CyberWire Daily - Steve Blank, national security, and the dilemma of technology disruption. (Part 1 of 2)
Episode Date: September 22, 2024In this 2-part special edition series, guest Steve Blank, co-founder of the Gordian Knot Center for National Security Innovation at Stanford University, speaks with N2K's Brandon Karpf about national ...security and the dilemma of technology disruption. In this series, Steve Blank, a renowned expert in national security innovation, explores the critical challenges facing the U.S. Department of Defense in a rapidly evolving technological landscape. From the rise of global adversaries like China to the bureaucratic obstacles hindering defense innovation, Blank breaks down the “dilemma of technology disruption” in national security. Learn how the U.S. can overcome its outdated systems, accelerate innovation, and prepare for the future of defense technology. Whether you’re interested in defense tech, cybersecurity, or government innovation, this episode offers deep insights into the intersection of national security and technological disruption. For some background, you can check out Steve’s article “Why Large Organizations Struggle With Disruption, and What to Do About It.” Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Your organization could be at risk due to common password sharing practices.
Imagine this scenario.
You're out of the office.
Colleague pings you because they need access to some system that only you have credentials for.
Now, of course, our listeners would never send a password over email or Slack.
We know that.
But what about your coworkers?
How many organizations out there are sending logins back and forth in plain text?
Worse yet, how many just store all of their logins on a shared spreadsheet?
Now, we all know human errors are the biggest threat to your organization's security.
But did you know that it accounts for
over 68% of all data breaches? What you need is a platform that allows you to share credentials in
a secure fashion, set access permissions or time controls, and monitor the dark web for stolen
logins. Keeper Security Government Cloud is a zero-knowledge solution that does just that.
Plus, it is FedRAMP and StateRAMP authorized.
Want to see Keeper in action?
Schedule a demo or request a trial today by visiting keeper.io.gov.
That's keeper.io.gov.
And thank you to Keeper Security for sponsoring this episode.
And now, a message from our sponsor, Zscaler, the leader in cloud security.
Enterprises have spent billions of dollars on firewalls and VPNs,
yet breaches continue to rise by an 18% year-over-year increase
in ransomware attacks
and a $75 million record payout in 2024.
These traditional security tools
expand your attack surface
with public-facing IPs
that are exploited by bad actors
more easily than ever with AI tools.
It's time to rethink your security.
Zscaler Zero Trust Plus AI stops attackers
by hiding your attack surface,
making apps and IPs invisible,
eliminating lateral movement,
connecting users only to specific apps,
not the entire network,
continuously verifying every request
based on identity and context,
simplifying security management with AI-powered
automation, and detecting threats using AI to analyze over 500 billion daily transactions.
Hackers can't attack what they can't see. Protect your organization with Zscaler Zero Trust and AI.
Learn more at zscaler.com security. a lot and I truly mean it. We have world-class people, world-class organizations designed for
a world that no longer exists. It's a big idea. If we would understand the world we're living in
and get out of our skiffs or buildings or wherever we are and spend some time outside, first of all,
leadership's head would explode going, what? I mean, mine does. Every time I find out, wait a minute, I could buy an iPhone crack
or an Android crack for here, and we were spending, you know, N dollars inside of a building trying to
solve X or Y. Well, why don't I just have a note? And we kind of do.
Welcome to part one of our two-part special edition series with Steve Blank,
adjunct professor at Stanford University and co-founder of the Gordian Knot Center
for National Security Innovation. Now, Steve Blank is a well-known entrepreneur,
educator, and author. He's the pioneer of the lean startup movement and creator of the Hacking
for Defense program.
Now, I wanted to bring Steve on to the podcast to talk about technology innovation and technology adoption to support national security.
I specifically wanted his insights about how the Department of Defense has both effectively
and ineffectively implemented technology adoption processes that might provide lessons learned to the cybersecurity industry.
Here is part one of the two-part series with Steve Blank.
I'm joined today by Steve Blank, adjunct professor at Stanford University and co-founder of the Gordian Knot Center for National Security Innovation at Stanford University.
Steve, thank you so much for joining us today.
Thanks for having me.
So I want to start at a high level.
You are a well-known expert and entrepreneur.
at a high level. You are a well-known expert and entrepreneur. You've written numerous books and articles on national security innovation. This is what you spend, it seems to be, the majority of
your life and work doing. Can you give us a sense, where are we today? What is the state of play
in national security technology innovation? Well, I would separate out the two. What's the state of innovation and what's the state of national security, maybe adoption of innovation? Well, but, you know, I would separate out the two. What's the
state of, you know, innovation and what's the state of national security, maybe adoption of
innovation. And you have to put that in the context of, and what's the state of our adversaries and
vis-a-vis the United States and national security innovation. I just want to remind your listeners
something which might be obvious, but people inside the national security space are still having a hard time getting their heads around. It used to be that the U.S. owned
all the technologies necessary to deter or win a war, right? Whether they were drones or cyber
autonomy or AI or ML or, you know, semiconductors, et cetera, we owned it. Our primes owned it,
our contractors owned it, our weapons labs owned it, you know,
University of Maryland or wherever else we went for cyber was the world's best at X or Y.
That's simply no longer true for most of these areas. We still own some exquisite capabilities,
whether they're hypersonics or nuclear weapons or exquisite sensors or capabilities or the ability
to throw hundreds or thousands
or tens of thousands of people on a program
and keep it black and whatever
and put stuff in space at scale.
But all the other core stuff we used to own
now is like you could buy half of it on Amazon
and the other half.
I mean, you know, we kind of predicted,
you know, with General Mattis,
the world would be now two plus three,
you know, Russia and China and then North Korea and Iran and still the non-nation states.
Who would have thought the Houthis would have been throwing?
And a legitimate threat, I mean, to bring up that non-state actor.
Right. Well, obviously, they're not making that stuff.
They're getting it from a regional disruptor, which is Iran.
Gee, that wasn't in the playbook, right?
So what do you do, bomb Iran?
Well, maybe, but right now we're throwing SM-3 interceptors of a couple million bucks at $20,000 drones.
Kind of insane.
The same thing, like, you know, again,
I forget the name of the book I just read,
but the fact that you could buy zero-day, you know,
breaks for a couple
million dollars are now, oh, when I get into the latest iPhone, you no longer need to go to Fort
Meade. It's an auction. Who would have thought that 10 or 20 years ago? I was like, what?
Yeah, there's a market for that, right?
There's a whole market, and you kind of go, well, maybe we could lay off a couple of divisions at
some of our agencies. Not that I'm suggesting that, but who would have thought that?
My point, again, is that this notion of everything was owned by our national security establishment.
And the point isn't that we've gotten stupid or whatever.
It's that a lot of this stuff has, A, become commoditized.
And here's the big idea, is that our systems and
organization, and more importantly, our acquisition organizations, there's an impedance mismatch
between how we buy, how we organize, who we hire, and how we deal with the outside world,
and the organizations we've built. And that still hasn't kind of gotten aligned. And what's worse is our adversaries have done that.
So, for example, both Russia and China understand that this is a whole-of-nation approach.
That is, their economies and their military are aligned and interconnected.
For us, you hear any agency say, well, the problem's money.
We have a, you know, it's a zero-sum game.
And you kind of, at least I look at them and I go, no, the problem is it's a lack of imagination of where to
get the money. You know, how come we're not figuring out how to engage the folks who are
already building this stuff or could be building this stuff with a set of incentives? And the
answer is, and I'll stop here for the next sentence. I say this a lot and I truly mean it.
We have world-class people, world-class organizations designed for a world that no longer exists.
It's a big idea.
If we would understand the world we're living in and get out of our skiffs or buildings or wherever we are and spend some time outside.
First of all, leadership's head would explode going,
what?
I mean, mine does.
Every time I find out, wait a minute,
I could buy an iPhone crack or an Android crack for here
and we were spending, you know,
N dollars inside of a building trying to solve X or Y.
Well, why don't I just have a note?
And we kind of do, but not, think about it.
Senior leadership grew up in a world 20 years ago,
right? And that world no longer looks anything like the world that it, and so you kind of get
stuck with the things you knew when you were kind of coming up the ranks. And when the world is
changing at such a rapid rate, the older you are, the harder it is for you to kind of adapt and
adopt. Not that it's impossible, but you need to understand that it's not just the rate of change,
but the delta rate of change is increasing.
Number of adversaries,
number of capabilities,
number of whatever.
You know, we could just focus on cyber,
but we could talk about
the national security space writ large
is incredibly complex today.
It looks nothing like it did
even 10 years ago.
Sure. And that context matters, right? Because when we talk about whether it's cybersecurity
or national security, the political context matters, the interstate competition matters.
So when I think about what you just said in my own context, right, I spent nearly 10 years
active duty in the Navy. The last three years of my life, I stepped outside of the building,
and I've been in the private sector. And what I've seen is from the outside, it looks like
the defense world is refocusing to great power competition. You see that in their strategies.
You see them kind of refocusing their efforts primarily to China. And it seems like a lot of
the technology that they are pushing for the development of is focused on that threat
from China. At least that's what the outsider in me is seeing. So I'm curious from your perspective,
what is the national security community getting wrong in terms of the nation state adversaries,
in terms of reorienting ourselves to the China threat and competition with nations like China?
to the China threat and competition with nations like China?
You know, I'm going to admit my bias, which, again, brings all kinds of baggage.
But my professional career was an entrepreneur at Silicon Valley, where you operated with incredible speed and urgency, because there was a virtual gun to your head back then of
running out of money before you could actually generate revenue.
And so you would build things now we call minimum viable products.
You'd ship them.
You'd get feedback, et cetera.
There was no notion of a JC DIS process or a POM process or two to three years to get something into a palm that then we had to argue with some staffer who says it's not in my
district and a congressman who has some political agenda. And again, that's the nature of the
business. But that's not how the world operated in the world that a lot of these innovations are
coming from. And that was fine when we were competing with another nation state like the
Soviet Union, that they had the equivalent bureaucratic stuff.
I mean, obviously, communism worked from state planning and then a whole nother.
But the clock speeds were essentially the same.
The problem is, is that China and if we just want to look at like why this next statement is not bullshit, look at the number of DDGs.
There are destroyers they're putting in the water, or their ship count in the last 10 to 15 years. They've figured out how to operate at a different
clock speed than we have. Period. End of discussion. And so the question is, is like,
you know, we could have lots of discussions of why we can't do that. But the other part that
just flabbergasts me is that we do have a part of the nation that still knows how to operate in that. And those are the innovation clusters. And when I say Silicon Valley, I don't
mean the physical place. I mean all the innovation clusters that know how to operate with speed and
urgency and could be delivering capabilities to the DOD and the rest of the national security
establishment. It's not that we don't do that as point things. So let me be clear. It's not that no one knows that it's here. But if you look at the list of what's called the MDAP, the Major
Defense Acquisition Programs, which is basically the top tier 100 or so things that we spend
billions or hundreds of billions of dollars on, there's not a single startup or scale up on it.
And in fact, that list hasn't changed in the last 10 or 20 years
since the consolidation of the primes.
Well, that's a symptom of, you know,
we basically do innovation theater
when we talk about adopting innovation at scale,
but we really don't do innovation deployment at scale.
And by deployment is, there are more demos of,
hey, look what we have, shiny object C, Admiral, you, Admiral X or Y, or we show it to Congressman Z.
And then you ask, well, how many ships is this on?
Well, it's on one.
Well, when does it get on the other 50?
Oh, that's not really budgeted, or it's budgeted for 2045.
Well, wait a minute.
Don't we have a 2027 problem with the Taiwan Strait?
Or, gee, aren't we learning lessons from Ukraine?
And so when are we deploying drone stacks, let alone drone swarms?
Well, we're working on it.
Well, wait a minute.
And again, I know Bill LaPlante didn't really mean this,
but when he says, you know, the war in Ukraine is really all about artillery and not about innovation.
Well, clearly, it's a hybrid war.
It looks like a combination of World War I, you know, with trench warfare,
you know, with World War III, with drone stacks and advanced technology
and literally a meat grinder like World War I.
And clearly, we need new factories for you know for artillery shells but but also the
amount of drones we attrit are probably as many as the number of shells we're attriting and i'm
saying that as a obviously not exactly but but you know so us buying you know a thousand drones a
year is kind of silly when they're attriting a thousand drones you know a month if not a week
at least yeah so there's an impedance mismatch between um and the reason why i think um you know, a month, if not a week, right? At least, yeah. So there's an impedance mismatch between,
and the reason why I think,
you know, I've been spending time in large organizations,
not only in the government,
but in commercial companies to understand
why is this so hard to deal with disruption?
Because in the commercial world, when that happens,
it's kind of Darwinian.
You know, it's the creative destruction metaphor is that
companies, when new entrants come in or new technology shifts or cultural shifts,
some adopt and adapt and others go out of business. And that's just fine. It's just fine.
It's the nature of commerce. But if that happens in defense, we lose a war, we miss a technology
shift, et cetera.
That's the rise and fall of great powers.
We can't afford to have that happen.
And so we really need to deeply understand why is it that senior leaders have such a hard time dealing with disruption?
And the answer is pretty simple.
Not the solution simple, but when you really go talk talk to senior, what's hard about making massive changes?
Well, if you make a massive change in a large service or a component of a service, what if you're wrong?
I mean, that was the argument about General Berger and Force Design 2030. It wasn't that he hesitated.
In fact, people argued whether it was the right shift for the Marines because he not only said we need to do X, but he also said we need to divest of a set of equipment.
And that just like panicked people, said, well, you'll no longer be able to do mission X or Y.
So number one is, is the disruption coming really a threat?
And number two is, what magnitude of the threat is?
What's the timing of the threat?
And then what should my response be?
That's the job of a senior leader, service chief, a secretary of defense, a head of an agency or
whatever. At the same time, you've got all these innovators on the bottom who are seeing the future
banging on the walls. But remember, between them and the senior leaders, it's a whole set of frozen
middle. And by frozen middle, I don't mean that as a pejorative.
That's another nature of large organizations.
Large organizations are built by people and process.
And you build process to have repeatable processes.
You build doctrine, you build operating concepts.
So there's not people randomly running around
doing their own thing.
We are focused on, this is the way we execute mission.
This is the way we deliver analytics or pointy things or kinetic things, et cetera.
But when change happens, that's hard to re-steer that middle because of two things.
And these two things are common to commercial and government companies. What is something called the Semmelweis effect, which named after a doctor in the 19th century
who noticed that women in his hospitals were dying in childbirth 20% of the time. Amazing.
And then he discovered that there was another hospital he was working in where there was only
1%. He said, well, what's the difference? It turned out the doctors and the 20% were doing autopsies in the morning
and delivering babies in the afternoon. And he said, there's something going on. This is before
germ theory. So he now had some evidence and you would think when he presented it to the doctors,
they would have said, oh, maybe we should not do that. And do the autopsies in the morning.
And of course, guess what?
They ignored the evidence.
They ignored the evidence for 30, 40 years.
And we see that a lot.
Not only do innovators come up with a shiny object,
but the best of them create examples
in actually operational execution.
They actually run a new concept
and get some evidence and put it in front.
And people go, that's great. Now let's go get back to work.
We'll be right back.
The White House Office of Management and Budget Deadline for federal agencies to adopt
some level of zero-trust architecture is this September 30th.
Federal agencies must move away from perimeter security architectures towards never-trust-always-verify.
Zero-trust does not grant automatic trust to any user, device, or system.
Every request for access must be authenticated, authorized, and continuously validated.
Keeper Security Government Cloud is FedRAMP and StateRAMP authorized and ensures that users have
complete knowledge, management, and control over credentials and encryption keys, all with a zero
trust security framework. Want to see how Keeper can help your organization achieve zero trust? Thank you. for sponsoring this episode. Thank you. Protect your executives and their families 24-7, 365 with Black Cloak.
Learn more at blackcloak.io.
I want to bring in and out just from my own experience in the military, in the structure, as an action officer.
One of those people at the bottom seeing the new technologies, new ideas, new ways of doing business.
We called this, that frozen middle, we called it the brick ceiling.
There we go.
We could talk to admirals all day and they would love our ideas.
admirals all day and they would love our ideas. But the moment it got up to the commander or captain level, it would seem to kind of fizzle and die on the vine. And so that was my own
experience kind of seeing what you're talking about is very real. And it's not because they
don't want to innovate. It's because they have other responsibilities, requirements, and jobs
that they have to get done. And I'll give you a way to solve this or at least a possible way in a second but but there's a couple other obstacles
and again comment to commercial and when it what as i mentioned is the semiboss effect is
unconscious is what human beings tend to do it's not like there's malice involved or stupidity
even though it looks like malice and stupidity, it's really not. But the second part is conscious and it has a little malice and that's hubris. Gee, I'm a PEO,
I manage a billion dollar project, screw you guys, I'm important. And it's all about my budget,
my headcount, whatever. And anything you do that threatens that, like I'm going to actively
sabotage that. So that's another problem. The third problem, which is unique to the military,
is even if you have a senior leader who gets it, who's in charge, they have a two to three year
life cycle. That does not exist in the commercial world. In fact, the only example which over their
dead body for the Navy will ever happen again was when Rick Over created the nuclear Navy,
right? He basically had a congressional support base that made him invulnerable.
And boy, that was never going to happen again, yet at the same time. So, and by the way,
unique to the government is the fact that Congress is coin-operated. And what I mean by that is,
you know, if you're a prime contractor, you're smart. You put jobs in every district, you know,
your campaign contributions, if you're on the contractor, you're smart. You put jobs in every district. Your campaign contributions,
if you're on the House Armed Services Committee
or the House Armed Appropriations Committee,
those are your biggest donors.
And so when someone says,
perhaps we ought to delay or cancel one carrier
to buy 20,000 drones, guess what's not going to happen?
Or decommission five cruisers in the next couple
of years. And then Newport News says no. Yeah. I'm not picking on the Navy. Pick, you know,
whatever weapon system we're talking about. And rightly so, that is the nature of our system.
And if we don't understand how that works. And so let me give you just an alternate universe. The problem is that if you go
to the Pentagon and say, are we in a crisis? People would go, maybe, but well, how long does
the paperwork take to go from one side of the building to the other? Is it any different than
it was like three years ago? And the answer is probably not in most cases.
I mean, obviously we have some programs
that have been accelerated,
but then you go out to the combatant commands,
go ask Indo Paycom or CENTCOM,
are we in a crisis?
Their hair is on fire.
CENTCOM is shooting down drones on a daily basis.
And Indo Paycom is counting the number of DF-21s
and range of F-18s versus like how far they got to pull the carriers back. And
I mean, it's just a math problem. They're going like, what are you talking about?
Well, here's the problem. We've not said either from the president or the secretary of defense,
we're in a crisis. Whatever we were doing last year, we can't keep doing. And we've not
communicated that to Congress is we appreciate all
the jobs and whatever but the country is risk is at risk not only is the country at risk from china
or russia the country's at risk because the whole geopolitical chessboard has changed there's now we
have some of our actions have forced china and and russia and north korea and and Iran to operate as an axis of evil,
but coordinated in a way that like never existed before.
And so we need to change how we operate.
Yet to me, it comes back as if you're in a crisis, you don't appoint the same people you would have appointed
when it was a process-driven organization, right?
It's not that those people were bad,
but the same people who know how to play golf
are not the same people who are willing
to walk through walls to make stuff happen.
And the best maybe visible example
is people probably know about General Groves,
who along with Oppenheimer, built the Manhattan Project.
Well, do you know what happened to him after World War II?
Any idea?
I don't.
Eisenhower told him he was never going to get promoted again in his life
because he pissed off so many people in the army.
Literally, Grover never got promoted because this was the guy you needed in a crisis.
And this was the guy.
It's exactly what happened to Churchill, right?
He was voted out of office when the war was almost over.
Why? Because he was perfect for a right? He was voted out of office when the war was almost over. Why?
Because he was perfect for a crisis.
He was a crazy person.
The analogy here is that there are a lot of great,
and again, crazy people are the wrong answer,
but a lot of innovators who will operate
with speed and urgency,
who need to be promoted
or at least be allowed to operate as the number ones or twos in a crisis
who you would never want to operate in peacetime because they break glass, they piss off people,
they like, you know, stomp whatever. They steamroll. Steamroll, etc., which again is completely
unacceptable in peacetime. And if we don't understand that distinction between,
you know, operating in a crisis versus operating in peacetime, we keep promoting peacetime,
you know, people and organizations and everything is calm. But on the other hand,
incumbents have figured out how to sabotage and weaponize organizations to delay or stop
innovation. So, for example, in the DOD, the primes have figured out how to weaponize organizations to delay or stop innovation. So, for example, in the DoD,
the primes have figured out how to weaponize the IG's office.
You know, there's no way that the head of DIU
should have been investigated
and the day he resigned got cleared,
or there's no way the IG office
should be investigating replicator
versus pick your favorite prime.
You know, we could...
So we've just figured out how those things have been captured to sabotage
and delay for making the status quo continue.
Well, I want to ask because this issue of allowing
and encouraging and internalizing good disruption,
and encouraging and internalizing good disruption.
This is not just a problem faced by DOD, right?
Private companies face this too.
This is why we have something called the innovator's dilemma.
And so I'm curious, your perspective structurally,
where these two worlds collide, I see, is the primes that you were just discussing,
the prime contractors and their interaction with the government. So, where do the primes,
what's their role in helping to drive innovation? I mean, they really have no incentive to do so, do they? Well, not yet. So, let me break this down inside of the DoD and companies and then bring in the primes as well.
So if you think about it, that in peacetime and wartime or in civilian companies, we need repeatable and scalable processes.
And in the Army, we call it doctrine.
We have other services, operating concepts, et cetera.
They need to be written down people
trained etc and we need very little deviation of that because we need operational excellence
right and whatever our doctrine is and you know for fires or intelligence or or sustainment or
whatever and those processes need to be fail safe that is lives are dependent on us following this stuff. But at the same time,
we're not going to get any innovation unless we have separate organizations that deal with
disruption. So think about not only the operating part, but also the development part. If you're
developing a new gun or tank or whatever, people have built guns and tanks before.
The Bradley fighting vehicle.
There are fighter planes. I won't go into the F-35. But I mean, we should know how to do that.
So here's the point. What goes in should come out, right? That is, there should be a one-to-one
correspondence. If I've written a requirement and it should be on schedule and whatever,
what goes in should come out. There should be very little failures
if I'm managing those processes well.
And by the way, that's innovation.
That is, you know, a next generation radar
or moving Aegis from one platform to another.
Yes, there are, but in fact,
that's innovation around our core known standard systems
or platforms.
But there's a whole other set of innovation
that does not belong in those processes,
and those are disruptive innovation.
And I'll give you an example.
You know, using unmanned vehicles,
whether they're ships or aircraft or ISR
or mine clearing or mine laying or, you know,
take your pick of, or using cyber or using EW
in a way that's never been used before.
Well, those are actually disruptive things that create new operating concepts.
But most of the things you want to do with them are going to fail.
And so you need a different process that's safe to fail
versus the ones that you're operating with, which should be fail safe.
That is, we need a parallel process that looks like a funnel rather than a pipeline,
that where failure is not considered, oh, you failed, there's a congressional.
That is, it's not an F-35 or a Ford-class carrier.
It's a set of experiments that said, no, what will come out of that funnel
is a set of tested things that have been iterated, tested, we figured out what the best was,
and then we could actually feed them into the mainstream.
Let me give you the world's best example of that.
Yeah, please.
And it's in the commercial world.
It's called SpaceX.
And if you really think what SpaceX is doing, it's this.
They have execution and they have innovation going on simultaneously.
By the way, when you do both, both execution that is sustaining innovation, disruptive,
that's called an ambidextrous organization. That's a $20 word for being able to chew gum and walk at
the same time, right? I don't know anyone who can do that. Right. No, chew gum and walk at the same
time. And what I mean by SpaceX
is, think about this.
They're launching Falcon 9s
every two and a half days
from three launch pads.
Operational excellence.
No deviation
from like the checklist
because there are human beings
every once in a while
on top of those.
And they're launching Starlinks
and they had in, what,
300 or 200
before they had a failure
in the second stage.
I mean, just an incredible track.
But at the same time in Texas, they have crazy people. They're building the next generation
called Starship. And Elon's model was, if you're not blowing things up, you're not innovating.
And more importantly, if you're not blowing them up on a regular basis, you're not innovating fast
enough. They've now been through three generations of Raptor engines. Now, everybody
understands in that company that today's paycheck is Falcon 9, but tomorrow's paycheck is going to
be that Starship. And no one is jealous of each other because everybody understands execution
pays your salary, but innovation pays your pension. And more importantly, those two groups
are not standalone silos.
They're talking to each other.
The Falcon 9 people are reminding the Starship people,
man, did we screw up where we put the ground service equipment plugs?
You know, when you build the next one, make sure their access panels are over here.
And even though I said the Falcon 9 can't change much because it's operational excellence,
the Starship people are reminding them, you know, you can crank up that chamber pressure by another like 100 pounds and you'll
and and people like haven't paid attention but the payload capacity of falcon 9 has actually
gone up a couple thousand pounds it's because they've been making these small little tweaks
that have been tested elsewhere so imagine that so. So the DoD has components of this. You know,
we got R&D labs, we got whatever. I was going to say, don't we have DIU and Ensign and NavalX,
AFWERK, all this innovation ecosystem? And more importantly, we have all these software
R&D labs in every service. We have FFRDCs. But the clock speed and culture, and more importantly,
the output for deployment
are not connected.
And they're not connected to match the threats.
It's again, not that we have dumb people or we're not doing pieces of this, but then you
have to step back and say, great, given what's going on in the external world for innovation,
what's going on in our labs, you know, and we'll talk about DIU in a second, you know,
so how much of this
stuff is being deployed? And then they'll say, look at this great demo. And you go, no, no, no.
How much is this on? Is this like, is there any billion dollar contracts for any of this stuff?
Oh, look at this, you know, whatever. And so we haven't yet connected this into an end-to-end
innovation pipeline whose clock speed matches the threats of our adversaries.
That's the big point.
We built these systems and components, DIU I'll get to in a second, to match 20th century threats or non-nation state threats, which operated fine.
But there's just a huge impedance mismatch between this and the outcomes we need.
And it's not unfixable.
It just requires somebody stepping all the way back and going,
wait a minute, I got 3 million people here.
I got a budget approaching gosh knows how many hundreds of billions of dollars.
Why am I not getting what I want on the other end?
And why are our adversaries running in some areas, not many, but enough that matter, rings around us and the ability to field things.
DIU, my opinion, just my opinion, in the last year or two under Cath Hicks and Doug Beck
is basically a slap in the face to the services that says, well, since you can't deploy this
stuff and acquire it at speed, remember the services are
the ones who are responsible for, you know, coming up with weapon systems needs, and it's the
combatant commands who get them. Well, replicator is basically a way to say, well, so you haven't
come up with what we need in the South China Sea, we're going to do it. Well, that's a little insane,
but if you step back and then the rider programs out of Heidi Hsu and R&E, which Congress doesn't understand.
Again, we've done a bad job of publicly educating those folks, you know, are another attempt to kind of do this.
And again, it's happened in the past where OSD is kind of, it's what Bill Perry did to kind of get the offset strategy,
basically ignore the services and started building the things we needed.
All right, that is it for part one of our two-part series with Steve Blank.
There was just way too much great content there with Steve to shove it all into a single episode. So please stay tuned. Later this week, we will be releasing part two. Thank you. into the Department of Defense, including cybersecurity technologies and unique ways of getting the critical capital needed for defense technology innovation to cross the chasm.
We talk about SpaceX. We talk about the mismatch in venture capital. It's a really great episode.
And that's our show brought to you by N2K CyberWire. Now, we would love to know what you
think about this podcast. So your feedback really ensures we deliver the insights that keep you a step ahead in a rapidly changing world of cybersecurity.
So if you like the show, please share a rating and review in your podcast app.
It really does help others find the show.
And also, please send an email to CyberWire at N2K.com with anything that you'd like to hear on the podcast. Thank you. Liz Stokes. We're mixed by Elliot Peltzman and Trey Hester with original music by Elliot Peltzman.
Our executive producer is Jennifer Iben. Simone Petrella is our president. Peter Kilpie is our
publisher. And I'm Brandon Karp, executive editor of N2K Cyber Wire. Thanks for listening. How are you managing your organization's passwords and secrets?
How can you enforce the security of all the passwords within your enterprise?
Earlier, we talked about Keeper Security,
but did you know that Keeper is much more
than just a password manager?
Keeper Security is a FedRAMP-authorized,
zero-trust cybersecurity platform
that seamlessly integrates enterprise password management,
secrets management, and secure remote connections
into one intuitive platform.
Trusted by federal agencies, including the Departments of Justice and Energy, Thank you. To schedule a demo or request a trial, visit keeper.io.gov.
That's keeper.io.gov.
And our thanks once more to Keeper Security for making this episode possible.