ABOUT DCO-IDM
THE MARINE CORPS RESERVE IS BUILDING DEFENSIVE CYBERSPACE TEAMS
Have the skills? Write to us and introduce yourself.
Background: The Marine Corps Reserve provides trained units and individual Marines to augment and reinforce active forces for employment across the full spectrum of crisis and global engagement. The US military is facing an increasingly contested operational environment, including operations in and through cyberspace. Marine Corps Defensive Cyberspace Operations (DCO) are part of a broader information environment spanning many domains, operations, and related capabilities (e.g. computer network attack, electronic warfare, information operations, and military deception).
Purpose: Company A provides Defensive Cyberspace Operations-Internal Defensive Measures in support to Marine Expeditionary Force Headquarters Group (MHG), Marine component headquarters, and/or a Combined/Joint Task Force headquarters (C/JTF HQ) in order to enable and enhance the warfighting abilities of a Marine Commander.
Situation: Information-related weapons are increasingly common and lethal on the battlefield. For example, in 2007 the Israelis purportedly employed cyber capabilities and electronic attack to suppress an enemy air defense network to destroy a suspected nuclear facility. More recently in Ukraine, Russia purportedly employed electronic warfare to target Ukrainian formations using long-range fires. Russian information operations purportedly continue to manipulate public opinions to shape the operational environment. Going forward, we must understand how new technologies, such as artificial intelligence, machine learning, autonomous systems, robotics, electronic warfare, cyber warfare, and social media will impact military cyberspace capabilities. With respect to the defense of our interconnected military systems, the demand signal is clear: we need more.
DCO-IDM Definition: According to Joint Publication 3-12, Defensive Cyberspace Operations-Internal Defensive Measures (DCO-IDM) are the form of DCO mission where authorized defense actions occur within the defended network or portion of cyberspace. DCO-IDM of the Department of Defense information network (DODIN) is authorized by standing order and includes cyberspace defense actions to dynamically reconfirm or reestablish the security of degraded, compromised, or otherwise threatened DOD cyberspace to ensure sufficient access to enable military missions. For compromised DODIN elements, specific tactics include rerouting, reconstituting, restoring, or isolation. Most DCO missions are DCO-IDM, which include proactive and aggressive internal threat hunting for advanced and/or persistent threats, as well as the active internal countermeasures and responses used to eliminate these threats and mitigate their effects. For example, Cyber Protection Teams (CPT) operations conducted on key terrain in cyberspace for mission-critical assets in response to indications of malicious cyberspace activity are DCO-IDM missions, even before indicators of compromise are apparent.
Training: Our training efforts focus on three mission assurance actions:
1) Protect and defend against anticipated attacks using appropriate response actions
2) Hunt for advanced threats
3) Respond and recover from cyber attack
Talent: The Marine Corps requires new capabilities and added capacity to “fight tonight” in the cyber domain, especially at the tactical level. The Marine Corps Reserve offers rare and valuable skills and experience found in a growing number of Reservists who work in cyber roles among hundreds of civilian employers. Some of these Marines possess unique expertise for which there will never be a military schoolhouse or training course. The Marine Corps Reserve is working hard to establish a competency-based Military Occupational Specialty (MOS) certification path for Reservists with qualifying civilian experience, education, and/or training. For example, Marines with the following civilian job titles may be valuable to our teams:
Software Engineer
Network Engineer
Data Scientist
Penetration Tester
Incident Responder
Forensics Investigator
Malware Analyst
Reverse Engineer
Security Operations Analyst
Vulnerability Manager
Identity/Access Manager
Security Architect
Cloud Architect
Domain Administrator
Tradecraft: In terms of equipment and tradecraft, DCO employs a variety of custom, commercial, and government tools using an adaptive approach.
Have the skills? Write to us and introduce yourself - we will look forward to talking with you. Feel free to send along your GitHub page, cyber experience, or original research. The DCO-IDM team is made up of geeks, cyber professionals, innovators, and information technology leaders.
Innovation Imperative: General Gray, 29th Commandant of the Marine Corps, reminded us “the Fleet Marine Force Manual 1 (FMFM 1) stated, ‘War is both timeless and ever-changing. While the basic nature of war is constant, the means and methods we use evolve continuously.’ Like war itself, our approach to warfighting must evolve. If we cease to refine, expand, and improve our profession, we risk becoming outdated, stagnant, and defeated.”