Kenneth W. Bible currently serves as the Deputy Director of the Command, Control, Communications, and Computers (C4) Department at Headquarters Marine Corps. In this capacity, he also serves as the Deputy Chief Information Officer (CIO) for the Marine Corps, and formulates and provides broad policy guidance governing information technology, cybersecurity, and communications infrastructure and applications in support of the U. S. Marine Corps.
Mr. Bible was appointed to the Senior Executive Service in March 2015, having joined Executive Service as a Senior Leader in March 2013. Prior to his current assignment, Mr. Bible served as the Chief Technology Advisor for Headquarters Marine Corps leading continuing assessment and identification of promising emerging C4 and information technologies for exploitation and application in the war fighting and business domains.
Mr. Bible received a Bachelor of Science degree in Mechanical Engineering from Virginia Polytechnic Institute, and earned a Master’s degree in Engineering from the University of South Carolina. He is a member of the Department of Defense Acquisition Community Professional corps; a Level III Certified Acquisition Professional in the Advanced Systems Planning, Research, Development, and Engineering career field; and a licensed Professional Engineer.
Mr. Bible has more than 31 years of Department of the Navy civilian service.
Director C4 priorities include:
- Transforming the Command and Control Network
- Modernizing the Workforce
- Information Technology Stewardship
CHIPS asked Mr. Bible for an update on the Marine Corps C4 priorities in late July.
Q: Brig. Gen. Dennis A. Crall, Director C4, Headquarters Marine Corps/CIO of the Marine Corps, has talked about the need to build the Marine Corps Enterprise Network that can support Marines from the fighting hole at the edge — back to the garrison. Is the MCEN unification plan that will tie together the Marines' portion of the NMCI, the Marine Corps SIPRNET, the Secure Operational Networks Infrastructure and Communication program, and other communications-related networks the answer? Can you talk about the Unification Plan?
A: I would start by saying it’s about getting to a seamless warfighting network. In the past, we had a garrison network and a tactical network and they really didn’t mix. We can’t do it that way any more.
We have some significant challenges going forward in providing C2 agility and resiliency for current and projected mission sets our Marines will execute. Expeditionary Force 21, the Marine Corps’ capstone concept envisions distributed forces needing to deploy rapidly to situations around the globe, and rapidly aggregating as a contingency increases in scope. They are going to have to be highly mobile, and they are going to find themselves in austere environments. They are going to have to communicate over great distances, and they have to be interoperable with our joint and coalition partners. And by the way, our potential adversaries are going to do everything they can to disrupt our C2 and information flow. The strategic vision that has emerged out of this is the need for a seamless enterprise network that minimizes — ideally eliminates — the gap between garrison and tactical.
If you go back in just a few years of the history of Marine Corps C4, this process of taking back our network and getting to this idea of a seamless Marine Corps Enterprise Network (MCEN) goes all the way back to Maj. Gen. Allen, a former head of C4. He saw the inflexibility of our network services under the Navy Marine Corps Intranet (NMCI) in supporting our expeditionary forces deploying out for the conflicts in Iraq and Afghanistan. Then Brig. Gen. Kevin Nally came in and led the effort in transitioning us from the Navy Marine Corps Intranet to the Continuity of Services Contract to the Next Generation Enterprise Network (NGEN) contract that supports a government-owned/government-operated (GO/GO) network with the contractor supporting us, but the Marines in charge [of the network].
In the process of the NGEN transition, we discovered that the network was unwieldy to operate, maintain and secure. We had numerous disparate domains that had come into existence due to operating forces requiring work-arounds to NMCI in order to execute their missions. Brig. Gen. Nally started the process of the Marine Corps Enterprise Network Unification several years back.
Now with Brig. Gen. Crall as the Director of C4, we are looking to take it a step beyond simply unifying the network to making it seamless. This will support how we deploy out seamlessly on the same network that we had when we were in garrison… with a single image, a single domain, a single identity.
So coming back to present day, our network unification efforts are underway to bring the network together and collapse these different domains, and that is going to make it more efficient for us to manage, maintain, and secure the network. Ultimately, we will deliver more consistent services to Marines across the globe, supporting a wide range of missions — everything from major combat operations, to humanitarian assistance and disaster recovery, to noncombatant evacuation operations.
Think of the advantages of this for getting out the door quick and ready in a crisis. Conversely, we used to go pull gear out of the cabinet, dust it off, and configure it each time — and taking the time to do all of that. We’re getting to an ability to take a warm start network and have a seamless transition from garrison to tactical with that single user account, email, workstation. This is what we mean by thinking about the problem ‘from the fighting hole back to the flagpole,’ and looking at the world from the perspective of the farthest most deployed Marine rather than looking at the problem from the people sitting here in the Pentagon.
So this is not only good for the operation of the network, it’s also going to let our MARFORCYBER (Marine Corps Forces Cyberspace Command), forces who operate and defend the network, to finally have the ability to see the entire network they’re tasked to defend and operate. They will be able to respond to an incident anywhere on the network as well, improving our network defense. So we will have better command and control of the network and better command and control of forces.
Getting to a seamless MCEN is a pretty daunting task. But we are doing some things to get after this, such as leading some planning efforts — Limited Objective Experiments (LOE) — with the operational forces that prove the ability for this seamless transition from a warm start network to occur. This lets us focus on the roles and permissions the operational forces need on the network to ensure survivability and preserve functionality when a deployed user, a deployed unit, becomes disconnected from the larger MCEN.
The overall end-state is a pervasive, seamless MCEN, rapidly accessible in any environment (garrison, en route or tactical), and in a standardized, tailorable approach. When I say tailorable, Marines will still have rules and policies to adhere to, but they will maintain the flexibility to scale their capabilities based on the various missions they may face, and the size of unit — the size of the Marine Air-Ground Task Force (MAGTF) — that they are deploying with. They’ll have the ability to pull in the C2 applications and services they need from the construct of an app store, and have standardized infrastructure modules scaled to the space, weight, and power limitations they face in the deployed environment.
Q: Can you discuss the implementation of MCEITS, and progress being made in building common standards, reducing legacy platforms and moving to more affordable applications that will be hosted in MCEITS? Will Marines on the tactical edge be able to access applications in MCEITS?
A: Yes, we think MCEITS is a critical enabler of provisioning capabilities to Marines. So that app store model that I mentioned before is enabled by MCEITS, which is at the core of our private cloud, our Marine Corps private cloud.
The Marine Corps has invested significantly in the MCEITS program, as well as the host facility, the Marine Corps IT Center in Kansas City. This investment supports a critical component of that seamless MCEN and enhances the ability to support Marine Corps operations across the globe. We will be focusing on how does MCEITS… how does that Platform-as-a-Service in MCEITS… support application rationalization and the standardization of the technologies for those applications within the data centers that we have in the Marine Corps. This allows us to support the intent and guidance of the CMC (Commandant of the Marine Corps) and allows Marines to access enterprise data, information, applications and services from anywhere, anytime.
We can’t count on the ability to reach-back all the time, because a potential adversary has the ability or may have the ability to deny our communications. So we have to think about the cloud a little bit differently, and that means that we have to have more standardized, agile and elastic applications, and we have to modernize our applications in more cloud native ways.
I would also like to touch briefly on the Marine Corps IT Center that I mentioned before. This is the facility that hosts the MCEITS program of record, and we intend to maximize its potential by continuing to consolidate significant parts of the Marine Corps enterprise level IT capability under that roof, enabling a more responsive and efficient use of resources.
We are also willing and able to partner with other components and agencies within the DoD in that space. In fact we already provide space for our Navy brethren to use as part of its data center continuity of operations (COOP) capabilities.
So the Marine Corps IT Center provides the Marine Corps an enterprise level IT capability, helps align the Marine Corps with the Joint Information Environment, and ensures future maximum IT efficiency and operational flexibility, something we consider a cornerstone to achieve the seamless MCEN vision.
Q: Is MCEITS the way that the Marine Corps is going to tie into the JRSS, the Joint Regional Security Stacks?
A: MCEITS is a node on the MCEN. The interface point for the Marine Corps to the Joint Regional Security Stacks (JRSS) is through our Installation Processing Nodes (IPNs) and the customer-edge routers that we have already put into place over the last couple of years at each of these nodes. These routers will meet up with the provider-edge routers that the Defense Information Services Agency will provide — and that is our connectivity to the Joint Regional Security Stack — that centralized or regionalized security stack through which the traffic will flow. So to answer your question and be clear to your readers, the JRSS stacks monitor the flow of data in and out of our, bases, and stations to protect the entire DoD network.
Q: Can you discuss C4’s role in influencing advanced infrastructure communications and networking technologies?
A: Well, first we need to continue to bring all the stakeholders together to identify the future capabilities we need. Using MCEITS as an example, we are leveraging MCEITS to bring together our application and system owners to understand what services they need from our private cloud related to app development. In the end, our cloud will provide them the ability to focus on developing innovative capabilities rather than upon infrastructure.
Within the department’s CIO role, we have responsibility for the Marine Corps Enterprise Architecture (EA). This is letting us capture and analyze the mission threads our Marines and civilian Marines have to execute, and then design this seamless MCEN that supports all Marine Corps operations and mission threads. Ultimately, this allows C4 to set policy and guidance and to act as a proponent for solutions within the Planning, Programming, Budgeting, and Execution (PPBE) process.
So we don’t have to necessarily develop and innovate all the technologies, rather we’re setting the conditions for the Marine Corps functional communities (financial, installations, logistics, etc.), as well the warfighter, to innovate freely without creating unique solutions that require excess investment or duplicate investment, or that don’t fit in the architecture that the Marine Corps needs to have in order to meet up with the Joint Information Environment.
Q: What are the Marine Corps’ cybersecurity priorities?
A: The cybersecurity tenets which will ensure the Marine Corps mission is successfully accomplished, really boil down to six things: (1) protect and defend the data; (2) protect and defend the users; (3) protect and defend the system; (4) protect and defend the connections; (5) protect and defend the mission; and (6) protect and defend the Marine Corps’ reputation and image.
Some of the tasks and projects we’re currently engaged in that utilize and execute these tenets, for example, in terms of defending systems and connections, we have a ‘Comply-To-Connect’ initiative that we’re working. This is a solution that provides network access control and authentication. What this does is provide that end-user devices… any end-user device that is authorized to connect to the Marine Corps Enterprise Network (either on the NIPRNET, the unclassified network, or on the SIPRNET), is properly isolated, remediated, and patched whenever it connects to the network. This is going to help us ensure good cybersecurity discipline that reduces the attack surface and forces adversaries to increase their level of effort.
Another area that we are working on as a cybersecurity priority is domain consolidation, which helps us with network visibility. As I mentioned in the first question, the Marine Corps had a number of domains that emerged over the years in order to support what the operational forces needed to do that could not be accommodated by NMCI. And also because of the need to align to the Joint Information Environment construct, we’ve been working to achieve efficiencies and to collapse domains so that we can have a more resilient IT structure, a more resilient infrastructure.
In concert with the Marine Corps Systems Command and our Marine Corps Network Operations Center, we’re directing the elimination of all unclassified legacy domains currently employed, and we’ll be pursuing the same kind of consolidation for secret network (SIPRNET) domains outside of the MCEN as well.
A third effort with cybersecurity has been our data center consolidation. This effort has been driven by OMB, the Office of Management and Budget federal data center consolidation issue. We’ve got one enterprise data center located in Kansas City and seven regional data centers. We recently put out policy guidance to our functional communities to begin migrating applications and systems to these regional sites, which are really our Installation Processing Nodes, as part of our overall Joint Information Environment alignment. As well, this helps us meet our objectives for data center consolidation. This is a great opportunity for us to save money and increase security.
The last effort is to assess the skills and numbers of people to effectively work on our networks. The Marine Corps’ Cyber leaders, and I include MARFORCYBERCOM, Director Intel, and MARCORPSYSCOM, in that group, all recognize that our current manning may not be exactly right to be able to prevent, identify, and respond to the growing cyber threat in the future. We are all aligned to examine what our structure should be through a comprehensive workforce review. We are reviewing the need for structure at all levels and grades — military, civilian, and contractor support. That study has already started and will continue into FY17.
Q: What is the Marine Corps’ strategic plan to migrate to Windows 10?
A: We recently completed a pilot of about 250 laptops and tablets, testing both a remote push over the network as well as local hands-on installations. MARFORCYBER conducted an operational planning team (OPT) meeting in mid-June with MARCORSYSCOM (Marine Corps Systems Command), C4, and our regional Marine Forces G-6s to determine an implementation plan for Windows 10 across the Marine Corps Enterprise Network. Resulting from this meeting, a plan of action and milestones is being developed to ensure the maximum transition we can make within the allotted timeframe.
Due to us leaning forward on this task from DoD CIO, we were successful in pointing out a number of issues with Windows 10 migration. Some of our equipment wasn’t able to support it... neither were the other Services equipment for that matter. As a result, we worked with Defense Information Systems Agency (DISA) to reduce the initial STIG (Security Technical Implementation Guide) requirements, and we phased those STIG requirements over a period of three years to allow us to use our normal technical refreshes to make the migration to Windows 10. This has greatly assisted all the services, not just the Marine Corps, by providing a much larger established hardware set to work with.
Workstations, both under the NGEN contract, which is our program of record supporting the non-classified network, and the SONIC (Secure Operational Network Infrastructure and Communication) program, which is our program of record for the secret network, can be refreshed on a glideslope to meet about 95 percent of the January 2018 implementation deadline. And as we continue to collapse domains and bring more of the Marine Corps inventory under these two programs, we are going to be refreshing more of our inventory.
We currently are researching costs to modernize various other programs such as our Command Operation Center (CoC), the Common Aviation Command and Control System (CAC2S), our G/ATOR (Ground/Air Task Oriented Radar) system, and NALCOMIS (Naval Aviation Logistics Command Management Information Systems), as well as workstations that are funded through Overseas Contingency Operations (OCO) funds. Again, we are leaning forward on this initiative from DoD CIO.
Q: Did you say STIG?
A: Yes, the STIG basically speaks to how the hardware and software components have to be configured in order to be properly secure. One of the things that we found with the Windows 10 migration is that there were some hardware dependencies in the computers that we had on the network in meeting the full compliance with that Security Technical Implementation Guide such that we were going to have to replace a significant amount of hardware early, and the machines were still serviceable.
We believed that there was reasonable risk that could be taken with those existing machines, so we brought that to the attention of the other Services as well as DoD CIO. It made sense to the other Services because they started to find the same challenges. So collectively, along with DoD CIO, we worked with DISA to modify the STIGs, and we continue to work with the DISA via what is known as the Secure Host Baseline Working Group. This is the forum in which we’re able to discuss those security settings and hardware dependencies, and make decisions and recommendations to the DoD CIO.
Q: How does C4 enable personnel readiness? Is it about equipping Marines with better mobility solutions, including Marines on the tactical edge?
A: We want to go about this from an institutional and foundational outlook on how we structure and train our workforce from Marines to civilian Marines to contractors. We aim to support manning, training, and equipping our force, and it is not about chasing the latest and greatest program or piece of equipment. But it is about systematically identifying our requirements and the capabilities needed to fulfill them. From a C4 perspective, I would say this goes back to our enterprise architecture role and our engagement in force modernization and workforce review.
As far as mobility solutions, we most definitely want to improve access for deployed Marines so they can maintain their training, education, and overall readiness. It’s in our ethos that everything we do at C4 is to benefit and enable Marines deployed across the globe to do their jobs more effectively. We must — and we always do ask ourselves, ‘How does this impact our Marines’?
As a sidebar here in terms of readiness, another area that doesn’t get a lot of attention, is about data. We’re currently working on an initiative that we term a ‘Ready Data Environment.’ It’s comprised of three pillars; it’s not a program of record or system, but a strategic initiative.
First, it’s getting after improved data quality, so getting at data stewardship from the time data is input into a system to its stewardship and cultivation by the functional communities as they execute their business processes. Second, it’s about standardization of the system interfaces so that we can make sure we have interoperability of our systems and access to those data elements.
And third, it’s about building the cadre of data scientists, the Marines and civilian Marines that we need to have in order to do advanced analytics on the data. These three pillars have significant impact on the Marine Corps readiness as it’s going to provide timely access to quality data and analytic products to support decisions that are relating to allocating resources to manning, training, equipping the force.
Q: Is there anything else you would like to discuss?
A: I always like to talk about our bring your own device, often referred to as BYOD, efforts around mobility. You asked about whether [readiness] is just about equipping Marines with better mobility solutions, but I would say that one of our challenges is providing options for the Marines to have access to data and information, organizational and individual, in a secure fashion.
We started working on a pilot for a BYOD solution to be able to provide access to that data and information on more devices. For example, we field about 13,000 BlackBerry devices today, and that’s a fairly significant budget item, and we probably won’t have too much more in terms of funding to field more of those government-issued mobile devices for Marines operating in garrison. But if we could take that same money and apply to a software-based container that could run on a Marine’s personal device for particular applications and particular data, we could probably raise the number of Marines who have access to that information on their mobile devices by at least an order of magnitude.
At that point, I have a real opportunity to provide wide access to that organizational and individual information, and it will foster a lot of innovation in terms of apps that benefit Marines, whether that is for fitness; morale, welfare, and recreation; or even warfighting.
Q: So this is something you have in pilot right now?
A: That’s right. We’re currently focused on working on derived certificates. In other words, pushing a piece of your identity credentials from your Common Access Card to the cloud and then allowing it [applications and data] to be pulled down to an individual’s mobile device. Our goal is to have all the processes in place and finalized for the pilot implementation by the 1st of October for our first 250 users.
We have had some challenges in terms of the amount of work that it requires to do the derived credential piece, and we are looking at solutions for how we can automate that in a much more streamlined fashion… a more self-service fashion…but we’ve had some great success in showing this is a pretty secure solution. It’s tremendously more secure for us than individuals using their personal webmail and many commercial services.
This is an item that is not only of interest to the Marine Corps, but it has a lot of external visibility as well. We think it could be a game-changer in terms of how we provide information and capabilities to our garrison-based Marines, and we have yet to understand fully what the tactical ramifications might be, but I can see some potential application there as well.
Q: Since we have time for one more question… I know this might not necessarily be in your swim lane, but do you have any comment to make regarding the readiness and training of the Marine Corps Cyber Mission Teams that will be supporting U.S. Cyber Command?
A: In terms of where we are at in training them, the Cyber Mission Teams, the Cyber Mission Forces, as well the Cyber Protection Teams that have both a U.S. Cyber Command focus as well as a service-retained focus, I would defer to MARFORCYBER as far as talking about their development. But I will say that all of the things that we’ve been talking about with the seamless MCEN are helping us get our Cyber Protection Teams and Cyber Mission Forces the warfighting environment that they need for success.
We’ve been utilizing the Cyber Protection Teams to help us look at potential vulnerabilities and identify and validate that we’re making good threat-based choices in our network consolidation efforts. We have provided some training environments for them to use in order to look at their mission requirements and to train their force. But I’ll leave the status of the Mission Teams and the Protection Teams to MARFORCYBER.
Our job is to making sure that we’re collecting their requirements as an operating force, making sure that we’re advocating for the solutions that they need, and working in concert with them and empowering them with the right policies to operate and defend the network.