What’s Next in Nat-Sec Tech

For nearly a decade, AFCEA and INSA have jointly hosted a large conference in the nation’s capitaI, and the 2022 Intelligence & National Security Summit takes place on September 15/16 at DC’s Gaylord National Conference Center. I’m involved in both of these fine organizations and we’re very pleased with the line-up of speakers and participants, and with the post-pandemic full return to in-person activity for the Summit. With a little over two weeks to go before the event, we have over 1,100 attendees registered and 70+ exhibitors. Full agenda is here.

From the main keynote by Deputy Secretary of Defense Dr. Kathleen Hicks, through thoughtfully composed panels on a wide variety of topics, there are great opportunities to learn from experts and discuss with peers and colleagues across the spectrum of defense, homeland security, intelligence, and technology disciplines. I’m delighted to be moderating the panel on “Technology Futures for National Security,” with a dream-team of top leaders from DoD, the Intelligence Community, and the private sector.

It’s rare to have the Directors of both DARPA and IARPA on the same stage, the esteemed Stefanie Tompkins and Catherine Marsh, but we have them. Rounding out the panel is a private-sector leader who has earlier held one of those jobs and overseen the other; today Lisa Porter is co-founder of leading management, scientific, and technical consulting firm LogiQ Inc., and former president of Teledyne Scientific & Imaging, but she was earlier the founding director of IARPA, and more recently was Deputy Under Secretary of Defense for Research and Engineering overseeing DARPA and the rest of DoD’s $70+billion R&D efforts.

Should be an outstanding discussion. Feel free to suggest questions to me beforehand whether you’re attending or not; if you’re attending I might even ask them 😉 We have a lot to talk about; here’s the summary blurb:

Technology Futures: Who’s investing how much in what, and when might it pay off? These panelists define the answers to those questions. It has now become a truism that the IC and DoD confront a world where the U.S. no longer monopolizes science and technology advances – yet the government still has the obligation to fund and create breakthrough technologies for advantage in national security. Commercial R&D drives tech advance broadly, but new mission-advantageous breakthroughs will come largely from the nation’s two leading national-security innovation lighthouses, DARPA and IARPA. This session will hear from those who have been charged with leading the government’s efforts to provide innovative future technologies necessary for our security – and with incisive observations from the private-sector. We’ll look at current work on revolutionary opportunities for advantage, but beyond just a buzzword glance across the litany of investment areas (“AI,” “quantum,” “cybersecurity,” “metaverse”) there’ll be a focus on the system-of-systems challenges in bringing radical new capabilities to real operational life across the siloed halls of DoD and the IC.

Our morning-of-Day-Two panel is just one of the many great sessions, which include:

• Chinese Threats to U.S. Supply Chains
• Leading Change: A Look at the CIO, CDO, CTO, and CDAO Roles
• Public Data and IC Analysis: Improving Integration of Public-Private Capabilities
• Commercial Space-Based Intelligence for National Security
• Intelligence Priorities of the U.S. Military Services
• Russia/Ukraine Conflict: Implications for U.S. National Security
• Midterms 2022: Election Security
• Strategic Intelligence Challenges / IC Leaders Panel

We’ve lined up many leading government, industry, academic and media figures for the 2022 Summit, and I hope you are able to participate as well! More information at intelsummit.org.

My Telework Tool Tally

Today’s Tuesday, April 7, and I’ve been working from home almost entirely for some three-plus weeks now. (VMware CEO Pat Gelsinger began our company-wide work-from-home on March 14; and my advisory office inside a DoD agency went “strongly-encouraged remote work” not long after.) So far this week alone, on just Monday and Tuesday, I’ve had the following virtual meetings:

5 Zoom (Enterprise)
1 Zoom Government (CAC-enabled, FEDRAMP-cloud hosted)
1 Google Hangout
1 MS Teams
2 VMware Horizon virtualizing Skype for Business
1 Ubiety
1 GoToWebinar
1 WebEx
2 Phone conference calls (one coordinated/scheduled via Calendly)

I can live with any of them, though of course quality varies, including within the meeting. Users hunt for mute/unmute buttons and other controls, with no consistency across the platforms – it reminds me of the ancient days learning different bold and underline commands in WordStar and WordPerfect 🙂

Admittedly like most people my favorite feature is the Zoom virtual background; and while I haven’t gone to as much trouble as some of my friends in Palo Alto and elsewhere who have deployed home-office green-screens and photoshopped fancy memes, I’ve been having bipartisan fun switching between these two this week:

 

 

It’s worth noting, perhaps, that while several of my Zoom “enterprise” meetings and both of the conference calls were internal corporate ones, all the rest included government colleagues, i.e. officials at one or another U.S. government agency – typically with the Defense Department or Intelligence Community. In a few cases they were participating from inside their regular offices, but the majority of them were working from home.

And we got a lot done! But there will be social reverberations. To quote Shakespeare via Aldous Huxley, “O brave new world…”

 

Building the Next Great Virtual Machine

I have a great new job, allowing me to spend several weeks recently in the center of the universe, and I’m loving it. I’m going to spend even more time there from now on.

By that I mean Palo Alto, Silicon Valley’s capital and VMware HQ, where I am now Senior Director, National Technology Strategy, working primarily with the R&D team. But I can’t help putting that “Valley capital” term in a bit of historical context. Back in ancient times (late ’80s-early ’90s) when I worked for the Mayor of San Jose, S. J. City Hall was dealing with a bit of civic insecurity. Although San Jose’s population was already larger than San Francisco and now the tenth largest city in the country, our mayor (my boss Tom McEnery, the first government leader ever elected to the Silicon Valley Business Hall of Fame) believed that we needed to brand the city explicitly as “The Capital of Silicon Valley.” So that became a multi-million-dollar marketing campaign, and we punched the message home every chance we got.

Yet as the mayor’s policy adviser and speechwriter, I laughed each time I used the phrase. I had just moved to San Jose from Palo Alto, where I got a graduate degree at Stanford. Just twenty miles up Highway 101, Palo Alto had much better claim to being the center of the geographically hazy electronics domain. I knew the arguments we used in San Jose (see here for example). But I also had already met Bill Hewlett and Dave Packard in person in Palo Alto, and had walked many times on the sidewalk by the legendary garage at 367 Addison where HP was born in the late 1930s; and I had also seen a different historic marker four blocks from the garage, at the corner of Channing and Emerson, commemorating Palo Alto’s very first electronics startup – Federal Telegraph Company, founded in 1909.

Palo Alto itself has spawned thousands of startups for many many decades, and it never stopped. Fast forward to the turn of the millenium just 20 years ago, when Microsoft and Amazon were trying to shift attention to Seattle/Redmond, Palo Alto struck back and fostered yet another legendary Valley startup: VMware – now my new home. Here’s the origin context for VMware, from an official history of Stanford Research Park:

It can be said that one of the cornerstones of Silicon Valley was laid when Varian Associates broke ground as Stanford Research Park’s first company in 1951. The Stanford Industrial Park, as it was first called, was the brainchild of Stanford University’s Provost and Dean of Engineering, Frederick Terman, who saw the potential of a University-affiliated business park that focused on research and development and generated income for the University and community.

Dean Terman envisioned a new kind of collaboration, where Stanford University could join forces with industry and the City of Palo Alto to advance shared interests. He saw the Park’s potential to serve as a beacon for new, high-quality scientists and faculty, provide jobs for University graduates, and stimulate regional economic development.

In the 1950s, leaders within the City of Palo Alto and Stanford University forged a seminal partnership by creating Stanford Research Park, agreeing to annex SRP lands into the City of Palo Alto to generate significant tax revenues for the County, City, and Palo Alto Unified School District.

Throughout our history, an incredible number of breakthroughs have occurred in Stanford Research Park. Here, Varian developed the microwave tube, forming the basis for satellite technology and particle accelerators. Its spin-off, Varian Medical, developed radiation oncology treatments, medical devices and software for medical diagnostics. Steve Jobs founded NeXT Computer, breaking ground for the next generation of graphics and audio capabilities in personal computing. Hewlett-Packard developed electronic measuring instruments, leading to medical electronic equipment, instrumentation for chemical analysis, the mainframe computer, laser printers and hand-held calculators. At Xerox’s Palo Alto Research Center (PARC), innovations such as personal work stations, Ethernet cabling and the personal computer mouse were invented. Lockheed’s space and missile division developed critical components for the International Space Station. Mark Zuckerberg grew Facebook’s social networking platform from 20 million to 750 million people worldwide while its headquarters were in the Park.

Today, Tesla’s electric vehicle and battery prototypes are developed and assembled here in its headquarters. Our largest tenant, VMware, continues to create the virtualization hardware and software solutions they pioneered, leading the world in cloud computing. With over 150 companies in 10 million square feet and 140 buildings, Stanford Research Park maintains a world-class reputation.

source: Stanford Research Park, “About Us”

In the summer of 2017, I got an email from a former Microsoft research colleague and one of the most eminent leaders in American technology R&D, David Tennenhouse. David has held key leadership roles in dream positions over the past quarter-century – everyone has wanted him on their team. He was Chief Scientist at DARPA; a research professor at MIT; President of Amazon’s R&D arm A9; VP & Director of Research at Intel; a senior leader in Microsoft’s Advanced Strategy and Research division. Smart companies have wooed him in serial fashion. Now David is VMware Chief Research Officer building and leading a stellar team, and over several months into 2018 we had some great conversations about where VMware had been and was going, and what I could bring to that journey. I had a chance to speak with several of the dozens of Ph.D.s he has been hiring to flesh out a comprehensive R&D agenda. I excitedly joined recently and we’ve been off to the races.

For a 20-year-old startup, the company’s growing like gangbusters (the stock market obviously still loves it), and it ranks high every year on lists of Best Employers. But what really attracted me was the stress on R&D and innovation culture, driving an unbelievably ambitious vision. I had always been impressed by VMware’s early virtualization technology; at DIA we were pioneering federal customers fifteen years ago, and wound up using it as a foundation of what would become our private cloud infrastructure. But VMware scientists and research engineers took virtualization much further, with abstraction becoming almost addictively popular. After the server and the OS were virtualized, so was storage, and then networks, and then the data center itself. Now our research agenda is energetically broad, across the following areas:

In fact, any large complex orchestration of resources, hardware, and processes may actually be just the next big virtual machine. We intend to build it, with disruptively great software. In 2011, web pioneer and Netscape cofounder Marc Andreesen wrote a famous manifesto in the Wall Street Journal, “Why Software is Eating the World”:

“More and more major businesses and industries are being run on software and delivered as online services—from movies to agriculture to national defense. Many of the winners are Silicon Valley-style entrepreneurial technology companies that are invading and overturning established industry structures. Over the next 10 years, I expect many more industries to be disrupted by software, with new world-beating Silicon Valley companies doing the disruption in more cases than not.”

That’s why I smiled last month, just after joining VMware, when our CEO Pat Gelsinger rebuffed talk of him moving to Intel as that company’s new CTO. He began his career at Intel, was its first-ever CTO and the father of the fabled -486 processor. But today he’s virtualizing the world’s computational resources, and Pat tweeted his response to a CNBC anchor’s comments about the Intel CEO job: “I love being CEO of VMware and not going anywhere else. The future is software!”

I still intend to live in Virginia and work closely with DC government friends and colleagues on research, reflecting the Valley’s traditionally close working  partnership with the federal government. In fact, if you’re in a government position and are wondering “What’s going on inside VMware Research labs?” – drop me a line 🙂

Remembering Paul Kozemchak

It’s a sad, sad thing to lose a friend. To lose a good friend still in the prime of his life is tragic. Compounding it all, to lose a friend who has quietly been one of our nation’s most valuable national-security minds is just heartbreaking, on many, many levels.

That’s how I feel now that Paul Kozemchak, longtime senior leader at DARPA and one hell of a guy, has passed away.

The Washington Post ran a too-short obituary this week; I encourage you to read the full online tribute to Paul posted by his family, reflecting both his loving personality and his career’s breadth in service to the nation. I see from LinkedIn that one of his old endorsers there had simply written: “Paul knows more about the intelligence community that anyone else I know.” I could say the same thing, and I want to record a few personal thoughts and anecdotes.

Several months ago I began spending time advising a small DoD element, the Strategic Capabilities Office. I was excited about the work, in large part because of what SCO does, but also because it meant I’d be spending a lot of time at DARPA headquarters just outside Washington DC, where SCO has offices. If you like me grew up idolizing the future-inventing wizards of DARPA, you can imagine the thrill I had getting a DARPA badge, and logging in with a personal account on the actual ARPANET.

But that was only partly why I was stoked – it was mostly because I’d be able to see Paul Kozemchak frequently, or “PK” as everyone knew him. Paul has been working at DARPA for over a quarter of a century. I first met him over a decade ago while I was at DIA, and he was the well-established special advisor to the DARPA Director, and its liaison to the intelligence community. When I joined Microsoft’s Advanced Strategy and Research group in December 2007, I was delighted to invite senior government technologists to Redmond, for peek-behind-the-curtain visits to MSR labs and information-sharing on jointly-relevant research. Paul was the first person I invited, and that trip back to Redmond in the spring of 2008 was a blast. I got to know him better as a brilliantly incisive analyst, a laugh-a-minute wit, a bon vivant, an all-too-correct conspiracy theorist on world events, and most of all as a friend.

So, in September 2017 I drove to DARPA headquarters, to work in SCO’s offices on day one, and on the street outside as I searched for the parking entrance, whom did I see striding ebulliently along the sidewalk but PK. I pulled over, rolled my window down and hollered “Paul!” He hadn’t known I was coming, and was delighted. Thus began a weeks-long series of short snatches of conversation in the hallway or the lobby, each time PK saying “We’ve got to get together in the SCIF, big stuff.” We made tentative plans, canceled, remade, shifted…

Those short moments were all I was going to have. Paul was struck by a car as he was crossing that same street outside DARPA headquarters, on November 10. In the hospital, his family was with him a week later when he passed away. The memorial service is tomorrow.

I mentioned PK on this blog way back in 2008 (right). In the ten years since there’ve been dinners, lunches, a million emails urbane or profane, late-night phone calls, several more trips together to the west coast, drinks on Capitol Hill… Others had the same experience, knew him longer or better, worked on more projects with him; Paul was extraordinarily popular in the euphemistic “certain circles” of DC.

From 2011-2017 I had the pleasure of serving alongside Paul on Jim Clapper’s “Intelligence Community Strategic Studies Group,” the DNI in-house thinktank of outside advisors and former IC S&T folks now in industry. We carpooled to meetings sometimes. (Paul was a master at bumming rides to Metro, which stretched into front-door-of-DARPA delivery because he was always in the middle of a fascinating story.) The ICSSG performed classified studies on demand, as a kind of red-cell or alternative-analysis team, including one short effort I led to explore “The Future of Intelligence” – Paul was on my group for that, and every meeting was a richly rewarding seminar for me, learning from him.

I’ll leave for future tributes his career contributions, but they were quiet and many, as he began his career during what is now called “the Second Offset” and was a nudging promoter for the birth of the Third Offset. The context and sense of history he brought to any topic were hard to rival. PK had studied under – and then worked with – one of the Cold War’s leading theoreticians, the titan Albert Wohlstetter (“one of the great defense intellectuals of the 20th century” per a Boston Globe profile, which mentions Paul among his protégés). PK was a figure from that founding era of a half-century of strategic stability amid global chaos. It’s difficult even now to think of future IC strategy meetings with no Kozemchak present to perturb and disrupt the groupthink, typically with wit and panache…

I always thought he had the best job in DC, at the interchange of invention and intelligence. Here’s a jokey email exchange from last summer, when DARPA’s director position was open:

Paul has also been a longtime fixture in our AFCEA Intelligence Committee (I described that here), and since 2010 I’ve listened as he enlightened that elite body at its monthly meetings, typically sharing an unknown R&D advance (ours or theirs) with, “Here’s something this group should know.” It always was.

Paul was always an energetic partner in planning and executing AFCEA’s annual classified Spring Intelligence Symposium, and I remember – for example – many fun moments leading up to the 2015 symposium, when we planned to have Elon Musk as our featured keynote interview, which I was to conduct onstage. It was going to be our big finale on the final afternoon of the symposium, timed to hold the audience in their seats to the end. Paul helped me devise a series of penetrating questions designed to drive Elon into a discussion of the national-security implications of AI and autonomy; he had just been helping the Defense Science Board with a landmark study on the topic. Then came word from Musk’s team that he would have to leave early – could we shift the schedule an hour? Paul volunteered to swap his own session on “S&T for Anticipatory Intelligence” to the final slot – gambling that the sell-out crowd wouldn’t just up and leave after Elon departed the stage. As I introduced Paul after getting rid of Elon, I cracked to the audience, “And now what you’ve all been waiting for, Paul Kozemchak, the only man in DC big enough to have Elon Musk as an opening act.”

Here’s a photo from that session, with Paul (left) smiling as ever over his index cards, having posed an elegantly insightful question to IARPA Director Peter Highnam:

I’m sad I’ll never again hear Paul ask another question, pose another challenge, solve another puzzle, make another joke. And the irony of having joined him in the DARPA building only to lose his friendship so quickly makes me even sadder.

It has made me look up something I recalled from years ago reading Tip O’Neill’s autobiography. That legendary Speaker of the House, who popularized the line “All politics is local,” had early on memorized a poem, which he was fond of reciting in packed Boston pubs or meeting halls throughout his career. It’s about friendship and staying in touch with old friends. I’ll close with the poem, and the thought of seeing PK one last time.

Around The Corner 

by Charles Hanson Towne (1877-1949)

Around the corner I have a friend,
In this great city that has no end,
Yet the days go by and weeks rush on,
And before I know it, a year is gone.

And I never see my old friend’s face,
For life is a swift and terrible race,
He knows I like him just as well,
As in the days when I rang his bell.

And he rang mine but we were younger then,
And now we are busy, tired men.
Tired of playing a foolish game,
Tired of trying to make a name.

“Tomorrow” I say! “I will call on Jim
Just to show that I’m thinking of him,”
But tomorrow comes and tomorrow goes,
And distance between us grows and grows.

Around the corner, yet miles away,
“Here’s a telegram sir,” “Jim died today.”
And that’s what we get and deserve in the end.
Around the corner, a vanished friend.

#  #  #

 

 

 

 

When Public Meets Private in Intelligence

Today’s the anniversary of the 9/11 attacks on the American homeland, the sequence of events which wound up bringing me from Silicon Valley to Washington DC in 2002, and a stint working in the Intelligence Community. I notice today that no one asks me anymore, as they often did at first back then, why I was so intent on bridging the gap between DC and the Valley (broadly, not geographically, defined).

Today it surprises few when we do something unorthodox like invite Amazon and Blue Origin founder Jeff Bezos to appear inside an intelligence agency earlier this year, for a probing one-on-one at the AFCEA Spring Intelligence Symposium with several hundred IC professionals about the rapid changes in technology, views on public/private collaboration, and the impacts of AI and robotics on his business and theirs.

Onstage with Amazon/Blue Origin CEO Jeff Bezos, at the AFCEA 2017 Spring Intelligence Symposium

Onstage with Amazon/Blue Origin CEO Jeff Bezos, at the AFCEA 2017 Spring Intelligence Symposium

Onstage with Amazon/Blue Origin CEO Jeff Bezos, at the AFCEA 2017 Spring Intelligence Symposium

That rapid pace of change continues to accelerate, following its own Moore’s-Law-like curve, and daily one sees a blurring between how “intelligence” is performed in government uses and out among the public. To wit, check out this article from early August:

News Item: BuzzFeed News Trained A Computer To Search For Hidden Spy Planes. This Is What We Found … Surveillance aircraft often keep a low profile: The FBI, for example, registers its planes to fictitious companies to mask their true identity. So BuzzFeed News trained a computer to find them by letting a machine-learning algorithm sift for planes with flight patterns that resembled those operated by the FBI and the Department of Homeland Security… First we made a series of calculations to describe the flight characteristics of almost 20,000 planes in the four months of Flightradar24 data: their turning rates, speeds and altitudes flown, the areas of rectangles drawn around each flight path, and the flights’ durations. We also included information on the manufacturer and model of each aircraft, and the four-digit squawk codes emitted by the planes’ transponders. Then we turned to an algorithm called the “random forest,” training it to distinguish between the characteristics of two groups of planes: almost 100 previously identified FBI and DHS planes, and 500 randomly selected aircraft. The random forest algorithm makes its own decisions about which aspects of the data are most important. But not surprisingly, given that spy planes tend to fly in tight circles, it put most weight on the planes’ turning rates. We then used its model to assess all of the planes, calculating a probability that each aircraft was a match for those flown by the FBI and DHS… The algorithm was not infallible: Among other candidates, it flagged several skydiving operations that circled in a relatively small area, much like a typical surveillance aircraft. But as an initial screen for candidate spy planes, it proved very effective. In addition to aircraft operated by the US Marshals and the military contractor Acorn Growth Companies, covered in our previous stories, it highlighted a variety of planes flown by law enforcement, and by the military and its contractors. Some of these aircraft use technologies that challenge our assumptions about when and how we’re being watched, tracked, or listened to. It’s only by understanding when and how these technologies are used from the air that we’ll be able to debate the balance between effective law enforcement, national security, and individual privacy.”

It has become commonplace to observe the dwindling distinctions in use of so-called “intelligence capabilities” between longstanding government intelligence agencies and so-called private-sector companies, e.g. news outlets or social-media platforms.  For a tour-de-force expression and stirring point-of-view argument you will profit from reading John Lanchester’s new and epic book-review essay “You Are the Product” in the London Review of Books, in which he treats Google, Microsoft, Facebook and the like with a critical lens and concludes:

[E]ven more than it is in the advertising business, Facebook is in the surveillance business. Facebook, in fact, is the biggest surveillance-based enterprise in the history of mankind. It knows far, far more about you than the most intrusive government has ever known about its citizens. It’s amazing that people haven’t really understood this about the company….”

A short blog piece is not the place to examine fully this rich topic, but it is a good place to point out that I enjoy spending time helping all sides of this divide understand each other. By all sides, I mean government entities and officers (including intelligence and law enforcement), private-sector companies, and most importantly the public citizenry and customer base of those organizations. A great forum for doing that has been AFCEA, which this past week co-hosted with INSA the annual Intelligence and National Security Summit in DC. Along with helping oversee the agenda I had the opportunity to organize one of the panel sessions with my old friend (and former CIA Deputy Director of Intelligence) Carmen Medina.

w/ Carmen Medina (@milouness) in front row #Intelligence2017 great panel she & I organized on Intelligence in the Future Threat Environment pic.twitter.com/cFTukgPvCB

— Lewis Shepherd (@lewisshepherd) September 7, 2017

Our panel – very relevant to the above discussion – was on “The Role of Intelligence in the Future Threat Environment,” and our excellent participants addressed some gnarly problems. I tweeted many of the comments and observations (see my hashtagged feed here), and you can find more content and videos from all 15 sessions archived here.

Your suggestions on new approaches to these dialogues are welcome as always. As we commemorate the horrific surprise attacks of 9/11/2001, in a rapidly changing world where real-time surveillance is performed by more and more entities, governmental and commercial, it is increasingly important to engage in thoughtful – and sometimes urgent – discussion about who watches whom, and why.

 

 

 

 

Coming to DC, One-Day Delivery from Jeff Bezos

If you read this blog you care about government and technology. And whether you’re a technologist or not, you can see the tech forces shaping and sharpening the uses of digital capabilities in accomplishing the ends of government, whether that’s citizen-service delivery and local law enforcement, or global diplomacy and nation-state combat. I’ve worked on and written about them all – from intelligence to space to AI, or the quantification of Supreme Court humor, even “Punk Rock and Moore’s Law.”

Understanding and forecasting that radical pace of external change is difficult for government professionals, and they need help doing that. Let’s say you wanted to tap someone to offer insight. Who’d be on your dream list? At the top of my dream list – my absolute “if-only-I-could-ask” list – would be Jeff Bezos, founder of Amazon and Blue Origin.

So I’m going to sit down with Jeff Bezos on stage later this month, at the annual AFCEA Intelligence Symposium, for a conversation about areas where technology critically intersects with the nation’s response to enduring challenges and opportunities, such as artificial intelligence, digital innovation, the revolution in cloud computing, and commercial space operations. (I serve as national Vice Chairman of the Intelligence Committee at AFCEA, the 35,000-member Armed Forces Communications & Electronics Association.)

The 2017 Symposium features, as usual, a stellar line-up of top leaders in national security, with panels on Advanced Conventional Threats, the Contested Environment of Space, Terrorism, Cyber Threats from Nation-States and Non-State Entities, and Gray-Zone Conflicts/Hybrid Warfare (topic of last year’s Defense Science Board study on which I sat). All sessions feature senior thought-leaders from government and industry.

Jeff Bezos might be new in that particular mix, but you can understand why we invited him. He has been TIME Magazine’s Person of the Year (early in his career in 1999), Fortune Magazine’s Businessperson of the Year, topped the Forbes annual list of “World’s Greatest Leaders,” and our rationale for this conversation is his long track record of revolutionary contributions to international technological/economic advance, as well as to US national security. AWS is now of central importance to the public sector (including intelligence), and the broader contributions of Amazon and Blue Origin to the nation’s economic future and success are incalculable.

 

If you have a Top Secret/SI/TK clearance, you can attend the Symposium – register. [Update: sorry, 2017 Symposium = sold out]

There’s a longstanding meme that government should be “run like a business.” I typically don’t think in precisely those terms, having been on both sides and recognizing the significant differences in intent and stakeholders.

Panel on Defense Innovation and DIUx

I’ve been more interested in helping each sector understand the unique contributions of the other, and the complexities inherent in their relationship. (See for example my recent post on DoD Innovation and DIUx in Silicon Valley.)

But the “run government like a business” impetus is understandable here in the United States as a reflection of dissatisfaction with government performance in meeting its own goals, and the expectations of the citizens it serves. President Trump recently assigned Jared Kushner to lead a new White House Office of American Innovation, and Kushner told the Washington Post “We should have excellence in government. The government should be run like a great American company.” The Washington Post (coincidentally owned by, yes, Jeff Bezos) ran a piece exploring the history of that thinking, dating its surge in popularity to the early 1980s under President Reagan – a timeline borne out by running the phrase through Google’s Ngram Viewer (see chart).

The last time I invited a smart young billionaire to come speak to Intelligence Community leaders, it worked out pretty well for the audience (see “Burning Man and AI: What Elon Musk told me and the role of Art“). So I’m aiming even higher this year…

If you don’t have a Top Secret clearance, you can’t get into the Symposium, and won’t be able to hear Bezos firsthand on April 27. But here’s a substitute, nearly as good: this week Bezos published his annual Letter to Shareholders of Amazon. Most people in the business world know about his legendary 1997 “first annual letter to shareholders” in which he laid out an extraordinary long-term vision for his company. The 2017 version is also extraordinary, and I urge you to read it in full. My friend Jeff Jonas, former IBM Chief Scientist for Context Computing and now founder/Chief Scientist at Senzing, calls it “the most impressive annual letter to shareholders I’ve ever read; this line of thinking leads to greatness.”

– – – – –

For some parting eye-candy, here’s video from last week’s annual Space Symposium in Colorado Springs, where attendees got a first-hand look at the historic Blue Origin New Shepard rocket booster (first to land vertically after spaceflight, first to relaunch again, and now a five-time-reuse trophy), and an inside tour of the crew capsule with “the largest windows in space travel.”

 

 

Docere et Facere, To Teach and To Do

“Helping aspiring data scientists forge their own career paths, more universities are offering programs in data science or analytics.” – Wall Street Journal, March 13, 2017

George Bernard Shaw’s play Man and Superman provides the maxim, “He who can, does. He who cannot, teaches.” Most of us know this as “Those who can’t do, teach.” (And Woody Allen added a punch line in Annie Hall: “… and those who can’t teach, teach gym.”)

I’m determined both to do and to teach, because I enjoy each of them. When it comes to data and advanced analytics, something I’ve been using or abusing my entire career, I’m excited about expanding what I’m doing. So below I’m highlighting two cool opportunities I’m engaging in now…

 

Teaching Big Data Architectures and Analytics in the IC

I’ve just been asked by the government to teach again a popular graduate course I’ve been doing for several years, “Analytics: Big Data to Information.” It’s a unique course, taught on-site for professionals in the U.S. intelligence community, and accredited by George Mason University within GMU’s Volgenau Graduate School of Engineering. My course is the intro Big Data course for IC professionals earning a master’s or Ph.D. from GMU’s Department of Information Sciences and Technology, as part of the specialized Directorate for Intelligence Community Programs.

I enjoy teaching enormously, not having done it since grad school at Stanford a million years ago (ok, the ’80s). The students in the program are hard-working data scientists, technologists, analysts, and program managers from a variety of disciplines within the IC, and they bring their A-game to the classroom. I can’t share the full syllabus, but here’s a summary:

This course is taught as a graduate-level discussion/lecture seminar, with a Term Paper and end-of-term Presentation as assignments. Course provides an overview of Big Data and its use in commercial, scientific, governmental and other applications. Topics include technical and non-technical disciplines required to collect, process and use enormous amounts of data available from numerous sources. Lectures cover system acquisition, law and policy, and ethical issues. It includes discussions of technologies involved in collecting, mining, analyzing and using results, with emphasis on US Government environments.

I worry that mentioning this fall’s class now might gin up too much interest (last year I was told the waiting list had 30+ students who wanted to get in but couldn’t, and I don’t want to expand beyond a reasonable number), but when I agreed this week to offer the course again I immediately began thinking about the changes in the syllabus I may make. And I solicit your input in the comments below (or by email).

For the 2016 fall semester, I had to make many changes to keep up with technological advance, particularly in AI. I revamped and expanded the “Machine Learning Revolution” section, and beefed up the segments on algorithmic analytics and artificial intelligence, just to keep pace with advances in the commercial and academic research worlds. Several of the insights I used came from my onstage AI discussion with Elon Musk in 2015, and his subsequent support for the OpenAI initiative.

More importantly I provided my students (can’t really call them “kids” as they’re mid-career intelligence officials!) with tools and techniques for them to keep abreast of advances outside the walls of government – or those within the walls of non-U.S. government agencies overseas. So I’m going to have to do some work again this year, to keep the course au courant, and your insight is welcome.

But as noted at the beginning, I don’t want to just teach gym – I want to be athletic. So my second pursuit is news on the work front.

 

Joining an elite Mission Analytics practice

I’m announcing what I like to think of as the successful merger of two leading consultancies: my own solo gig and Deloitte Consulting. And I’m even happy Deloitte won the coin-toss to keep its name in our merger 🙂

For the past couple of years I have been a solo consultant and I’ve enjoyed working with some tremendous clients, including government leaders, established tech firms, and great young companies like SpaceX and LGS Innovations (which traces its lineage to the legendary Bell Labs).

But working solo has its limitations, chiefly in implementation of great ideas. Diagnosing a problem and giving advice to an organization’s leadership is one thing – pulling together a team of experts to execute a solution is entirely different. I missed the camaraderie of colleagues, and the “mass-behind-the-arrowhead” effect to force positive change.

When I left Microsoft, the first phone call I got was from an old intelligence colleague, Scott Large – the former Director of NRO who had recently joined Deloitte, the world’s leading consulting and professional services firm. Scott invited me over to talk. It took a couple of years for that conversation to culminate, but I decided recently to accept Deloitte’s irresistible offer to join its Mission Analytics practice, working with a new and really elite team of experts who understand advanced technologies, are developing new ones, and are committed to making a difference for government and the citizens it serves.

Our group is already working on some impressively disruptive solutions using massive-scale data, AI, and immersive VR/AR… it’s wild. And since I know pretty much all the companies working in these spaces, I decided to go with the broadest, deepest, and smartest team, with the opportunity for highest impact.

Who could turn down the chance to teach, and to do?

 

IoT Botnet Attacks – Judge for Yourself

Yesterday’s mass-IoT-botnet attack on core Internet services (Twitter, Netflix, etc. via DNS provider Dyn) is drawing a lot of attention, mainly because for the public at large it is an eye-opening education in the hidden Internet of Things connections between their beloved electronic devices and online services.

You can read elsewhere the as-yet-understood details of the attack (e.g. “Hacked Cameras, DVRs Powered Today’s Massive Internet Outage” by Brian Krebs). And you’ll be reading more and more warnings of how this particular attack is just the beginning (e.g. from my friend Alan Silberberg, “Mirai Botnet DDoS Just the Beginning of IoT Cybersecurity Breaches“).

But today, in the wake of the attack, a DC friend known for peering around corners asked for my opinion about the ultimate meaning of this approach, and whether this attack means “the game has changed.” Here’s my response:

Last year I was asked by Georgetown Law School to give a private briefing to the Federal Judicial Center’s annual convocation of 65 federal judges from jurisdictions across the United States. The overall FJC session addressed “National Security, Surveillance Technology and the Law,” and in part was prompted by the Edward Snowden and WikiLeaks events. Here’s an article about the conference, and you can view the full agenda here. As you can see from the agenda, I joined noted security expert Bruce Schneier in presenting on “Computer Architectures and Remote Access.” That’s a fairly technical topic, and so I asked an organizer ahead of time what the judges wanted to learn and why, and was told “They’re encountering a tidal wave of cases that involve claims against government warrants for access, and conversely claims involving botnet attacks and liability.” I then asked what level of technical proficiency I should assume in preparing my remarks, and was told, “Based on their own self-assessments, you should assume they’re newbies encountering computers for the very first time.”

After a good laugh, that was the approach I took, and with patience Bruce and I were able both to educate and to spark a great back-and-forth conversation among the nation’s judges about the intricacies of applying slowly evolving legal doctrines to rapidly evolving technical capabilities.

The answer to today’s question is Yes, the game has changed. The tidal wave is well upon us and won’t be technically turned back in large part. We can (over time) introduce tighter security into some elements of IoT devices and networks, but that won’t be easy and would hamper the ease and invisibility of IoT operations. I think eventually we’ll come to realize that the notion of “Internet Security” is going to be like “Law & Order” – a good aspiration, which in everyday practice is observed in the breaking.

We’ll develop more robust judicial and insurance remedies, to provide better penalization and risk-valuation avenues, for what will be an inevitably continuing onslaught of law-breaking.

Yet in that onslaught crimes will be better defined, somewhat better policed, definitely better prosecuted (our Judges will be better educated!), and perhaps most importantly victims will be better insured and compensated, as we learn to manage and survive each new wave of technological risk.

By the way, if you’d like to plunge into the reading list which those federal judges had assigned as their homework on surveillance technologies and national security law, click here or the image below to download the 5-page syllabus for the session, courtesy of Georgetown Law, with links to the full set of Technology Readings and Legal Readings, across fields like Interception and Location Tracking, Digital Forensics, Metadata and Social Network Analytics, Cloud Computing and Global Communications…. It’s a very rich and rewarding collection, guaranteed to make you feel as smart as a federal judge 🙂

Video of DoD Innovation Discussion at Cybersecurity Summit

Earlier this week I wrote (“Beware the Double Cyber Gap“) about an upcoming Cybersecurity Summit, arranged by AFCEA-DC, for which I would be a panelist on innovation and emerging technologies for defense.

The Summit was a big success, and in particular I was impressed with the level and quality of interaction between the government participants and their private-sector counterparts, both on stage and off. Most of the sessions were filmed, and are now available at http://www.cybersecuritytv.net.

You can watch our panel’s video, “Partnering with Industry for Innovation,” and it will provide an up-to-the-moment view of how US Cyber Command and the Department of Defense as a whole are attacking the innovation challenge, featuring leadership from the USCYBERCOM Capabilities Development Group, and the Defense Innovation Unit-Experimental. Solarflare CEO Russ Stern (a serial entrepreneur from California) and I offered some historical, technical, market, and regulatory context for the challenge those two groups face in finding the best technologies for national security. Most of my remarks are after the 16:00 minute mark; click the photo below to view the video:

From my remarks:

“I’m here to provide context. I’ve been in both these worlds – I came from Silicon Valley; I came to the Defense Intelligence Agency after 9/11, and found all of these broken processes, all of these discontinuities between American innovation & ingenuity on one hand, and the Defense Department & the IC & government at large…

Silicon was a development of government R&D money through Bell Labs, the original semiconductor; so we have to realize the context that there’s been a massive disruption in the divorcing of American industry and the technology industry, from the government and the pull of defense and defense needs. That divorcing has been extremely dramatic just in the past couple of years post-Snowden, emblematically exemplified with Apple telling the FBI, “No thanks, we don’t think we’ll help you on that national security case.”

So these kinds of efforts like DIUx are absolutely essential, but you see the dynamic here, the dynamic now is the dog chasing the tail – the Defense Department chasing what has become a massive globally disruptive and globally responsive technology industry…  This morning we had the keynote from Gen. Touhill, the new federal Chief Information Security Officer, and Greg told us that what’s driving information security, the entire industry and the government’s response to it is the Internet – through all its expressions, now Internet of Things and everything else – so let’s think about the massive disruption in the Internet just over the last five years.

Five years ago, the top ten Internet companies measured by eyeballs, by numbers of users, the Top 10 were all American companies, and it’s all the ones you can name: Amazon, Google, Microsoft, Facebook, Wikipedia, Yahoo… Guess what, three years ago the first crack into that Top 10, only six of those companies were American companies, and four – Alibaba, Baidu, Tencent, and Sohu – were Chinese companies. And guess what, today only five are American companies, and those five – Google, Amazon, Microsoft, Facebook, Yahoo – eighty percent or more of their users are non-U.S. Not one of those American internet companies has even twenty percent of their user-base being U.S. persons, U.S. citizens. Their market, four out of five of their users are global.

So when [DoD] goes to one of these CEOs and says, “Hey c’mon, you’re an American” – well, maybe, maybe not. That’s a tough case to sell. Thank God we have these people, with the guts and drive and the intellect to be able to try and make this case, that technological innovation can and must serve our national interest, but that’s an increasingly difficult case to make when [internet] companies are now globally mindsetted, globally incentivized, globally prioritizing constantly…”

Kudos to my fellow panelists for their insights, and their ongoing efforts, and to AFCEA for continuing its role in facilitating important government/industry partnerships.

Beware the Double Cyber Gap

I’ve somehow been invited onto yet another star-studded panel in Washington DC – on October 11 at the 2016 AFCEA DC Cybersecurity Summit. I don’t recommend many cyber conferences or events, as they’ve become overly frequent and unfocused. This one’s different, and brings together acknowledged senior experts from multiple federal agencies, including the Department of Homeland Security, Department of Defense, intelligence community and others from industry. If cyber’s your game you should be there, the line-up of speakers is truly impressive.

(It’s too late to register online, but on-site registration is available for the first day at the venue, DC’s Grand Hyatt on H Street downtown. The second day, which is classified sessions at TS/SCI at a separate location, is already sold out, but Day 1 still has a few seats left.)

I realize, though, that most of my readers will not be in attendance, so I thought I’d share a few highlights which I expect from my own panel, titled “Partnering with Industry for Innovation – DIUx” and focusing on DoD’s new Defense Innovation Unit Experimental (now in Version 2.0!) and its partnerships in government and the private sector.

Our session participants:

• Moderator: Francis Rose, Host, Government Matters on ABC 
• Charles Nelson, Deputy Director for Outreach, U.S. Cyber Command Capabilities Development Group (CDG)
• Lewis Shepherd, Private Consultant on Advanced Technologies and Strategic Innovation
• Sean Singleton, Director of Engagement, DIUx
• Russell Stern, CEO, Solarflare Communications
• Maj Gen Robert “Wheels” Wheeler (Ret.), Senior Advisor, DIUx

We intend to cover the DIUx approach to work with innovative companies (in Silicon Valley and across the United States) for new solutions and technologies for warfighters.

But I also intend to discuss a certain two-sided disparity: the Double Cyber Gap.

If you’re of a certain age, you can’t help thinking about national security strategy as momentary scenes from “Dr. Strangelove” flicker by in your mind. I’ve always loved Stanley Kubrick’s 1964 satirical nuclear black comedy, which answered the question, “What would happen if the wrong person pushed the wrong button in a nuclear-armed world?” One of the many classic moments is a send-up of the era’s bipolar worry about superpower equipoise, with a “Doomsday Machine Gap” and its inevitable successor, a “Mineshaft Gap.”

Kubrick was skewering the mindset of the “Missile Gap” controversy, which was fresh in his mind as he wrote the screenplay during President Kennedy’s term; JFK had won office in 1960 in part by attacking Vice President Richard Nixon for ignoring an imminent Soviet “Missile Gap” superiority. As Wikipedia summarizes, “Kennedy is credited with inventing the term in 1958 as part of the ongoing election campaign, in which a primary plank of his rhetoric was that the Eisenhower administration was weak on defense. It was later learned that Kennedy was apprised of the actual situation [no actual gap] during the campaign, which has led scholars to question what the (future) president knew and when he knew it. There has been some speculation that he was aware of the illusory nature of the missile gap from the start, and was using it solely as a political tool, an example of policy by press release.”

You can read the New York Times retrospective look (it popped the Missile Gap bubble originally in a 1961 story), and go through a valuable collection of the CIA’s now declassified documents from the era. But what’s relevant is the notion of early warning about a perceived or real disparity between opposing forces. Unfortunately that’s what I see developing, in a couple of very significant ways.

The Double Cyber Gap

Picture in your mind both faces of a double-sided coin. The Double Cyber Gap consists of two linked phenomena:

1. The Post-Snowden Gap: there’s a newly demonstrable political or ideological cleavage between Silicon Valley commercial technology companies and their erstwhile innovation partners in DoD and the US intelligence community. The Apple/FBI dispute over decrypting the San Bernardino bombing-case iPhone was only one dramatic example; others aren’t played out in open media. I’ve written and spoken about that gap for the past few years as I’ve watched it yawn open, and have tried to limit its width in my government advisory roles and while consulting for tech firms. DIUx works to that goal as well, though the Secretary of Defense himself acknowledged that its first highly-touted incarnation was a failure.
2. The Capability-Adoption Gap: Those same commercial companies aim their innovations to the widest possible market – meaning globally. For advanced cyber capabilities (dual-use as defensive or offensive) or other digital disruptions, very predictably we know that early adopters will include nation-state government agencies (including in Russia and China), hacking communities, and individual cyber criminals working on their own illicit agendas.

You can practically draw a cyclical diagram of the progression of advanced cyber techniques and technologies, with their adoption passing rapidly from commercial bleeding-edge users to foreign actors and malevolent individuals… and then, tardily if at all, to mainline US government agencies, long after their potency is being exploited by adversaries, or reverse-engineered and exceeded.

The Double Cyber Gap presents DoD with nearly a Hobson’s Choice. DoD can rely increasingly on commercial cyber technologies because of their rapid innovation and disruption – but only while realizing that it won’t be gaining any advantage over foreign adversaries, who are adopting the same commercial capabilities and likely deploying them even faster. It’s deeply problematic for US cybersecurity strategy, and a potentially fatal flaw for DoD’s related “Third Offset” strategy as well.

Let me illustrate that “no-choice-at-all” dilemma with an intriguing behind-the-scenes story, an excerpt from a new profile of Silicon Valley entrepreneur (Y Combinator co-founder) Sam Altman, who is now not only driving his YC startups but also the new OpenAI artificial intelligence research company he has co-founded with Elon Musk and others. The excerpt presents the AI vector of what I’m calling the Double Cyber Gap:

This spring, Altman met Ashton Carter, the Secretary of Defense, in a private room at a San Francisco trade show. Altman wore his only suit jacket, a bunchy gray number his assistant had tricked him into getting measured for on a trip to Hong Kong. Carter, in a pin-striped suit, got right to it. “Look, a lot of people out here think we’re big and clunky. And there’s the Snowden overhang thing, too,” he said, referring to the government’s treatment of Edward Snowden. “But we want to work with you in the Valley, tap the expertise.”

“Obviously, that would be great,” Altman said. “You’re probably the biggest customer in the world.” The Defense Department’s proposed research-and-development spending next year is more than double that of Apple, Google, and Intel combined. “But a lot of startups are frustrated that it takes a year to get a response from you.” Carter aimed his forefinger at his temple like a gun and pulled the trigger. Altman continued, “If you could set up a single point of contact, and make decisions on initiating pilot programs with YC companies within two weeks, that would help a lot.”

“Great,” Carter said, glancing at one of his seven aides, who scribbled a note. “What else?”

Altman thought for a while. “If you or one of your deputies could come speak to YC, that would go a long way.”

“I’ll do it myself,” Carter promised.

As everyone filed out, Chris Lynch, a former Microsoft executive who heads Carter’s digital division, told Altman, “It would have been good to talk about OpenAI.” Altman nodded noncommittally. The 2017 U.S. military budget allocates three billion dollars for human-machine collaborations known as Centaur Warfighting, and a long-range missile that will make autonomous targeting decisions is in the pipeline for the following year. Lynch later told me that an OpenAI system would be a natural fit.

Altman was of two minds about handing OpenAI products to Lynch and Carter. “I unabashedly love this country, which is the greatest country in the world,” he said. At Stanford, he worked on a DARPA project involving drone helicopters. “But some things we will never do with the Department of Defense.” He added, “A friend of mine says, ‘The thing that saves us from the Department of Defense is that, though they have a ton of money, they’re not very competent.’ But I feel conflicted, because they have the world’s best cyber command.” Altman, by instinct a cleaner-up of messes, wanted to help strengthen our military—and then to defend the world from its newfound strength.

Altman is patriotic, and thoughtful – very. But his conversation with Secretary Carter might best have begun with that private reluctance he shared only with the reporter later.

Even though the Double Cyber Gap is palpable, in Altman’s thinking and elsewhere, there are ways around that Hobson’s Choice dilemma. I share those with my consulting clients and we’ll be addressing them and new ideas at the Cybersecurity Summit as well. I hope to see you there, but I’d be interested in hearing your thoughts also  (comments below or email).