US military vs. Silicon Valley – a cultural divide

Cyber Security

The US military knows it needs to speed up technology adoption through optimization, something at the heart of Silicon Valley culture

The U.S. military won’t soon be adopting open-plan work environments, flexible PTO, free ubiquitous food, and lean manufacturing processes, although Silicon Valley wants it to. At the recent Rocky Mountain Cyberspace Symposium, both were trying to cope with cultural realities to help fight the battlefield of the future.

In both panel and training sessions, slick Silicon Valley instructors tried to enlighten notoriously stern-faced rooms full of suits and camouflage-fatigue-laden attendees, who seem slow to jump on board. In a week immersed in a sea of TLA’s (three-letter acronyms) they were not even speaking the same language, if acronyms are indeed a language. In the military, of course, they are – it’s almost impossible to form a sentence without one (or even several).

Foremost among the topics: Speeding up technology adoption through optimization, something at the heart of Silicon Valley culture.

But while compressing software development cycles gives a product the shortest path to success in a startup, it might also represent the shortest path to drop the wrong bomb on the wrong place in the real world of kinetic warfare. It’s hard to iterate past that with a continual integration and deployment cycle.

Still, with full software development cycles in the mil space taking somewhere around 38 months (by one estimate), a multiple of typical software industry figures, it’s hard for the military to keep pace with the battlefield of tomorrow. The top brass know they need to keep up with the rest of the world, and to stay ahead, tech adoption has to change.

It’s all about risk and trust

The military’s aversion to risk is both legendary and understandable, given its mission. When they perceive that software vendors don’t understand what to do after the first digital bullet flies from an adversarial force, their interest cools quickly. Telling the military to try “turning it off and turning it on again” is a non-starter, but one that software wonks have long secretly leaned on when something really strange happens.

That’s not sufficient for people who are in harm’s way with bullets whizzing as a result of a software failure on a sensor system. They’re interested in “information resiliency”, of which cybersecurity is only a part, and they’re trying to make Silicon Valley understand that.

And there’s about to be an explosion of sensors (and the resulting data collected) heading into the battlefield and into space. These sensors not only supply things like critical coordinated timing for defense systems (GPS), critical imaging and communication across the US, but by the very physical nature of orbit, they expose a global attack surface as they whizz around the earth many times a day.

This is why they’re nervous.

The US Air Force operates with a model called an OODA loop – observe, orient, decide, act – that it tries to iterate through on the battlefield. It’s a holdover from airplane pilot training: the ability to rapidly assess one’s situation and respond appropriately to potential threats. One vendor proposed letting AI do the heavy lifting, thereby compressing that cycle significantly. But it introduces the potential for errors other than those of alacrity and may introduce altogether other problems. Errors are really bad.

We’ve been saying for years that you can’t just fire-and-forget ML and let it do security unhindered, despite what others’ marketing hype has boldly offered for years now. The military couldn’t agree more.

But the military knows they need to get quicker at adopting new technology. This sentiment was summed up by Lauren Knausenberger, CIO for the Secretary of the Air Force, when she opined, “the more we have to fight IT, the less we can fight the bad guys”.

Speaking of methodology, the US military is standing up a variety of projects to more meaningfully (and quickly) engage tech companies, with things like pitch days, and a host of small initiatives around the country to make them more approachable to tech. That, along with aggressively rolling out zero trust initiatives so they don’t have to trust a particular piece of tech, commercial or otherwise. But there’s still a wide gap in the way commercial technology companies understand the military mission.

Still, it’s worth trying. The US Department of Defense, as a potential customer for an IT company, is larger than many countries’ total GDPs, so it’s hard to ignore the needs and wants of this single, if unwieldy, customer.

At a speaker panel, Lt. General (Ret.) Chris Weggeman remarked “culture can either build or kill capabilities”, so the cultural divide will have to be resolved if the military is to keep pace and succeed at their mission. Though the free unlimited food still might be a good idea – hackers survive on snacks.

Products You May Like

Articles You May Like

How adware exposed victims to kernel-level threats – Week in Security with Tony Anscombe
Play Ransomware Expands to Target VMWare ESXi Environments
North Korean Hackers Update BeaverTail Malware to Target MacOS Users
HotPage: Story of a signed, vulnerable, ad-injecting driver
Qilin Ransomware’s Sophisticated Tactics Unveiled By Experts

Leave a Reply

Your email address will not be published. Required fields are marked *