Reiteration of the Appropriate Use of the Kinetic Integrated Low-Cost Software Integrated Tactical Combat Handheld (KILSWITCH) Application and the Associated Android Precision Assault Strike Suite (APASS)
This MARADMIN reiterates the authorized use policy for the KILSWITCH and APASS applications following a Naval Inspector General investigation into whistleblower allegations regarding software security vulnerabilities. Commanding Generals and Commanding Officers must ensure their units use these systems only in accordance with approved Authority to Operate (ATO) documentation, as unauthorized use could compromise Marine Corps data and violate orders or the UCMJ.
Issued: June 21, 2018
1. Purpose. The purpose of this MARADMIN is to re-iterate the policy on the authorized use of KILSWITCH and APASS in the Marine Corps and address the recommendations from the NAVINSGEN investigation into software security vulnerabilities.<br> 2. Background. Per ref (a), in June of 2017, the U.S. Office ofSpecial Counsel (OSC) referred a whistleblower disclosure to SECNAV via SECDEF regarding potential security vulnerabilities in KILSWITCH and APASS. Per ref (b) the Naval Inspector General (NAVINSGEN) conducted the investigation and provided recommendations to the Commandant of the Marine Corps (CMC) to address the substantiated allegations. The details of this report are not releaseable in this forum, for a copy of the report contact the POC in this message.<br> 3. Execution<br> 3a. Per ref (c), all Commanding Generals and Commanding Officers are responsible for cybersecurity practices of the systems and networks that operate under their purview. This includes ensuring the Marines, and Sailors of their unit use KILSWITCH and APASS in accordance with the applicable Authority to Operate (ATO) signed by the Authorizing Official of the Marine Corps on behalf of the Deputy Department of Navy Chief Information Officer (Marine Corps). Use of KILSWITCH and APASS in a manner that is inconsistent with refs (d) and (e) is not authorized, could present a significant vulnerability in compromising Marine Corps data, and may be a violation of Marine Corps Orders and/or the Uniformed Code of Military Justice.<br> 3b. Commanding Generals and Commanding Officers should ensure, through their Inforamtion Systems Security Manager (ISSM), that use of KILSWITCH and APASS within their unit and subordinate units is IAW refs (d) and (e). This includes the requirement to notify any mission partners, to include foreign military, that are operating with or under their command of the appropriate implementation of this system to mitigate potential cybersecurity vulnerabilities.<br> 4. Release authorized by Col L. M. Mahlock, Director, Command, Control, Communications, and Computers (C4) Department/Deputy Department of the Navy Chief Information Officer (Marine Corps).