failure, but we want to buy the right IT and the Urgent Needs process does that pretty well for us.
Q: There sometimes appears to be a perception in the Pentagon when formulating policies that everyone has a computer and works in an office. For an expeditionary force, like the Marine Corps, that simply is not the case. Do you see a need for developing more realistic policies to equip expeditionary forces with the C2 capabilities they need?
A: Leadership absolutely gets this, EF-21, and the [Marine Corps] need to be lightweight, fast, austere and lethal fighting force. The rub comes with engineers in designs that are not built for austerity where engineers are testing in a lab with great bandwidth. So there are constant reminders to developers that Marines’ bandwidth is constrained and that applications must be built for the tactical edge.
Q: Is there anything else you would like to talk about?
A: Only that I am optimistic that we will meet the challenges laid out in EF-21.