Ideas

Defense One Radio, Ep. 85: Tech Summit, in review

From JADC2 to "tech debt," military officers and experts share their concerns about the future of national security tech policy.

Defense One Staff

|

Google Play Apple Podcasts

This episode we’re going to share a few of the more memorable exchanges from this year’s sixth annual Defense One Tech Summit, including interviews with:

  • Deputy Defense Secretary Kathleen Hicks;
  • Marine Corps Lt. Gen. Dennis Crall;
  • Director of the Space Development Agency Derek Tournear;
  • Brian Weeden of the Secure World Foundation;
  • Kelly Hammett, of the Air Force Research Laboratory’s Directed Energy Directorate;
  • Air Force Col. Eric Felt, the Director of the Air Force Research Laboratory’s Space Vehicles Directorate;
  • Mieke Eoyang, who is the Pentagon’s Deputy Assistant Secretary of Defense for Cyber Policy;
  • Ylli Bajraktari, Executive Director of the National Security Commission on Artificial Intelligence;
  • and the NSA’s Director of Cybersecurity Rob Joyce.

To watch any of these interviews in video, go here.

A transcript of this episode is below.

Subscribe either on Google PlayiTunes, or Overcast, or wherever you listen to podcasts. Thanks for listening!

We’re going to begin by building on one of the biggest concepts in the U.S. military today. And that is its new way of approaching warfare, an effort to link everything on the battlefield known as Joint All-Domain Command and Control — or JADC2. 

We devoted an entire episode to JADC2 just a few months ago. And you may remember Defense One Tech Editor Patrick Tucker helped explain some of the concepts related to this whole idea of a new way to approach large-scale conflicts. 

Patrick recently sat down with Marine Corps Lt. Gen. Dennis Crall, who’s the Chief Information Officer for the Pentagon’s Joint Staff. He’s a man very tied into this whole JADC2 shift.

Here’s a bit from Patrick’s interview with Gen. Crall.  

Tucker: How do you make sure that the Defense Department's efforts to create this big network, this interoperability to move warfare a lot faster, how do you make sure — this is somewhat of a philosophical question — how do you make sure that your efforts outpacing your adversaries or potential adversaries that are pursuing very similar efforts with potentially fewer obstacles?

Crall: Well, sure, I mean, we also have to make sure that we don't paint our adversaries as 10 feet tall, you know, everywhere they are. They, too, have the same vulnerabilities in areas that we do. And don't think that we don't have acumen and prowess in creating dilemmas and problems for them as they operate. Mission commands, if you've looked at how we like to fight, and provide that, you know, decentralized execution in our American way of warfighting, is a pretty strong advantage, especially when spectrum and other things are challenged. You can imagine if every decision has to be brought back and decided centrally, we would lend ourselves to a pretty significant risk. So the way in which we fight is an enhancement. Many of our adversaries don't fight that way. But we have to look at it, though. To be fair, what concerns me in the way that you kind of couch the question that I do think about frequently, is if we have this conversation 10 or 15 years ago, and we were really looking to bring on, you know, machine and human interface — getting that decision cycle to work faster and more completely with more information and more assurance of that conclusion — that would really put us at an advantage. And today, I honestly believe 15 years later, this is a necessity. The speed with which our adversary will likely engage, it's going to be faster than anything we've seen. And I will agree that they probably aren't going to have the ethical concerns we have. Meaning they may just simply put a machine only solution to a firing solution, which may have errors and mistakes, and maybe they'll take that risk, we have a more ethical approach to how we use that information and putting a human in the middle of some of those things that they don't have. So we have to be accurate. But I do believe that we can operate responsibly, very lethally, and do this at speed. But things like hypersonics, you know, they're going to change this calculus. The one thing that we're going to have to realize is that the time that we had to make these decisions has all but evaporated. That's the real battlefield calculus that has changed.

So the speed of conflict is about to rapidly change. What’s the Pentagon doing about that now? Here’s Deputy Defense Secretary Kathleen Hicks.  

Hicks: Well what we're doing next, again, trying to move from rhetoric to reality concepts to capabilities is we're initiating a new approach called the ADA initiative, which is the AI and Data Accelerator initiative. And that acceleration initiative is going to have teams that go out within the next 90 days to every single combatant command and start to tie in their data. And they'll also have technical expert teams on AI and they'll start looking at how to bring AI and data to the tactical edge in support of the warfighter. So those are some of the areas where we're just trying to move now and make sure that we're taking concrete steps, in addition to what people are already seeing in the budget.

One of the more fun aspects of this year’s Tech Summit, at least for me, were the portions about the kind of stuff that goes on way up in space. You may remember our podcast episode about “War in space” from last year. In it, we talked about satellites, how vulnerable they are to missiles today, and what sort of plans certain tech billionaires like Elon Musk have for their own constellations of thousands more than are orbiting the planet today. Several of these big plans involve trying to beam the internet down to everyone on Earth at speeds much faster than the land-line infrastructure most of us use currently. 

Patrick spoke with the Director of the Space Development Agency Derek Tournear about some of the new work he’s doing in space-based communications. 

Here’s Patrick. 

Tucker: Derek, I want to stick with you for a second because SDA, one of the things that's so exciting, and which I didn't even realize about SDA and the future of the military and low Earth orbit satellites, is all of the different ways that you're pioneering new forms of communication, digital communication. So we've talked a little bit in the past about that laser communication, that line of sight that can exist between two satellites, which is pretty miraculous when you think about it. But you're also pioneering a new air to space form of communication with General Atomics, which also sounds really exciting and like something that I've never heard before. Kind of a first for humanity. Tell us a little bit about that experimentation going on?

Tournear: Certainly, no, these are exciting times. So the key aspect is we want to have this mesh network all laser-connected, as you mentioned. But obviously, if you just have the data in space, it's useful but not sufficient. You want to be able to get those data directly down to the warfighter and directly get down to the terrestrial theaters. And so we can do that, obviously, through RF. We can do that now. And in the future, we want to do that optically. And so yes, we are teamed with General Atomics. And in fact, in just a few short days, we'll be launching several satellites. Two of those are general atomic satellites to be able to do the laser conductivity in space, and then those satellites will also be able to do the laser conductivity down directly to an MQ-9 platform early next year. And the whole goal is so that you can actually form this means of having a very high-bandwidth, low-latency, low probability of jam communication network to be able to go down to any platform, whether it be on the surface, whether it be on on a ship, or whether it be on air. And so we're really excited that that opens up a completely new way to move data so that we can start to enable the warfighter.

Tucker: Wonderful. And so what we're talking about really is a satellite that's communicating directly with a Reaper. And that's something that we've never seen before. How is that sort of different from space-based communication to assets on the ground, like ships and things like that? This is, in many ways, more direct, and it's like-based. So tell us a little bit how it differs from satellite communication with platforms as it exists today?

Tournear: Certainly, certainly. So as it exists today, you know, you have data in in space and and in order to to get those data down to the theater, you send that over an RF wave. And that those can be anywhere from UHF, [which] is the most common, all the way up to S band, or L band, that's what we're looking for for our Link 16. So those are all different ways to get that down. Now, what is the downside of that? Well, there are some downsides primarily in the amount of bandwidth. So it's very difficult to make sure that you can get a high amount of bandwidth down over RF. It takes an incredible amount of power. Essentially the lower you go in frequency — and remember, light is a very high frequency on the RF spectrum — the lower you go in frequency, the more power you need to put on the signal to be able to get the same amount of bandwidth. So there's that issue. There's also licensing issues, right? You can easily start to get interference among a lot of different channels if you start to try to do a lot of broadband communication with RF. So that also limits you. And then finally, with RF, essentially, you can jam that in a way, if you can just put out a lot of power on the ground and overpower the receiver — where in optics, with light, it's completely different. Because in light optics, essentially, you have a very narrow band, a very narrow, narrow line width, if you will. So if you want to jam that signal, you actually have to get a light laser that shines directly down into that telescope. So that's extremely difficult to do. It's not technically feasible to be able to do that over a wide area. So that's a big advantage. The other advantage is you can do that in a way where essentially your communications is not easily intercepted. If you're putting a lot of data out over RF, it's very difficult to essentially hide that. So now everyone sees that you're broadcasting; everyone can see that, in essence where you could be receiving. And so it's very difficult to hide that. So you get high bandwidth, you get that low probability of detection or intercept is what we call it. And essentially you’re jam-resilient. And so that's the reason we want to go to optical instead of RF in the future.

Feldscher: So I want to talk a little bit about the future of conflict in space...

That’s Jacqueline Feldscher, senior national security correspondent at Defense One. She spoke to Brian Weeden of the Secure World Foundation. We spoke to him in our “War in space” episode as well. He’s great. 

Feldscher: ...So what does the future of space conflict look like? Brian, if you want to start with that.

Weeden: Sure. Well, let's say we know what it doesn't look like [over] at least the next couple 100 years or 1,000 years. And that's TIE fighters and, you know, Star Destroyers and that sort of thing. We do know a little bit what it looks like, because as you mentioned, there is already space warfare going on in the context of jamming, electronic warfare, [and] cyber activities that are taking place in military operations and in multiple countries around the world right now. And that's going on. That doesn't involve destructive attacks on satellites. But if you're a soldier in the field trying to get access to GPS, or satellite communications or something, it can be just as effective to deny though through jamming as it is to take out the satellite — in most cases a lot easier, cheaper to pull off. One of the big questions then is what might happen if there's a couple of near-peer competitors that go into conflict, they have an armed conflict the next few years? Is that going to go beyond the non-destructive technologies and techniques to actual destructive techniques? And here’s where I’ll say we honestly don't know. Right? You know, unlike other domains, the air-land-sea domain, we don't have decades and hundreds of years of armed conflict taking place from which to draw lessons about what it's going to look like. So aside from the non-destructive techniques, I talked about it and sort of setting aside the sci-fi stuff, my opinion is we honestly don't have a really good idea of what it will look like. There's a whole bunch of things that could be taking place. We don't know if, you know, are attacks on satellites going to be the first thing that happens in a conflict? Maybe both sides are going to be reluctant to do that because both sides rely on space capabilities. There's a lot of different ways things can go. And that's what makes this a really difficult problem is trying to figure out and trying to, you know, hypothesize what could be happening, and then trying to figure out, ‘Okay, how do we potentially defend or protect against or increase our resilience against this range of things that could happen?’

Feldscher: Col. Felt, would you like to talk a little bit about sort of how the Air Force is preparing for that future threat landscape?

Colonel Felt is Eric Felt, and he’s the Director of the Air Force Research Laboratory’s Space Vehicles Directorate. 

Felt: I would love to; it's one of my favorite topics to talk about. I think spacewar is going to look a lot like the Cold War and that in a couple of different ways. First of all, we hope nobody's actually exchanging destructive weapons with each other. And we don't just hope, but we take active actions to deter that from happening. The nature of conflict in space is that there is an offensive advantage or a first-mover advantage in that it is a lot easier to attack somebody else than to defend your own stuff. And so we've seen that before. That's the same as with ICBMs, and other nuclear weapons. And so deterrence is the key to making sure that you can win in that kind of a battle space. And so that's why I think the first thing we have to do is study history. And studying the Cold War and how we avoided, you know, destructive, very destructive conflict with our adversaries, during the 50 years of the Cold War is a great place to start. Because I think there's a lot of lessons learned there for what we need to be doing in space. For example, it's important for your adversary to know a lot about what your capabilities are, because then they're going to be more afraid of taking you know, offensive action right now against you. Whereas if you keep everything secret, then they might think that they can take a gamble and win with a first strike. So all of that kind of thinking comes out of the Cold War and deterrence. And I think it's really important, just as a foundation for knowledge to think about space war, to have that as the foundation because the operating environment has a lot of similarities. So that as a framework, then, my focus on each of our technology, or areas in space, or mission areas in space, is making sure that those capabilities are there when our warfighters need them the most, not just during peacetime. So let's take the GPS jamming, for example. If we can develop some technologies that make sure that jammers are ineffective, then that will help deter the use of jammers because they’ll know that they don't get a military advantage from engaging in those. And all of the, you know, domains are interconnected. So there isn't just going to be a conflict in space, there's going to be conflict — period. And it could manifest itself partly in space, partly in air, partly in land, partly on the sea. So all of that is tied together and we can deter all of that conflict from one domain to another by having effective, you know, command-and-control mechanisms among everybody. A that's what JADC2 is all about.

Feldscher: Dr. Hammett, is there anything you would like to add to that?

Dr. Hammett is Kelly Hammett, who leads the Air Force Research Laboratory’s Directed Energy Directorate.  

Hammett: Just briefly, a couple of things: One, that the military and conflict is one instrument of national power. And just like the setting war will be multi-domain, you know, it will be a multi-element struggle. And so if you go back to the question about, you know, lobbing kinetic weapons at each other in space, not only do we deter that through military means, but through diplomatic means. So for example, when the Indians and the Chinese, you know, did destructive tests on orbit, they were censored, and the world community and the United States said, ‘Hey, don't do that, you are making the space environment more dangerous, and less safe and less profitable for everybody.’ So use the, you know, the Department of State and the diplomatic piece of that. So if you take that, and you look at how the response will be, that naturally leads you to think that the next way space war will develop will be unattributable. And so that means jamming, cyber, EW — types of electronic warfare. Those are the types of things the adversaries are likely to use. Because you can't point to a missile that everybody watched, you know, traverse and hit something. And you look at what's going on right now, you know, with our fuel supply, and other things. We have cyber and other attack vectors that we really need to be worried about. I can tell you the Space Force is clued in to all of those things, and really focusing on what Eric was talking about: resilient, [unintelligible], and anti-jam technologies for navigation, position, timing; and then attribution and response options for electronic warfare and cyber. So I think that's where we'll start. And hopefully, because of all those other factors, like Eric said, we won't get to the destructive layers; but some of that other stuff has is and will likely continue.

Another space-related bit that I enjoyed from our Tech Summit involved orbiting stuff — and orbiting stuff in strange orbits, you might say, stretching almost to the moon. With thousands more satellites expected to orbit our own planet in the coming years, tracking all of it will be a huge task. 

Here’s Jacqueline and Col. Felt again.  

Feldscher: Is there anything you can talk about just you know, [the Air Force Research Laboratory Space Vehicles Directorate at Kirtland Air Force Base, New Mexico] was obviously stood up very recently. Was there anything you can sort of point to as an example, in the past month or so that has been done there? 

Felt: Sure. They have a lot of important efforts underway. But one of the most important is the focus on CIS-Lunar, or above-geo space domain awareness. So my team that's working on how to get after the problem of tracking activity above the geo belt, and all the way. The moon is at about 10 times the geo belt. So there's a large volume of space between the geo belt and the moon — 1000 times the area that's in the geo belt and below — that we need to maintain space domain awareness, as we call it, of what's going on out there. We've recognized that, especially over the past two years in the community, that as there's been a lot of Chinese activity, and Chang'e-5 going to the moon as one example, lots of commercial activity planned for above-geo. So what the Space Force mission to watch what's going on in space, to make sure that that's the foundation of protecting our assets in space, came to us and said, ‘Okay, well, what should we be doing in this new orbital regime above geo?’ And my research team dug into that and figured out that well, there's a lot of technical challenges such as you know, the orbits are not simple circles when you have the moon there — the gravity of the moon being important. When you're at the geo belt, you've escaped 80% of the Earth's gravity. So it turns out to be a maneuver-dominant region up there, where it's with a small amount of energy, you can do a lot of maneuvering. So to just understand the physics of what's going on up there, and then perform the architecture, start the architecture studies, and we're not done yet, of how you would maintain tracking of activity that's up there, that's one thing that's already been accomplished in the [Space Warfighting Operations Research and Development, or SWORD] building. And I could tell you many other stories on the cyber side of things as well. But I think that cislunar SDA one most exciting and important activities.

We turn now to some big-picture national security concerns. Stuff like the rise of China with its expertise in, for example, surveillance technology that’s proliferating across the globe. Patrick Tucker spoke to Mieke Eoyang, who is the Pentagon’s Deputy Assistant Secretary of Defense for Cyber Policy. Here’s a bit from their conversation. 

Tucker: You've been very busy. Recently, you were at the Brussels Forum; you were on the Hill yesterday making a lot of very important big points about the current state of cyber policy and the cybers in general as it relates to national security and democracy. And at the Brussels Forum in particular, you had a lot to say about the rise of what you call ‘digital authoritarianism,’ practiced by a lot of countries. Tell us what you mean by a rise in digital authoritarianism. Were you seeing that? And why is it a threat, perhaps to U.S. national security?

Eoyang: Yeah. So what we're seeing when we talk about the rise of digital authoritarianism is certain states who adopt types of technology that allow them to surveil and repress the speech of their populations to repress dissent to target individuals. That's very much contrary to the values that we in the Department of Defense are sworn to defend. And that really poses a national security challenge to us in the United States. It closes space. It makes it more dangerous for Americans who may choose to speak out against what they see as human rights abuses in other countries. And so that, you know, that goes against our core values inside the U.S. And also, it represents a competitive challenge to U.S. technology companies when we see countries like China exporting this technology all around the world with, you know, their technology. It’s not just neutral; it does come with the ability to engage in this kind of digital repression. So we see this as a challenge to the department, our operations and our values.

Patrick also sat down with Ylli Bajraktari, who’s the Executive Director of the National Security Commission on Artificial Intelligence. And as the U.S. gets smarter about AI and its potential applications for just about every industry, it’s gonna be super important to keep the best and brightest minds on the task for the years to come. One particularly relevant aspect of that is a sober examination of America’s immigration policies. 

Here’s Patrick speaking about that to Ylli, whose organization recently released a report on how to approach immigration with an eye to America’s complex and growing national security tech sector. 

Tucker: One of the things that you also bring up is immigration. And we know that we're in a new era and potentially a new era in terms of open immigration opportunities. What now, if you could lay out some specific priorities, needs to happen to help us begin to attract, again, the talent that we've been attracting for decades, but really helps us in this race against different states that don't have open immigration policies that don't have opportunities for people to come and start businesses and thrive?

Bajraktari: Thanks, Patrick. We've focused really on how can we remain a global magnet for talent? We believe there are a lot of individuals that come to the United States. And they're willing to stay and contribute to our economy, social wellbeing, and ultimately national security. In our final report, we recommend passing a national security immigration act that would help STEM talent remain in the United States. It would reduce the barriers and burdens of the citizenship process, and create specific pathways for entrepreneurs. So there are four components to this act that we outline in our final report. Number one is, we recommend granting green cards to STEM students graduating with PhDs from accredited American universities; we recommend doubling the number of employment-based green cards; we also recommend creating a special intrapreneur visa that would incentivize entrepreneurs, and individuals that come and they can help in the conserve as an alternative to other visas that we have in our systems. And then lastly, we argue that we need to create an emerging and disruptive technology visa, a visa designed to attract top talent in critical fields, that it would increase our access to a greater pool of talent, and help fill the labor market demands for technology based fields. This is one area in which we have to move fast. You know, in the last couple of years, talent has started to move elsewhere. You know, China has done a lot of efforts to bring back their talent, either from United States or elsewhere. And so this is a great power competition regarding talent as well. So we need to remain the country as an immigrant, I say, that brings the best and the brightest to come here, stay here and contribute to the well being of our nation.

Tucker: I want to go back to something you mentioned, you mentioned the Colonial Pipeline hack.

That’s, of course, Patrick Tucker again. He’s talking here to the Pentagon’s Mieke Eoyang, whose portfolio concerns U.S. military cyber policy. 

We’re going back to MIeke because she mentioned something that’s fairly simple, but also seemingly revolutionary — at least to my understanding of how most companies and professional entities operate today. And it’s basically taking the idea of a firedrill and applying that to the cyber realm. 

Here’s Patrick. 

Tucker: And this is not like sort of a specific DOD thing. It's a private power company that was hit by ransomware. But it speaks to a broader problem that I think it's going to be just a part of modern life for the next several decades, unless there's some sort of fix for it. And that is this trend of Eastern European — usually, but really, it could be anywhere — cyber criminal gangs that have some connection to an adversarial state. In the case of Colonial Pipeline, Darkside, having some sort of connection to the Kremlin. And that connection can take all sorts of different forms. It could be very direct sponsorship; it could be sort of like a sale of intelligence after the fact. But it makes it very difficult from the perspective of like sanctions or other penalties that the U.S. government might put on a nation state to really disrupt that behavior. And that allows nation-states like Russia to take advantage of private groups that might have their own profit incentive for hacking things like the Colonial Pipeline, but that are still working with an adversarial government. And that is just a problem that I think is going to, we're going to see continued for a long time. So from your perspective, and understanding that DOD specifically will have a very limited role in this, but the broader government has to tackle this as a problem. What can be done about that new trend of ransomware that has that edge of being connected to a government, but that is perpetrated by a quote unquote, private group?

Eoyang: Yeah. So you know, the department participates in whole-of-government activities to target and disrupt ransomware. And we are happy to work through our intelligence and law enforcement partners to be able to provide insights to be able to disrupt that threat. But I think one of the keys and the Colonial Pipeline incident really points this out. It's really important for industry to think about this from the perspective of resilience. What we had in Colonial was a situation where the company's business systems got hit with ransomware. We didn't see any indication that the adversary got into their control systems, their operational systems, and then they shut down. And companies need to have a plan — like that you would have a fire drill, or all kinds of other things, all kinds of other plans — for this kind of contingency. Because while we need to address the problem of safe haven that is provided predominantly by Russia, but other countries as well, and you saw the president address that directly with President Putin; companies need to be prepared for the possibility that it could happen to them. They need to improve their security, make themselves harder targets; but also really think about continuity of operations so that if or when they get hit, they know how to keep moving, how to work around the problem. And that is a challenge that, you know, we need to  — you know, this is a whole of government, whole of nation problem; but I don't think that we want to be in a position where people are turning to the Department of Defense to try and stop every single criminal gang out there. But in the meantime, people also need to focus on improving their own resilience, being a harder target.

We’re going to end today with something we have all experienced at some time or another. And that’s going to work where the computers — at least somewhere in the network — are just simply too old and too slow. But, more concerning than that to cyber professionals, is the fact that those old computers are probably superb vectors for any range of different cyber attacks. 

It’s an issue that the NSA’s Director of Cybersecurity Rob Joyce calls “tech debt.” And it’s a growing safety problem that, at least from Joyce’s way of thinking, parallels the need to mandate seat belts in automobiles as the U.S. did back in the 20th century. 

Here’s a short bit of Rob Joyce’s conversation with Patrick. 

Joyce: So the biggest issue we have right now is tech debt. There is a lot of legacy equipment that has known vulnerabilities in it deployed, and it's deployed across critical infrastructure. It's in our businesses. It's even in some of the government networks. And where that is a huge problem is that it is an easy on-ramp for these attacks, whether it's a nation state attack looking to gather information, or whether it's criminal trying to get a toehold in and then start a ransomware campaign. We have to do the basics. People are often worried about these advanced, advanced threats. And you know, I mentioned earlier that sometimes those highest actors can defeat best commercial practices. But the reality is, most times they don't have to. They start with a known flaw; they start with something that's unpatched. I think we're in a new era where the general public is starting to understand that things in the cyber world translate into real effects in the physical world, right? We all saw the lines or even closed gas stations because of ransomware. That was something that occurred in the digital realm. But it transcended over into the physical space. It's a serious problem. And as we look at that serious problem, I think the recognition is now starting to drive the solutions, which is we'll have to prioritize, we'll have to do some hard things, we'll have to make some decisions and investments.

Tucker: So I thank you for bringing up this tech debt issue and covering this area. I and a lot of people are frustrated to see that a lot of the big hacks that affect people use a vulnerability that's actually already been disclosed by the government in the national vulnerabilities database. So it's something that's not particularly exotic or was difficult or required an entire gymnasium of GRU operators to write. It was something that people knew about, and didn't patch against. So in thinking about this tech debt, because I want to stick with this just for just a moment; the city of Baltimore schools, hospitals, apparently some aspects of infrastructure, where do you see it most prominently?

Joyce: I think it's broadly across all of that infrastructure. Like I said, the biggest problem is historical tech debt. So that means we have to be investing in refresh. We have to be investing in the defensive teams. We have to be investing in organizations that will track, follow and upgrade to close out those vulnerabilities. And from where I sit, there's probably going to have to be some regulation over time. I look at the automobile industry. And we wouldn't have gotten seatbelts and airbags and emission standards and fuel mileage as a priority. without some amount of the government saying, ‘This is the bare minimum, this is what we need to do.’ And we're all a little better for it, right? So that's in the lane of the policymakers and the legislatures to look at, because it really does come in a balance. It comes at imposing costs and difficulty to all the organizations that have to step up. But I can't see us moving beyond this without some of that effort.

NEXT STORY: The US Desperately Needs a Civilian Cybersecurity Corps