The military is good at physical security. That's their mandate, after all. It seems logical to put them together.
However, they seem to suck at this aspect of it. There is no reason that an American vehicle (or weapons system) left in the hands of an Iraqi army battalion should ever be able to be commandeered by troops who switched allegiance to ISIL. There should be an American satellite link required for occasional checking-in, and the vehicle should be disabling itself if it's failing to check in, or if it's been added to the "captured vehicle list", or whatever. High-risk auto leasing operations are already doing something like this today, with a kind of inverted Lo-jack system.
And from a maintenance standpoint, this shouldn't be an issue. The machines already require sophisticated computer control to turn on and run. All it has to do is wipe out its program when the "blacklist" threshold is hit, whatever that may be. It's not like ISIL would be able to order a replacement aftermarket electronic control system for these from Alibaba. For that matter, the engines could include embedded charges (think exploding bolts) that would physically disable the machine on receipt of a suitably authenticated "hostile takeover" signal. Or they could simply continuously report their ID and coordinates, and a J-DAM could sort them out right quick.
Yes, I'd raise holy hell if my car's computer shut me down because the manufacturer added me to their blacklist. But this is like a commercial operation, where the assets don't belong to the drivers, they belong to the Army. And they never, ever belong to ISIL.
Until they get this right, why do we think they are going to get consumer car security right?