The service cyber components that feed up to Cyber Command are responsible to man, train and equip their cyber warriors, meaning each service ends up using their own acquisition and service-specific models to do so.
While Cyber Command possesses limited acquisition authority, this capability is nascent meaning the individual services still are charged with equipping their cyber forces based upon minimum operating capabilities operating capabilities Cyber Command’s Capabilities Development Group outlines.
Marine Corps Forces Cyberspace Command does not possess direct acquisition authority and so they have to work through a variety of vectors including other commands within the service to procure both offensive and defensive capabilities.
In that role, an emphasis on capability has emerged: “I am not buying IT, I am buying cyber weapon systems, I am buying cyber capability,” Robin Gentry, assistant chief of staff of logistics at MARFORCYBER, told Fifth Domain in an interview at MARCORSYSCOM headquarters.
To foster better understanding of MARFORCYBER’s needs, MARCORSYSCOM sent a liaison officer to MARFORCYBER’s headquarters to sit with operators and get a better understanding of their mission. The partnership between the two Marine Corps commands stems from a cyber task force a few years ago, Mike Cirillo, principal cyber advisor at Marine Corps Systems Command, told Fifth Domain, with one of the tasks focusing on acquisition.
Cirillo said Systems Command tries to meet the urgency conveyed by MARFORCYBER and support them within the existing Marine Corps structure.
He added that by working with MARFORCYBER the service can better align authorities and policy that supports both organizations.
“That doesn’t happen if we don’t communicate or work closer together. A lot of what MARFORCYBER does is at a much higher classification than what we do to buy trucks and uniforms and things like that,” he said. “That alone just on the face of it causes sort of, not a misalignment but a suboptimized working relationship and that’s something that we’re working through.”
Cirillo and Gentry discussed the difficulty of getting MARCORSYSCOM support staff cleared to be able to work with MARFORCYBER given much of the work requires a top secret security clearance.
The key to this relationship, Gentry said, is he can go to the liaison and ask who he can talk to about fielding laptops for a team.
MARFORCYBER is also using a contract vehicle called NASA Solutions for Enterprise-Wide Procurement (SEWP), which is a multi-award contract vehicle focused on commercial IT solutions and provides a catalog of approved vendors.
However, even with this approach, Gentry said it could still take 30 to 60 days to get a capability.
“That’s not real time,” he said.
But by working with partners across the service, there are benefits. Gentry pointed to the fielding of the Deployable Mission Support System (DMSS) used by cyber protection teams, which consists of laptops, passive and active sensors, and analytic capability provided via either government or commercial off-the-shelf, or free and open software. At the time, DMSS was an emerging need. The initial fielding of the DMSS was somewhat limited, Gentry said. He described it as a hodgepodge capability.
Each service developed their own DMSS kit resulting in four different kits across the joint force. Cyber Command is now looking to standardize these kits across the force.
Within the large scheme of acquisition, Gentry said the benefit of the Marines DMSS procurement effort was that it was an emerging need that has now been brought from a block 1 to a more advanced block 3 capability.
“The Marine Corps in some respects is far ahead of the other services on tool kit development,” Gentry said.