US Army Tackles NGC2 Cybersecurity Risks, Excels in Ivy Sting Event
The US Army has successfully addressed several cybersecurity risks in its Next Generation Command and Control (NGC2) platform. The Army's efforts were evident in the recent Ivy Sting event on Sept. 15, where the Army performed well despite previous concerns.
The Army's journey with NGC2 has been marked by a series of sprint events, known as the Ivy Sting series. These events allow the Army to incrementally add capability to the system before the final Project Convergence Capstone 6. However, the path hasn't been smooth. An early iteration of NGC2 was found to have several cybersecurity risks. These included lack of access control, unverified codebase, critical gaps in governance, and lack of data governance, leading the Army to treat the system as very high risk.
The Army lacked visibility and controls to ensure the security and integrity of the NGC2 platform. This made it vulnerable to insider threats, external attacks, and data spillage. To mitigate these risks, the Army awarded nearly $100 million to Anduril and a team of vendors. They are developing a prototype of the NGC2 system, scaling it to the entire division level. Despite searches, no information was found about which company received a contract in July 2021 to develop the NGC2 prototype. The Army's efforts have shown progress, with the Army performing well in the Ivy Sting event after addressing these cybersecurity issues.
The US Army's commitment to enhancing the security of its NGC2 platform is evident. After identifying and mitigating several cybersecurity risks, the Army has shown significant improvement in its recent Ivy Sting event. The Army's ongoing efforts to scale the NGC2 system to the entire division level, along with the development of the prototype, indicate a proactive approach to ensuring the system's security and integrity.
