Learning to Innovate: 21st Century Cyber Defense & Deterrence

the besides DC 2017 videos are brought to you by threat quotient introducing the industry's first threat intelligence platform designed to enable threat operations and management and data tribe a new kind of startup studio co building the next generation of commercial cyber security analytics and big data product companies I'm lieutenant colonel Ernie Wong I work in this organization called the army cyber Institute located at West Point New York well 50 miles north of New York City and for today's talk hopefully here in the right room I'm talking mostly about innovation and so when I think of what is it that drives America's sort of preeminence in the world for really the past 100 200 years really past hundred years really

since the world war two but when I think of what drives America's preeminence I think of innovation and and so what I try to do with this presentation is I'm trying to convince generals right military rank to understand there's different ways of innovating and especially as we look towards cyber defense and cyber deterrence now some of my cadets I teach at West Point and some of the kids I teach they will are debating me on whether or not cyber deterrence actually exists and I think that's a great debate and hopefully I'll have time to talk about that as this presentation goes on now I tend not to introduce I tend not to give a slide

that introduce myself or I prefer to as introduce myself as the slides go on so hopefully you'll see that so with what we do at the army cyber Institute I'm sure not too many people know what the ACI is we were stood up in 2012 if you can see our emblem there 2012 so not too long ago we have a bunch of start-up tech companies visit us and give us advice and they told us yeah you guys at the ACI are a start-up organization we are housed in the old woman's dormitory that used to be outside of West Point a lady cliff college and when the tech guys are telling us yeah we're in a

warehouse you guys are no woman's the one from you're still a startup so we are getting a renovator right now we're actually worse off now we're in trailers because our office space is being renovated but here's our current mission statement what I've highlighted in blue is our are two things that we do most uniquely as a government organization especially a federal entity militarization we create in powerful partnerships okay not just with other government organizations but we create impact the partnerships with academia being low key at West Point that helps out having that dot edu address right in the back of my name you somebody to you that helps us as well because when we go visit places yeah I

tell folks I'm the Fed but the reality is having that dot edu I'm more of a researcher so folks tend to be a little more open with us and sharing because the other part of our mission building intellectual capital ninety percent of what we do at the ACI is at the unclassified level you talk to most other armlet organizations or government organizations anytime you talk about offensive techniques the ad they'll probably elevate to the classified level and they'll be a little hush-hush about that and there's not a whole lot of sharing when that happens so we found out working in the unclassified space developing trust with partners telling folks we're going to try to publish as

much as possible and I encourage publishing with a lot of partners I work with now our proposed mission we have a new director and really for the next five years Colonel Andrew halls our new director he's modified the mission statement a little bit and we're still doing interdisciplinary research so that's still in there shaping future thought and when I saw this developing innovation solutions to enable cyber listens resiliency I know I'm on the right track because really the presentation I'm doing here is really with the research focused on that I'm using for the past two years when I think of revolutionary or innovations in general I don't think of this notion of this one monolithic entity so another

way of calling this right I called them my title you know thinking inside the box another way of thinking it really is really it's it's cool to be square all right I'm talking to a tech audience so it's cool to be square all right bye breakdown innovations further I don't think of it as a monolithic entity I break in to two criteria first is the technological complexity or sophistication of the innovation and second is whether that innovation targets a new market or an existing market okay when I am looking that low-tech existing market solution that the bottom left hand quadrant I'm calling that sustaining types of innovation yeah it's coming out bad I'm calling that sustaining types innovation

on the high-tech existing markets I'm calling this incremental or evolutionary types innovation so let's link Darwin right Darwin is talking about evolution Darwin Darwinian types of evolution when I go high-tech but new markets or underserved markets I'm thinking of breakthrough or cutting-edge or where I prefer to call jumping the curve types of innovation I'm gonna come back this jump in the curve a little bit later in this presentation and finally this revolutionary great innovation right does this even exist right low tech low tech stuff but new markets hopefully in this audience I think it will resonate with law folks in this audience okay revolutionary innovations and hopefully my slides come out a little better in in just a while

unfortunately as I mentioned earlier many people think that innovations can only be high tech right in this high tech space right in this breakthrough and then this evolutionary types innovation what's worse right many of our government leaders folks I'm talking with they only think of this space right here this notion of breakthrough or cutting-edge or well I'm going to call jump in the curve types of innovation hopefully through this talk anyone anyone in this audience think that way anyone thinking only high tech can be innovation good that means at least hopefully you've you tired you're gonna tired like me right last presentation a day I do have to thank the 'besides organizers they were actually very thoughtful for me I knew

the army 10-miler was happening this morning so they reserved me for the last presentation so the question is how did I do my run time yeah I run and I know this is being recorded but I don't I normally run ten miles a year so to run ten miles in a day that might be a little dangerous for me especially as at my age okay but this notion of low tech right I want to introduce this notion of that right looking towards the past especially look towards the there's possibility that low-tech solutions can generate better ideas and better creativity for our defense cyber defense yeah it's gonna look pretty bad today yeah okay well actually comes out

actually good good when I'm thinking sustaining innovations this low tech but existing markets I'm thinking spark so as you apply gain a little bit of insights for me I'm a huge Star Trek fan I'm also a Star Wars fan you see it a little while but I'm thinking Spock all right Spock gives Captain Kirk the most logical highest probability courses of action to select right in Star Trek to the movie right he said the needs of the many outweigh the needs of the few or in his case the net in that movie the needs of the one so Spock sacrifice his own life to save the enterprise okay the store Trek star talked to Wrath of Khan

okay that's why I'm calling sustaining innovations just meeting the existing customers needs and it's really the big customers that's really a lot of highlights the big customers so when we move over to any Mad Magazine fans anyone still remember Mad Max I know we had a lot of kids here so they might not know that but it's online now but if you wear Mad Magazine this notion of evolutionary innovation right spy versus spy right the white supply is trying to kill the black spy and vice versa and every episode you see once by killing the other with though by outwitting them or with some new type of device that's this notion of Darwinian evolutionary or

incremental innovation it's a little more high-tech but again still targeting existing markets now when I move up when I move up to high tech but new markets okay I'm thinking in this quadrant again for breakthrough jump in the curve I'm thinking James Bond okay primarily I'm thinking Pierce Brosnan and James Bond yeah you might say that Daniel Craig you had the new James Bond yeah especially in Casino Royale yeah he might have been in the revolutionary space a little bit but yeah for the last two movies right what is it Hama soulless and what's the latest one Skyfall and right yeah Spectre right he's getting them he's getting the expensive devices right he's getting the

bandage he's getting that Vantage it's got the paint job that's uh that camos him from everything so let's break through right the core massive divisions giving James Bond the best equipment the highest R&D okay but takes a lot of time it takes a lot of time and develop that stuff and again Q gets mad when blonde breaks it because it's expensive why it's one-of-a-kind blonde needs to bring it back so they can right get the return on investment by doing a few more missions okay now what about this notion of revolutionary innovation that last quadrant does he even exist I know everyone didn't raise their hand everyone right yeah yeah hopefully or you're bleeding me especially in the

hacker community alright I'm thinking here can you see that who is that that's MacGyver alright I'm thinking MacGyver right MacGyver saving the day with what his own wit whatever's in his pocket and his Swiss Army knife I actually had to see the new MacGyver has anyone seen that the redo yeah I actually had to see one episode I didn't watch the whole episode but when I saw the Swiss Army knife come out yeah when I slide in the episode that he'd add the Swiss Army knife he was cutting this this hose that was tied against his neck I said okay I understand it's MacGyver still yeah but I've heard about some bad reviews on it so I didn't watch

the whole episode now again I was expecting some script kids or crypt kids to be here lots of kids crypt kids give it here so again I knew the kids probably wouldn't understand MacGyver so again for me might be Jason Bourne that's coming out a little word right Jason Bourne right so they think of Jason Bourne he's disruptive he's using whatever's eyes disposal to save his own life or the life of right his girlfriend whoever the girlfriend tends to be with them at the time now okay so we have some Hollywood examples now of different types of innovation and again I'm a military intelligence officer I told you I'm gonna introduce myself as I go on in

military intelligence we tend to think of spies so what's the one character who it really isn't a spy I'm a guy rich by spa yeah I told you like Star Trek but really Spock doesn't fit my ax a good analogies for spy craft here so instead of Spock okay I'm thinking Mission Impossible no no I'm not saying I'm not thinking Tom Cruise Mission Impossible because Tom Cruise Mission Possible isn't the breakthrough area alright even when it was rogue nation when it was Ghost Protocol but he got cut off from anything he still got resources right he still got Rhys where he's got friends with all the high tech stuff okay I'm thinking designer Nimoy played Paris in the original mission

impossible if you remember the mission impossible but it was black and white didn't turn color right the Peter Phelps character I can't remember his name now who was his name well he was charged in the Mission Possible forces right in order to craft his team of experts he had a dossier of all these folks he just picked the best persons for the team sure Barney right if you remember Barney Barney was the guy with the high tech stuff yeah Barney would be in the breakthrough okay but really all the high tech stuff remember the episodes the high-tech stuff failed right and they had to go impromptu and so that's when the Mission Possible teams relied

on their own way like they relied on their own language skills they relied on their being able to deceive and call on foreign nations I have secrets and drawer doing somethings that I guess it was the u.s. at the time was trying to do okay so again any Tom Cruise fans here I make fun of Tom any no no one's a Tom Cruise man yeah yeah listen Tom Cruise fans good so yeah I say Tom Cruise in Mission Impossible is breakthrough but there's a Tom Cruise movie where he's revolutionary and disruptive anyone think of what that is laughter what was that movie The Last Samurai yeah that doesn't look like less my picture though right yeah let me let

me see if this works out yeah I have to Nicole Kidman no wasn't in this one let's see if we can figure out my soundtrack

[Music] now the reason I'm playing this the reason I'm playing this intro is I had a review this entire movie to figure out if it actually was disruptive or revolutionary it was again this is tah this is Tom Cruise and Top Gun Top Gun 2 is coming out is it called maverick cuz I they should give it light when I say killing you jealous that's what gives it away yes I saw this amazing things yeah so let's look at this this comes from the movie right on March 3rd 1969 the US Navy established this school right for the top its put top pilots you know each dog fighting dog fighting techniques to install his pilot's the

interesting thing was when I saw this I actually did a little more research into into the Vietnam War and the Benjamin Lambeth wrote this great book called the transformation of American airpower I disagree with his conclusions but on his notes on Vietnam was very interesting in 1968 the u.s. department of fence stopped the bombing campaign in Vietnam there are too many casualties too many fatalities from American pilots both on the Navy side as well as on the airforce side the ratios were three to one actually close to four to one three point seven to one if you see on the very far lower left-hand corner so up until from 1965 960 68 about a million

sorties essentially individual Arab missions that went up and for every US pilot we sent up we shot down essentially 3.7 Russian pilots and so it's really a myth the f4 phantoms versus the make 17s and make 21s and the interesting thing is yeah three point seven to one is not that bad you have questioned our 65 through 68 three years yeah again the way the Air Force are you an Air Force guy yeah the way they count sorties one mission might be multiple sorties because they might be doing multiple missions if they're doing intelligence for surveillance reconnaissance and they're doing errand interdiction those are actually two sorties so it's not an individual flight the Air Force counts things a little

differently and so you just have to be bare with the suspension of disbelief and how we count things okay so one flight might actually be about 10 sorties for some oh yeah yeah yeah yeah but the ratios that's why the ratio is I think are more important so that's not too bad right for a military 4 to 1 3 to 1 ratio but again just remember the Russian military the Soviet Union they were based on mass right the American forces we did not have that many aircraft we didn't have that many pilots so even if we were to continue that operation the Geo D figure we're gonna lose our military power from error because the Russians our Soviets they

could replenish right they had the machine that could replenish right the aircraft he lost saying they had the huge wealth of that entire nation that they could send folks through pilot school ok the u.s. we could not afford that so in 1968 we suspend operations and the Navy went through right this notion of top gun now here's what happened so the Navy will execute top gun I'm calling that a revolutionary innovation because all they're really doing is they're using Russian doctrine Russian techniques Russian Bob flying techniques to teach US pilots how to counter those a lot of experimentation if you remember in the movie right you see what was Mavericks how did maverick get that big whatever was it wasn't a

mig-21 was on MIG maybe 20 to possibly how'd he get it to get over go away right he went upside down and he he threw him the the bird right so they're doing a lot of experimentation would the Air Force deal the air force oh yeah we can have an Air Force first case I can't make fun the Air Force folks the Air Force tends to do a lot of breakthrough innovations very well so they want the breakthrough route they said we need RF force or f4 phantoms we need them to be more power more jet propulsion we need longer weapon systems greater range okay so that's what they did the Air Force went breakthrough so for one

year 1968 1969 right suspension of era air operations this is a little happening when they start back up in 1969 amazing Air Force actually went down right statistically nonsignificant they stayed about three two one four two one look at the Navy Navy pilots had a kill ratio of 1301 after Top Gun one year of Top Gun and again the way the school works is about 10-week course not every single Navy pilots going through this course it's the best pilot supposedly the best pilot from each of the Navy squadrons right that's how Tom Cruise got the job because cougar right couldn't take it he was getting uh he got the honed in by a Russian jet right

he's locked on and who got the frazzle Val right got PTSD couldn't take any more so he couldn't fly so maverick took the slot maverick and goose took that slot so again from this revolutionary type of innovation Top Gun using low-tech dogfighting techniques they outdid the airforce 1301 versus 3 or 4 one amazing right that's amazing in one year and again the way the school worked was not every pilot not every Navy pilot went through this course it was the best pilots when they got to Vietnam they spread the wealth of knowledge hey this is where I learned that Top Gun this is what you should be doing in dogfights so they spread the knowledge to the rest of

the naval fleet it's pretty amazing now this notion of breaking the world into four quadrants that's a very MBA type of thing to do right I know we had some MBAs in the audience in previous sessions it's not very mathematical I teach systems engineering at the United States military camp night at West Point and I always tell my cadets give me some numbers or at least justify it right I don't know where this scale is so again this is not from a mathematicians perspective but now if I add one more criteria okay now it is in thinking inside the box right not just a square anymore we are thinking inside the box now it's a 3d representation I'm doing

it in 2d format still now this notion of offset potential right where do we get high offset potential from high impact types of innovation versus lower impact types of innovation well that's going to be in the top two quadrants right revolutionary and breakthrough innovations they change the landscape when CEOs when you read those books those business books they're telling you take risks change the world they're not tell you to take take risk and sustain evolution that's low-hanging fruit you should be getting lots of success right that's not where you impact the world you impact the world two revolutionary breakthrough touch innovation so this is what a more representational graph would look like even without numbers yeah I know it's

still not mathematical well how about if I now change that offset potential criteria and call it probably success pause this graph changed now why it's the opposite right again with the evolutionary sustaining types and innovation we should be expecting right sixty seventy eighty nine percent chance success rates not so with revolutionary breakthrough and that's what I want our leaders to understand when you're doing revolutionary breakthrough innovations expect expect failures at SCOTUS at the keynotes talk yesterday he was talking he's doing revolutionary innovation in my opinion i buying all these internet things devices is he failing at sometimes yeah I remember his big failure he wiped out his entire database that's a that's I call that a big failure that's not a

small failure we kind of let learn from smaller failures but for him that was a good failure right he's going from it you started backing up daily all right that's a good failure still not from a mathematicians perspective but again this would be more of a representational at least from a scale perspective okay we want to go for the revolutionary breakthrough types innovation if we want to impact the world impact in different ways if we want more success more probably assess go for the sustaining and evolutionary innovations okay so again I tell my kids I want numbers so in this case I looked at the revolts that happened across the Middle East North Africa back in 2010 2011 we had a

street vendor whose vegetables and fruits got confiscated by the Tunisian police right he wasn't allowed to sell his stuff in his case right that was his livelihood so what'd he do he self-immolated himself and with that right it spread that one incident spread across 13 other nations immediately sure there was a lot of right there's a lot of social media right Twitter right Twitter gave and LA there was also this thing called WikiLeaks if you remember that time 2010 yeah US State Department cables they got posted on Wikileaks State Department embassy personnel even ambassadors telling us you know these countries that we work with they're kind of corrupt we really shouldn't be doing business with

them and they detail that right this is the level of corruption are doing so again that didn't help so we had a lot of revolts taking place throughout Middle East North Africa so which one of these countries actually revolted successfully revolted well we had to need let's look at this Tunisia actually did fall they were the first of all their King fled okay so the new the revolution took over we had Egypt Egypt fell in about three days Yemen there's still a lot fighting in Yemen but that King fled having fled to England and we had Libya right Libya Gaddafi he got killed two years afterwards so but his government fell I don't consider Egypt a true revolution

now who took over the on after the third day in Egypt military the military took over so again when I'm talking revolution right think true revolution it's gotta be the people that take over when a military takes over I call that a cool a military coup rights distinction there right because the military has the government governance has the equipment it has the training it has the people that can't start a government or governance immediately after power takes over right that's why in the US military I am a product of that when you think of efficiency please do not think of the US military we are inefficient because of this arc our founding fathers they've they studied history right remember

Romans you remember the Romans it's bad when Julius Caesar brings his his legions across the Rubicon right never want to see the legions cross the Rubicon that's too close to Rome so that's this notion of militaries can immediately take over governments or take over governance of countries which is why we see that happening across South America Southeast Asia South America yes sure we train a lot of those dictators as well there used to be a school called school of Americas down in Fort Benning Georgia yeah we trained a lot of them right between them in warfare our training and military doctrine sometimes they take over their countries later after they graduate right Noriega we have

Babis so they renamed that's cool right yes over the previous speaker talking about renaming things Patriot don't call it idiot call it Patriot yeah we the army does that a lot we rename things when they don't they won't work out too well for us so this notion of military crews right I've been military for 23 years now and I've moved 11 times that is inefficient right there's no way you can get in gain efficiencies by moving back that quickly when they move them the military leaders that quickly that's structurally there are to bring in efficiencies is structure you there to help ensure that the soldiers not pledge allegiance to the military leaders as the Romans did or as in North

Korea right everyone North Korea pledges allegiance to Kim Jong moon okay in the Romans right the Roman generals fed bathed paid the the conscripts right they gained the freedoms from the Roman generals so in the American system right our founding father said hey we don't like that system we want a strong military but not too strong that about we take over the take over the nation's okay so here's the map I always tell my cadets do not let generals do math in public so here's the mathematics unsuccessful revolutions about 71 percent successful dilution is about 21 percent there's one that's not showing okay there's the question mark Syria doubtful right it's still fighting lot of folks still say that Syria could fall

I've started counterinsurgencies before starting cyber warfare now that Russia is supporting the Assad regime it's tough for us too it's gonna be tough for us to break that strangle hold right and I'll show you again why this is so because once the once the government is starting to fight the rebels right the insurgency's that's a bad sign for the insurgency they normally fall and hopefully I'll show that in another graph coming up okay so this notion of revolutions right well I think Hollywood gives us this impression that revolutions are easy right in this case I said looking at the past sometimes is helpful and the way I look is with numbers I kind of like to think of Major League

batting average at best that best Major League batting average forcing Bates but knew that welcome very welcome oh yes be a lot so I tend not to think so much I'm more of a Star Wars fan take that really our Star Trek Star Wars

this episode point 5 I guess you wanna call rogue one they give us this notion yeah we can we can beat the best boss right however I told you the problem is my favorite Star Wars movie is The Empire Strikes Back episode 5 because when Darth Vader and the Emperor figure out these rebels are causing problems that's a Death Star Overland breaks inside it's hard to see right they kill they don't worry about the they don't worry about each individual rebel right they don't you worry about each individual Jedi Knight they use a death learn just kill the entire kill entire planet they think there's a rebel base there ok so that's what that's why I

think going back to the Syria Syria is a playing out of Empire Strikes Back so that's why it's gonna be tough for a song or at stuff for the rebels to really take hold of that country because the longer it goes the more salt has the resources right the u.s. is playing resources sure to Syria but it's not a concerted effort because there's so many split out rebel rebel teams there now this is the other way of looking at revolutionary types of division through a timeline instead of through the quadrant system you can look at through a timeline there's another way of looking at it so most innovations right again from with bomb to quadrant sustained in

evolutionary incremental innovations is not like there's no innovations taking place innovations are taking place we're just at a slower pace the innovations take pace a slower pace because I remember I told you these types of innovators they are catering to their best markets the biggest customers ok so if your king or your best customer are you often you often leave the little guys behind alright so a lot of you guys in the security practice cyber security business there are a lot of tools out there that don't exactly do what you needed to do so you hack it and you do something else with it that's why I think this notion of disruptive innovations revolutionary revisions fits very well with hacker

community because this is where the breakthrough jumping the curve happens it jumps the curve because right it's going beyond what the mark is expecting it's a new market now revolutionary innovations are a little different it's coming from below the curve cannot even happen right how can you have an innovation that is far below what people already expect from a product or innovation because this is what a revolutionary innovation is it is appealing initially to a new emerging market it's far worse on at least one or two mainstream areas okay but here's the thing if it's successful improves that such a rapid rate that can overtake the folks in green do you believe me it's hard to believe that how can this how

can this happen well these two researchers Joseph bonk Lincoln Christians and they're at Harvard MBAs they studied this phenomenon it's amazing Xerox versus Canon if you remember back in then in 1970s early 80s would Xerox build they built print divisions right the best customers with Fortune 500 companies universities big government agencies print divisions size of this room printers I could do everything Cole a staple hole-punch rights or they did it all for you but they're huge machines so Xerox kept building bigger and bigger machines because that's what their biggest customer wanted we want new features all right we want an out prayer on plastic film you now want to print on stock paper we all wanted to print on heavy

duty paper wood cannon whoo cannon focus on consumer yeah the home-based market Xerox left Academy when Kenan came out with their home-based printer far inferior right quality wise didn't have the resolution a Xerox so Xerox laughed at Canon that's probably a good indicator you're probably doing something right IBM versus Apple same thing IBM focused on the mainframe why would Apple why would you create this inferior product why would anyone want the same for your products or it's cheap but we have a mainframe does everything Apple kids the home basic user much cheaper right that was the the price differential right the mainframe was huge only a top Fortune five companies and universities could afford them what

about a different area not in the high tech this was a little different this was a shock to the system right the Big Three automakers versus the Honda's intuitive's what happened in 1960s 79 1979 gas prices right they doubled high they Iranian oil embargo right they remember our go yeah I tell my cadets do their literature reviews on movies I'll be okay with that they don't need to study green stuff just watch movies so if you remember our goal right then we had these hostages and and so with that hostage negotiation when yeah President Carter said no oil prices doubled so what was the what was the performance feature that people will value to 1979

night ladies miles per a miles per gallon right before that Americans liked big vehicle spacious vehicles and we liked thrust we like that that Billy to go quickly right with that oil crisis yeah it was Honda's it wasn't quality just remember it wasn't quality initially right quality was probably gone right probably a little worse than the big three it was fuel efficiency right crap terrible cars right floored GM Chrysler said we're not going to we don't play in that space we're gonna give you the economy car market cuz we don't play in that space low margins okay so quality didn't rise until probably in the late 80s okay but once they started rising with the with

market they started getting market attraction then quality improved as well what about today anyone still have a blackberry but I have Bok Boro right the government I told you inefficiency no there's still some there's still some security features on the blackberry there that the government likes ok but we have my phones too but again efficiency right not the government blackberry what was blackberry what was their one feature that they couldn't get rid of keyboard right if you remember that the height of blackberry probably the first year in President Obama's administration right right they called the CrackBerry right even President Obama was always on it it was always the keyboard they even had races they you had to race right if you

remember that on those late-night shows they had guys texting each other with their guys competing on Morse code things like that I mean the keyboard was right blackberry could not divest themselves from the keyboard because their main customers why he would actually one bigger keyboards right blackberry kept one how do you make it ergonomically so that their customers could do well did you ever see a grandparent with a blackberry I never saw a Grandpere with a blackberry so what did Apple what Apple focus on for the iPhone simplicity right some folks will tell me it's apps customization but simplicity kids are using right Python grandparents are using the iPhone right do not ever mess up I don't understand why tech companies

whenever you come up with an upgrade modify the visual display dude have you ever seen a grandparent complain when we have a upgrade on a system word where did the login screen but where did what do I type in my password it used to be up here now it's on the bottom I don't my tech companies do this right apps yeah you're appealing to different markets if you're killing simplicity's you could go with simplicity so again I always get this question okay yeah okay we have tech yeah even some of the automakers we have this notion of revolutionary innovations does exist anywhere else it exists everywhere I look ok before I get into that though again I just want to

highlight breakthrough and revolutionary innovations tough to do right 20 30 % okay so even with all these successes there's failures so if you look at some of these other examples sports TV shows news restaurants TV shows what's right what's disruptive what's revolutionary with TV shows these days yeah YouTube I think YouTube is yogge really right anyone who can make content you don't have to be a big business NBC studio make content now youtube film yourself my eight-year-old nephew right he put a star a lego 10-second clip of a lego actually figure hey he's his own producer he's an actor too own writer I'm thinking for me I'm thinking all these all these reality sitcom shows

back in the day right in the 70s was the game show is that was the revolutionary thing no script you just get people to play a game now it's reality TV a lot of reality TVs don't make it though right my reality is that Tunisian audience so again a lot of failures associated with the revolutionary innovations what about what about restaurants I think almost every restaurant and any new restaurant I think is trying to be revolutionary because if you think about it they think their product like their food is better than everyone else's so I'm gonna start a restaurant I have no word of mouth no one knows me other than like maybe family and I'm trying to

start this restaurant unless of course you're getting a franchise right if your franchisee you're in the green space right because you're already you have existing customers you have an existing pipeline give everything is existing all you're doing is buying into that system with the new location but if your new restaurant unless right Who am I thinking I'll break through anyone watch the food channels where they have the guys doing scientific molecular gastronomy as I guess that's what we call it right guys using blowtorches and what liquid nitrogen to make new food I think that's Python the breakthrough side right in the blue screen but almost every new restaurant if you're not in the franchisee business I think you're

you're actually trying to say you're you're revolutionary it's tough to do restaurant business tough sports anyone can think of sports revolutionary type of example he gave us I can't explain a little bit more that you games oh okay you're so you're talking about the arcades the World of Warcraft competitions okay so you're thinking off on a macro level silo level okay I like that that could probably work yeah so it's no longer well we went from gladiators right I'm going all the way through history of gladiators to sports now excel got tronic sports okay I'm thinking more of does anyone remember Michael Lewis's Moneyball he wrote about the Oakland Athletics the baseball team and they were trying to

compete with the likes of the Yankees and the Red Sox the folks write in green the Yankees and Red Sox the green right they have the money they've got the Alex Rodriguez they've got the Jeter's they've got the money to buy essentially the entire Oakland Athletics teams what they rely on they relied on statistics right sabermetrics is what they termed it all right this whole notion of using statistics what's relative able to you to try to get a competitive Vantage okay and if you watch the movie even his own coach didn't believe him right he was hey these guys can't pitch they've got a funny-looking pitch this guy can't hit a ball right but he steals base he gets on

base all the time right he's always getting hit so he gets on base so they were looking at at the statistical modeling to hopefully map some advantages that the big players the big markets right the New York's the Los Angeles that they can't get in Oakland okay and I for me I think it's everywhere everywhere I see because I do this as part of my research I see it up even in research I have PhDs that tell me you can only do PhDs and things especially in in cybersecurity on 0 gave zero day vulnerabilities that's the only thing to do research on folks the previous talk talks about Internet of Things exploitations holy smokes we have a lab on inner things devices we

Google all of that right you google and find the exploits while we have research that tells a PhD guy says that's not real research and he lasted them that's revolutionary I call I look at that the inner things lab has a revolutionary innovation we're trying to find faults in systems and we find it by available resources Google alright YouTube it's already someone's already found it for us okay or the manufacturer puts right the Badman passports in there for us and there are default passwords can find it so how do we best protect cyberspace again I'm normally giving this presentation to military folks so how are you I've been talking about revolutionary innovations but the reality is right we do need

revolutionary or innovation I'll focus there but we also need breakthrough we also need sustaining and incremental so we really need you all for okay but here's the problem I don't think we do enough revolution in the military right in the last few conflicts now I'm not talking about cyber warfare but in last few conflicts where we really haven't out right one right starting with the Korean War gentleman Arthur consistently underestimated the Chinese military strength McArthur he beat the North Koreans right they had he decimated their military but once we decimated the North Korean military we had these volunteers or Chinese crossing the Yalu River the amak River about a million all together I had volunteers million

Chinese MacArthur relied on his Intelligence Surveillance reconnaissance at that time right in 1950s he was relying on what film right aircraft that could see the ballas battlefield what's problem what's problem with film technology nothing shows up at night whether or not the Chinese military figured it out or not they only operate it they operate exclusively at night their major movements MacArthur's j2 I'm a g2 we call that the intelligence officer for our Army's our army folks will know that right s2 sgts the our Air Force is an a to Navy as an end to j2 as the joint to MacArthur's j2 his Intel officer told Huck's consistently underestimate the Chinese military strength by a factor of

10 for you every major engagement you cannot win a ground war when you underestimate your enemy by a factor 10 you can win possibly 50% of time if you overestimate them by 3 but underestimated up by 3 but if you underestimate them by 10 you're gonna lose a lot of battles no matter how sophisticated your military is that's what happened Vietnam War I tell you some successes earlier with the the establishment of Top Gun with the Navy's death penalty but really for the Vietnam War we could never stop we have a hard time stopping this thing called the Ho Chi Minh Trail there was hard for us to stop the supply lines that the Vietcong and North

Vietnamese are using right from 1965 1968 we bombed the heck out of what we call the Ho Chi Minh Trail right there were illegal right on the illegal secret campaigns bombing over Laos blocking over Cambodia over in North Vietnam trying to make sure we could interdict these supply lines right if we could only stop the the Russian supplies into the North Vietcong and then what via maze or there may be a peasant army we can obliterate them we couldn't do it yeah we bought what was the problem of the Ho Chi Minh Trail well it was never initially it was never a tied to a road network it was over mountains right it was dismounted

infantry types of supply lines some guy carrying equipment on his back so if a bomb falls on that position what do you do as an infantry guy we call it in the military terminology we called a bypass military is a bypass right you divert Iraq Afghanistan what's an ie D can anyone tell me when I you d stands for improve the heights it's in the name improvised it is not even a true weapon system design for it would do what it was supposed to do right its existing dud weapons initially lauded weapons right gutted munitions brought on da field they put like pressure plate timers on it command detonated the curing eventually they got more sophisticated right they got copper

plates to form then they had cell phone wires connected to it for a detonation but it's improvised okay it's not even a true weapon system so here's the problem cyber warfare here's my here's my assertion nearly all malware initially discovered resides initially in the disruptive space so think about that narrowly every malware discover for the first time originates from that disruptive space hmm we've heard speakers throughout the day here right they've been telling us the attackers always got the advantage over defender they're always one step ahead of us well I'm saying we have a step to have us because we haven't figured this out we haven't figured out that most malware is originating from disrupt space because

here's where our defences relied on so when we thought about military defense for our networks we think breakthrough sure there's also evolutionary sustaining we leave out revolutionary a lot of time is revolutionary defense is not talked about and here's the problem on the offensive side told you as a military intelligence officer once again I see a gap I see a gap between breakthrough offensive cyber innovations true thing is it doesn't need exist right everyone talked throughout the past two days here at besides Washington DC we've been talking about hey your back doors you can find the back doors that's this whole notion of disruptive revolutionary innovation you're gonna find the back door it's give enough time

well you fail sure you fail you keep trying right all you need thirty percent success rate twenty percent ten percent rate as long as you get through okay the problem is it takes too much time for breakthrough right long rd times long manufacture times lots of expense same probability success though with disruptive same probably assessed with revolutionary so guess what if we will follow this small of course we're gonna be a step behind I'm surprised we haven't lost yet with this with this mentality this is a pretty amazing sure there's a little bit of triangle in each right I counts text net I count Stuxnet as part of that breakthrough type of minimization I can't confirm or deny who

unleashed it alright but consider Stuxnet a breakthrough type of innovation sure advanced persistent nation threats yeah they are doing some breakthrough types of offensive innovation sure the NSA is doing a lot of that stuff right here's my concern my real concern is what happens with my advanced persistent threats they're not they're not satisfied with this this stuff shading red they're gonna go breakthrough when they go breakthrough we are no world of hurt because not only we have we lost the revolutionary space right we're not doing breakthrough very far right this whole notion of AI automated immune systems DARP was doing a lot of it it's good work it's a good question comment

but what you're saying about is yeah might be illegal yeah yeah yeah yeah yeah yeah I hear what you're saying I'm I'm tend to be an agree with you but I'm gonna I'm gonna I'm gonna actually restate in a way that's a little more positive because for me when I heard that right it used to be if you're a hacker if you're a hacker back in maybe even five years ago three to five years ago could you legally report to a company that you found a flaw you're probably arrested right you couldn't do that about five years ago they started hey we have all these hackers they're not blackhat hackers right we call them grey hat white hat hackers they want to

help us out isn't that leveraging these not being like a MacGyver isn't that leveraging existing talent existing folks who are patriots who want to improve cybersecurity but they have no mechanism to report that changed about five years ago right now we're allowing bug bounty programs even the Pentagon last year start for the first time under our secretary Carter ash Carter he started packed the Pentagon we're saying hey there's a bunch of resource out there revolutionary disruptive hackers hey calling all hackers hacked us tell us what war weekend you're gonna find our weaknesses I'm not gonna pay a consulting company to Red Tent red team anymore I've got you guys out here you hack me you tell me I'm gonna give

you a reward yeah sure the reward sometimes is hey I got a t-shirt that says I hacked the Pentagon that's good that's good right some of the some of the some of get they're giving monetary rewards now but the reality is as a hacker sometimes the t-shirts all you want that's Mike on these conferences right kind of con you all these t-shirts you can get a beast size of our CDC car okay but again think of it's not necessarily going into their space I'm thinking things like cyber hygiene right I mean hard talks about that cyber hygiene is a disruptive revolutionary innovation if you do it right this how this bug bounty program I'm thinking cyber education for

me cyber education is huge the more I learn about we are doing cyber education long this is terrible we are in this green right the green space for cyber education we've got to be in the red space how do we get more disruptive to get our young folks I'm actually not I thinking young folks I'm thinking not the folks in this room but the adults the young folks get it the young folks they understand it cuz they're living cybersecurity so they get it I'm worried about the adults right they were thrust into the cyber space right we have computer Internet of Things devices are all connected internet of everything right I call it insecurity of everything

but but the reality is how do we get our old folks all right to do better cyber hygiene cyber security practices the young folks I think is we're gonna get that that's not a problem it's the old folks are using folks but great comment thank you now my last slide here's where I start giving words yeah here's a again so this is probably my most important slide right I told my cast right if you actually do pictures instead of words I think that more MORE I think that's more storytelling if you want to do revolutionary change you have to first recognize that revolutions most of them fail I don't believe Hollywood or most revolutions fail and that had best right I'm saying

10 to 30 percent it's probably in the in the low teens or even single digits true revolution right because the risk of dying is bad for revolution right because if I were the British if I was the British and I was if I was advising whoever the King was at the time who was the King during the Revolutionary War King George if I was advising King George I would have told him hey you know the revolutionaries they're a fractured bunch right they're not oh they're not all gonna risk their lives yeah I should the guys who signed the Declaration those are the guys you want to kill right all those guys who signed back let's kill those guys everyone else

hey get them on your side all right we do that all the time we should be doing that all time when we're talking about revolutions okay don't kill your way out of it kill the guys here the two leaders and then sway the other folks that's all you need to do leading companies right in green make it tough if lead companies are smart they're not gonna let a disruptive revolutionary force right don't let the rebels gain a foothold use your Death Star blow up the whole plan if you can keep that best star up there that's the key thing now here's what I recommend if you want to start revolutionary ideas and innovation I preferred that last point be an early

adopter of promising experimentation a lot of these recommendations come from a book called competing on the edge of chaos by Kathleen Eisenhart and Shonda Brown Kathleen eyes and hearts a Stanford University professor and Shauna brown a Harvard Business professor and they came up with a lot of these types of thoughts if you want to be encouraged these revolutionary ideas the best one they recommend is being early adopter promised experimentation right yeah you can you can do your own disruption you can form alliances you can actually outsource it and then buy it off right you can do lots of things they said this notion of experimentation is critical and finally if you're doing experimentation kids learn this right I

gave a talk to the side of stem conference to their fifth graders to high school students they know it right in chemistry class in your biology class you're doing experimentation kids know this yeah I think as adults we've sort of forgotten experimentation I try to teach to my cadets right go back to experimentation you're doing experiments for a reason make sure they're small scale all right we tend not to learn very well from large experiments that fail they're too scarring right PTSD don't small experiments are good small cheap and fast and this whole notion of thinking inside this box for innovation right it is 3d now all right let's not just square and so it's cool to be square but

I'm talking about inside a box of that third dimension I'm hoping that it creates right by understanding the distinction within this box of innovation I'm hoping it encourages creativity and outside the box thinking and so with that I just want to conclude with this this notion of not experimenting when we are not doing experiments especially for revolutionary or disruptive types of events right this is what happens right we lose this space if we don't experiment in this space especially the cheap ones we lose this notion of what EDD SCOTUS was talking about in his keynote this notion of playing right this notion of getting our minds ready to work on small things so we can get the big things right

cybersecurity is a big problem get the small things right so I am in favor of not just as non zero defects mentality for our military you might have heard that from colon Powell by a decade ago he was talking about it's good that we have a nonzero defects mentality now I'm saying that's not enough I'm saying that's not sufficient for cyber warfare I want a military I want a military that's experimenting especially with what's relative ailable with the cheap fast experiments on disruptive and revolutionary types events right be a MacGyver be a Jason Bourne be a Tom Cruise in a Top Gun type of scenario that's what I'm encouraging and with that I'd like to thank the fun time and

the rest of the B sides team all the folks with the the red badges in the back all the folks with the orange badges and even the sponsors around all the folks in the green badges I want to thank them and give me the opportunity to speak if there any questions I'm gonna be here for another hour at least but feel free to email me if you like the slides I have a couple papers on this as well trying to get that notion of one of our mission statements to promote the body of knowledge so if you're interested in this I do have a paper that's been published I can send out your way it's it's a little more the

paper the ideas in the paper are let's put it this way are a little more refined right when you have to write things down head of a little more precise a little more fine-tuned with my language for briefings I can sort of play off with my audience to try to make sure that the encouraged the disruptive notion already that's already inherent within the hacker community in the cyber community the I'm only concerned with the the breakthrough space if you're a Microsoft right you're Google right one of the big companies if you're a big company yeah I'm gonna encourage you to think revolutionary disruptive by buying out right I'm good you guys buy out some of the smaller companies about a thing

and revolutionary ideas but a lot of cybersecurity even like the companies outside even a lot of companies I've met outside they're doing a lot of revolutionary innovation okay because that to me is encouraging that's that's why I wanna encourage from a military thinking more like the environment here in the B sides with that I'll open up to any questions and any thoughts and I thank you for attending [Applause]