MARADMINS : 347/18
R 221435Z JUN 18
MSGID/GENADMIN/CMC WASHINGTON DC C4//
SUBJ/REITERATION OF THE APPROPRIATE USE OF THE KINTETIC INTEGRATED LOW-COST SOFTWARE INTEGRATED TACTICAL COMBAT HANDHELD (KILSWITCH) APPLICATION AND THE ASSOCIATED ANDROID PRECISION ASSAULT STRIKE SUITE (APASS)//
REF/A/MEMO/SECNAV/RESPONSE TO U.S. OFFICE OF SPECIAL COUNSEL REGARDING SOFTWARE SECURITY VULNERABILITIES DTD 24APR2018//
REF/B/REPORT/NAVINSGEN/OSC DI-17-3391 NAVINSGEN 201702142/ALLEGED VULNERABILITIES OF THE KINETIC INTEGRATED LOW-COST SOFTWARE INTEGRATED TACITICAL HANDHELD (KILSWITCH)/ANDROID PRECISION ASSAULT STRIKE SUITE (APASS) APPLICATION//
REF/C/MCO/CMC/MCO 5239.2B/MARINE CORPS CYBERSECURITY DTD 05NOV2015//
REF/D/ATO/DDCIOMC/2018-0278-1/AUTHORIZATION TO OPERATE (ATO) THE MESH NETWORK MANAGER (MNM) MARINE AIR GROUND TABLET (MAGTAB)//
REF/E/MCCA/DDCIOMC/2015-0041-2/MARINE CORPS CERTIFIED APPLICATION (MCCA): KINETIC INTEGRATION LIGHTWEIGHT SOFTWARE INDIVIDUAL TACTICAL COMBAT HANDHELD (KILSWITCH) V2.X DTD 3FEB2015//
POC/R. A. LETTEER/GS-15/HQMC C4 CY/TEL: 703-693-3490/EMAIL: RAY.LETTEER@USMC.MIL//
POC/B. J. ELLIS/MAJ/HQMC C4 CY/TEL: 703-693-3490/EMAIL: BUDDY.ELLIS@USMC.MIL//
GENTEXT/REMARKS/1. Purpose. The purpose of this MARADMIN is to re-iterate the policy on the authorized use of KILSWITCH and APASS in the Marine Corps and address the recommendations from the NAVINSGEN investigation into software security vulnerabilities.
2. Background. Per ref (a), in June of 2017, the U.S. Office ofSpecial Counsel (OSC) referred a whistleblower disclosure to SECNAV via SECDEF regarding potential security vulnerabilities in KILSWITCH and APASS. Per ref (b) the Naval Inspector General (NAVINSGEN) conducted the investigation and provided recommendations to the Commandant of the Marine Corps (CMC) to address the substantiated allegations. The details of this report are not releaseable in this forum, for a copy of the report contact the POC in this message.
3a. Per ref (c), all Commanding Generals and Commanding Officers are responsible for cybersecurity practices of the systems and networks that operate under their purview. This includes ensuring the Marines, and Sailors of their unit use KILSWITCH and APASS in accordance with the applicable Authority to Operate (ATO) signed by the Authorizing Official of the Marine Corps on behalf of the Deputy Department of Navy Chief Information Officer (Marine Corps). Use of KILSWITCH and APASS in a manner that is inconsistent with refs (d) and (e) is not authorized, could present a significant vulnerability in compromising Marine Corps data, and may be a violation of Marine Corps Orders and/or the Uniformed Code of Military Justice.
3b. Commanding Generals and Commanding Officers should ensure, through their Inforamtion Systems Security Manager (ISSM), that use of KILSWITCH and APASS within their unit and subordinate units is IAW refs (d) and (e). This includes the requirement to notify any mission partners, to include foreign military, that are operating with or under their command of the appropriate implementation of this system to mitigate potential cybersecurity vulnerabilities.
4. Release authorized by Col L. M. Mahlock, Director, Command, Control, Communications, and Computers (C4) Department/Deputy Department of the Navy Chief Information Officer (Marine Corps).//