IIG - Building Cybersecurity into the Corps

Original broadcast 6/4/25

Presented by Carahsoft

Jeff Hurley, Acting Director of IIC4 at the U.S. Marine Corps, shares a bold and strategic vision for network modernization. Rather than patching legacy systems indefinitely, the Corps is embracing a clean-slate approach: rebuilding its IT infrastructure from the ground up with cybersecurity embedded at every layer. Hurley calls this effort “MCSEN unification”—an initiative to create end-to-end cyber visibility from base to battlefield.

The modernization effort includes replacing outdated business and tactical systems that were not designed with cybersecurity in mind. Hurley notes that while some systems must remain operational during transition, others are being completely decommissioned and rebuilt. The decision to keep or replace a system is based on an assessment of both mission impact and cyber risk.

A key enabler of this strategy is a shift away from rigid compliance frameworks like the Risk Management Framework (RMF), which Hurley argues have become too checklist-driven to be effective. Instead, the Corps is adopting a “cyber ready” posture, championed by leaders like DON CIO Jane Rathbun. This model emphasizes dynamic baseline assessments and continuous monitoring over static documentation.

This proactive approach enables the Corps to respond faster and more flexibly to threats. When a system deviates from its approved baseline, that deviation is flagged and addressed immediately—no paperwork required. It’s a shift from reactive to real-time defense, one that Hurley believes will ultimately result in more secure and resilient systems.

Hurley is also focused on long-term transformation. The Marine Corps is not modernizing for today’s mission—it’s preparing for tomorrow’s. That means building systems with modular architectures, embedded identity and access controls, and data standards that can support AI and automation. One of his biggest concerns is data consistency. Without common data models, AI tools and Zero Trust policies can’t function properly.

Zero Trust is the baseline for all new systems, Hurley says. However, he notes that progress will be uneven due to differences in legacy systems and operational requirements. Still, the overall direction is clear: every system must eventually support identity-based access, encryption, segmentation, and behavioral monitoring.

Hurley sees this period of rapid change as a unique opportunity. With strong leadership support and a clear mandate to modernize, the Corps can finally address decades-old challenges and build an IT infrastructure worthy of the warfighters it supports.

Key Takeaways:

• The Marine Corps is rebuilding its network with cyber integrated from the foundation up.

• RMF is being replaced with real-time monitoring and baseline-driven cyber readiness.

• Data standardization and Zero Trust enforcement are key to long-term transformation.

This interview was recorded on location at TechNet Cyber 2025 and included as part of the TV show Innovation in Government from TechNet Cyber.