News: MARFORRES scores highest Marine Corps security rating in recent inspection
Story by Lance Cpl. Tiffany Edwards
NEW ORLEANS – Marine Forces Reserve has the most efficient cyber security and physical security in the Marine Corps, according to a recent security inspection conducted by the Defense Information Systems Agency.
DISA visited Marine Corps Support Facility New Orleans to conduct a Command Cyber Readiness Inspection to examine the command’s security capabilities. It focused on both classified and unclassified network systems as well as the facility’s physical security protocols.
DISA examines all DOD entities’ security and, in the past, have rated Marine Corps installations with the highest security ratings as compared to all other DOD entities, according to Sgt. Maj. James E. Booker, force sergeant major for MARFORRES.
Booker said that despite this being the first-ever CCRI that MARFORRES has undergone, the unit received the highest rating in the entire Marine Corps, including a perfect score on physical security.
“There is a leadership aspect the Marine Corps has that holds people accountable as we have a tighter, smaller organization,” said Booker. “So it’s easier for us in some cases to control our own. We use the same mentality of leadership that we use in other things. I think it’s just a part of the way Marines do business.”
MARFORRES physical security, which involves building access, identifying threats and the use of the entry badge system, scored a 100 percent, according to Booker. The Non-Classified Internet Protocol Router Network was rated at 96 percent and the Secure Internet Protocol Router Network was rated at 96.4 percent. Booker said that these are some of the highest scores seen for these security ratings.
Sgt. Stephen M. Alltop, the MARFORRES Communications and Information Systems (G6) Cyber Security information officer, was responsible for finding vulnerabilities in the network. Alltop said common security risks are classified and unclassified information “spillages,” or security breaches, as well as personal identifiable information leaks.
From the simple act of handing out a roster with PII attached, an information leak needs to be isolated and controlled immediately from its discovery to prevent the information from potentially reaching the wrong hands.
“When you have a PII spillage, you have to stop it at the source,” said Alltop. “You want to notify everyone that was involved in the spillage, anyone that was on the original email or had access to the original file, not to disseminate it any further. From that point, we will try to assess the impact of the spillage and try to bring it back into the source.”
Alltop said that virtually the same procedure is followed for the release of classified or non-classified information. He added that the resulting score set the bar for the entire Marine Corps, and ultimately highlights the efficiency of the cyber security section and the G6 as a whole.
Capt. Anthony C. Siciliano, Marine Air-Ground Task Force Information Technology Support Center - Reserve operations officer, managed the day-to-day tasking of the seven divisions within the MITSC in preparation for the inspection. While the inspection focused primarily on the physical and network security within the facility, the MITSC still had to evaluate and upgrade workstations here and at more than 170 Reserve component sites – roughly 400 computers in all.
The MITSC, along with the cyber security office, was also responsible for ensuring that all workstations had all of their system updates and security patches in place. According to Siciliano, this was easier said than done, because many of the workstations at remote sites were routinely kept offline for up to 30 days, which meant daily upgrades and patches that are normally updated within a few minutes could take up to eight hours to complete.
For both Siciliano and Alltop, who are currently working on the follow-up to the inspection, what is most important at this stage is to educate the Marines and civilian employees on proper security protocols so MARFORRES can maintain the standard it has set.
“Cyber security isn’t the responsibility of just [the G6] section,” said Alltop. “It’s the responsibility of everyone as a whole. There is a reason we have the annual cyber security training. Ultimately it is up to the individual Marine to maintain the integrity of our network, in the classified areas and the unclassified areas that we have access to.”
For more information about cyber security protocols or to report a potential information spillage, contact the MARFORRES G6 Help Desk at 504-697-7777.