The Army’s most ambitious battlefield communications project in decades was recently flagged for serious cybersecurity problems—problems so critical that internal documents said the system could let adversaries gain undetectable access. But Army leaders insist those issues were caught early and fixed fast, keeping the program on track for future fielding.
So what exactly happened, and what does it mean for the force?
What is NGC2?
The Next Generation Command and Control (NGC2) system is the Army’s top modernization priority. In plain terms, it’s a digital brain that connects soldiers, commanders, sensors, drones, vehicles, and data—all in one place. Think of it as a tactical iPhone for the battlefield: a system that replaces aging networks and processes with faster, smarter, more flexible tools to command troops and strike targets.
Instead of passing info through a slow chain of radio calls and staff sections, NGC2 uses apps and software to share real-time information instantly across the battlefield. The goal: cut delays, speed up decision-making, and outmaneuver the enemy before they can react.
The system is still in the early prototype stage, but it’s expected to be a game-changer in the way the Army fights in future conflicts.
A “Very High Risk” Warning
On September 5, the Army’s Chief Technology Officer, Gabriele Chiulli, authored a blunt internal memo obtained by Breaking Defense that warned: the NGC2 prototype had “critical deficiencies” in basic cybersecurity protections.
The memo described the system as a “black box,” with:
- No role-based access controls — any user could see everything, including sensitive data.
- No audit trails — the Army couldn’t tell who was accessing or doing what.
- Known software vulnerabilities — including third-party apps with hundreds of issues.
- No clear owner for security oversight — meaning no one was formally responsible for locking it down.
“Given the current security posture of the platform and the hosted 3rd party applications, the likelihood of an adversary gaining persistent undetectable access to the platform requires the system to be treated as very high risk,” Chiulli wrote in the memo.
That’s not a warning anyone in uniform wants to hear about a mission-critical system designed to control everything from fires to logistics to recon drones.
Army: Issues Were Fixed Before Testing
Army officials quickly responded after the memo surfaced. In a statement to Breaking Defense, Army Chief Information Officer Leonel Garciga said:
“The issues were mitigated immediately.”
He credited the service’s “streamlined cybersecurity processes” with identifying and resolving the vulnerabilities before field use.
In a Sept. 25 phone interview with Breaking Defense, Lt. Gen. Jeth Rey, who leads the Army’s G-6 (networks and cyber), said:
“We have to bake in cybersecurity early in the process, and I think this is what we did. This is a new capability coming in, and we found a risk and we mitigated it right out the gate. I think it’s a good news story for us going forward.”
Garciga also told Reuters in an Oct. 3 interview that many of the security issues were addressed “within a matter of weeks and days,” with only one application still undergoing fixes.
What Vendors Said
Anduril, which leads the NGC2 prototype contract, and Palantir, a major third-party software vendor, both defended their platforms.
In an emailed statement to Reuters, Anduril said:
“The recent report reflects an outdated snapshot, not the current state of the program.”
Shannon Prior, Anduril’s VP of Communications, added in a statement to Seeking Alpha:
“The program was awarded an Authority to Operate with conditions—formal recognition that those issues have been resolved while also outlining requirements that will guide ongoing work.”
Palantir stated in an email to Seeking Alpha:
“No vulnerabilities were found in the Palantir platform.”
They added that their system is authorized at Impact Level 5 and 6, indicating a high level of information assurance, and that their software “provides the Army with visibility to rapidly conduct comprehensive security assessments across the NGC2 ecosystem.”
What Ivy Sting 1 Proved
During the Ivy Sting 1 event at Fort Carson on Sept. 15, the 4th Infantry Division used a beta version of NGC2’s Artillery Execution Suite (AXS) to conduct live-fire testing with M777 howitzers.
In an Oct. 2 article from Breaking Defense, Maj. Gen. Patrick Ellis, 4th ID’s commander, described the moment soldiers fired artillery using the AXS tool:
“That’s the beginning of a new era for the Army.”
Commanders reported that the AXS system dramatically shortened the time from target identification to fire mission, in some cases bringing the system online before gun crews had finished digging in their howitzers.
Col. Charlie Brown, the division’s artillery commander, told Breaking Defense that the current legacy system, AFATDS, had served well in a static COIN environment but wouldn’t cut it for the next fight:
“We don’t think AFATDS can get there. AXS is being introduced to help accelerate that kill chain.”
Officials said that one of the key benefits of NGC2 will be allowing artillery batteries to operate farther apart with greater speed and mobility—something critical in modern high-threat environments like Ukraine.
Why It Matters for the Warfighter
The bottom line is this: speed wins fights. NGC2 is designed to accelerate how fast data moves across the battlefield—whether it’s calling for fire, tracking logistics, or passing intel. But that speed can’t come at the cost of mission security.
The vulnerabilities described in the Army’s memo could have led to serious compromise. The fact that the Army caught and addressed them early means the system can continue evolving without putting units at risk.
This wasn’t a program failure—it was a validation that the development process is working. The Army found issues, forced corrections, and kept marching forward.
NGC2 is designed to replace outdated, slow systems with a unified, software-based network for real-time battlefield operations.
The Army CTO memo revealed serious cyber flaws in early prototypes—but those flaws were allegedly mitigated before field use.
Live-fire testing at Ivy Sting 1 showed promising results, especially with the AXS tool speeding up howitzer strikes.
Vendors and Army leaders agree: the system is improving rapidly, but must continue balancing innovation with security as it scales.
© 2025 The Salty Soldier. All rights reserved.
Reproduction without written consent is strictly prohibited.
