Signage for Palantir is seen in the course of the Association of the United States Army annual assembly and exposition on the Walter E. Washington Convention Center in Washington on Oct. 14, 2024.
Nathan Howard | Reuters
The much-needed modernization of the U.S. Army’s battlefield communications community being undertaken by Anduril, Palantir and others is rife with “fundamental security” issues and vulnerabilities, and must be handled as a “very high risk,” in accordance with a latest inner Army memo.
The two Silicon Valley firms, led by allies of U.S. President Donald Trump, have gained entry to the Pentagon’s profitable move of contracts on the promise of shortly offering cheaper and extra subtle weapons than the Pentagon’s longstanding arms suppliers.
But the September memo from the Army’s chief expertise officer concerning the NGC2 platform that connects troopers, sensors, autos and commanders with real-time information paints a bleak image of the preliminary product.
“We cannot control who sees what, we cannot see what users are doing, and we cannot verify that the software itself is secure,” the memo says.
Palantir and Anduril didn’t remark for this story.
The evaluation, seen by Reuters and first reported by Breaking Defense, comes simply months after protection drone and software program maker Anduril was awarded a $100 million to create a prototype of NGC2 with companions together with Palantir, Microsoft and a number of smaller contractors.
The Army ought to deal with the NGC2 prototype model as “very high risk” due to the “chance of an adversary gaining persistent undetectable entry,” wrote Gabrielle Chiulli, the Army chief technology officer authorizing official.
Despite the early September memo’s scathing critique, Leonel Garciga, Army chief information officer and Chiulli’s supervisor, said in a statement to Reuters that the report was part of a process that helped in “triaging cybersecurity vulnerabilities” and mitigating them.
In March, the 4th Infantry Division used the system in live-fire artillery training at Fort Carson, Colorado, in an exercise Anduril described as demonstrating faster and more reliable performance than legacy systems.
The Army memo identifies some major security gaps.
The report says the system allows any authorized user to access all applications and data regardless of their clearance level or operational need. As a result, “Any person can doubtlessly entry and misuse delicate” labeled info, the memo states, with no logging to trace their actions.
Other deficiencies highlighted within the memo embrace the internet hosting of third-party purposes that haven’t undergone Army safety assessments. One utility revealed 25 high-severity code vulnerabilities. Three extra purposes beneath assessment every comprise over 200 vulnerabilities requiring evaluation, in accordance with the doc.