U.S. Military's $100M Management System Contained Critical Flaws. Any User Could See and Change Everything
NGC2 nearly drowned in its own vulnerabilities, but the Army rescued the project.
NGC2 nearly drowned in its own vulnerabilities, but the Army rescued the project.
The U.S. Army has eliminated critical cybersecurity deficiencies in the prototype of its new NGC2 (Next Generation Command and Control) system. This project is considered a key element of the digital transformation for the armed forces; however, initial tests revealed vulnerabilities that could have led to loss of data control and posed a threat to operations. The problems came to light shortly before the start of the large-scale Ivy Sting test series, aimed at scaling the system to the level of an entire division.
A document dated September 5 contained a stark assessment of the platform's state. It stated that NGC2 "in its current form demonstrates critical deficiencies in the area of basic security tools, procedures, and management," creating a risk of unauthorized access, data leaks, and even a threat to personnel. Kyulli noted the lack of sufficient oversight for the implementation of new features and indicated that development was progressing faster than the security oversight system.
After being leaked, the memo was circulated within the industry, but three weeks later, Army command announced that all risks had been mitigated. According to Army CIO Leonel Garcigi, enhanced cybersecurity processes allowed for the rapid discovery of problems, engagement of contractors, and implementation of corrective measures. He emphasized that this did not derail the program's schedule or impact the course of the tests.
The Cyber Command headquarters noted that identifying vulnerabilities at an early stage was part of the development strategy. According to a headquarters representative, this is precisely how the "security by default" approach should work: threats are identified in the prototype, eliminated immediately, and this allows the system to be hardened before deployment begins. The headquarters called the situation a positive example of how a project should evolve.
NGC2 is the Army's primary technological initiative, designed to replace legacy command networks with a software-defined architecture that provides unified data access and real-time unit management. It is being developed from a "clean slate" – from scratch, without using old solutions. In July, the Army allocated approximately $100 million to the company Anduril and a group of contractors to create a prototype for the 4th Infantry Division, which will be tested at the Project Convergence Capstone 6 event this summer. The system will become part of the large-scale digital transformation of the armed forces.
Kyulli's memo appeared ten days before the first Ivy Sting demonstration and listed a wide range of threats. These included a lack of access control segregation, unvetted and potentially vulnerable third-party application code, and weak system management and data flow control. The document asserted that the system operated with known, but unaddressed, vulnerabilities and lacked an assigned official responsible for operational security. It also noted that the platform resembled a "black box," where it was impossible to track which users were performing which actions within the network.
Particular attention was paid to the lack of a Role-Based Access Control mechanism, meaning any user who gained access could see and change all information. This contradicts the Zero Trust principles adopted by the Pentagon. It was also pointed out that the used Palantir Federal Cloud service had not undergone assessment and lacked official authorization for operation, and that applications had not undergone basic vulnerability scanning.
Nevertheless, by mid-September, according to Garcigi, NGC2 successfully passed the first phase of Ivy Sting. The tests showed that the new cybersecurity procedure
