Mike Brown, director of the Defense Innovation Unit, speaks on a new era of innovation in technology and national security as part of the Aspen Security Forum in Aspen, Colo., July 19, 2019.
Transcript
Good morning, my name is Alan Estevez. I’m with the Lloyd’s Defense Security and Justice Sector. In a previous life, I was the Principal Deputy Undersecretary of Defense for Acquisition, Technology and Logistics, where I had the great pleasure of overseeing DARPA and the lab infrastructure of the Department of Defense. The reality is, that while the Department of Defense has a great R and D infrastructure, the Department of Defense relies on partnership and access to technology produced by the commercial sector. In order to sustain its overmatch and in order to deter and defeat potential adversaries, the Department of Defense has to have that access. In addition, it’s not just gonna be the kinetic weapons that we’re used to in the previous wars of missiles, ships, tanks, airplanes. It’s gonna be ones and zeros that win wars. So I think this is a very important panel for us to listen to. I’m pleased to introduce Kara Swisher, co-founder and editor-at-large of Recode. She’s been called Silicon Valley’s premier journalist. Kara’s also producer and host of the Recode, Decode, and Pivot podcast, co-executive producer of the Code Conference Series. She has written in The Wall Street Journal and the Washington Post and is the author of several tech related books. So over to you Kara.
Thank you.
For this great panel.
Thank you very much. So I wanna get started. We’re gonna talk about a wide range of things, because I think one of the things that’s important is to consider the role of technology. It’s been brought up in a lot of panels along the edges. Coming from Silicon Valley, it’s pretty clear that most of the technologies being used are gonna be critical in the years ahead, and have already been to start with. Even just this week with national freakout over the FaceApp which apparently Vladimir Putin is trying to steal American faces. (audience laughs) I don’t know why, but he is and it’s very dangerous. It is actually about the bigger issues of the ongoing global cyber war in lots of ways. So we’re gonna talk about a range of issues. We’re gonna have each of them introduce themselves. And you know we have to talk about the players, what the U.S. needs to do, what it’s not doing, the talent necessary for what’s coming, and what the big technologies are gonna be that everybody needs to pay attention to. Yesterday the Admiral talked about the idea that this investment needs to be ongoing, very critically knowing that China would probably surpass us militarily, especially in the technology sector by the mid-century, I think that’s what he said. They certainly are already doing that commercially in a lot of areas, including AI, automation, robotics, and some critical areas. So we’re gonna talk about talent and where it’s going. Why don’t you, each of you introduce yourself to explain this very diverse panel of white men in blazers here, (audience and panel laughs) which makes me feel comfortable that I’m in Silicon Valley, except it would be t-shirts. Anyway, please start.
Okay, Michael Brown. Today I’m the Director the Defense Innovation Unit, which is headquartered in Silicon Valley, but with offices in Boston, Austin, and in D.C. And I’ve spent almost my entire career in the private sector, CEO of Symantec, and before that CEO of Quantum.
And Tucker Bailey. I’m a partner with Mackenzie and Company in our Washington D.C. office. I help lead our cybersecurity practice in North America and I also serve the Department of Defense and the Intelligence Community.
I’m Edward Screven. I’m Oracle’s Chief Corporate Architect. I provide direction across all the engineering and technical work that we do. Oracle Labs reports to me. I have various parts of engineering organizations working for me, and I’m in charge of security to Oracle, both our internal security and our product security assurance.
All right, why don’t we start with Edward. Oracle does an enormous amount of business with the government and provides systems and things like that to the government. Why don’t you talk first about what you think, right now, the biggest challenges, from your perspective, the U.S. government faces on the global scene.
Well I mean, I think… Yes, I think, sorry, I have a quite voice, I apologize. So I think the problems that the U.S. government faces actually are very similar to what our large commercial customers have traditionally faced, right? Which is when they thought about solving information problems and they thought about applying computer technology to particular problem domain, they haven’t really approached in a coherent, cohesive way. And so what they’ve done is they’ve built lots of different stovepipe systems with lots of different technologies that don’t integrate well. And in fact they spend a lotta money, far more money trying to integrate these systems and run the systems than they do actually acquiring them. And that’s the exactly the circumstances that our large commercial customers found themselves in a few years ago and are now improving. The security angle of that, is of course I built a lot of heterogeneous systems with lots of different interfaces with lots of different technologies and I have a huge numbers of human beings trying to keep it all running, it’s nearly impossible to make it secure. I mean you just cannot take a traditional IT infrastructure and have a high degree of assurance that it is secure. I mean we build a lotta security technology for products that we deliver to our customers, right? But after we hand it over to our customers what happens? Well lots a human being try to make it work with lots of other different components from lots of different vendors. There’s a much better way. The much better way is cloud computing. So when we built our cloud, where we run enterprise workloads, both for government and for private enterprises, we’re very, very focused on making sure that we have fundamentally secure infrastructure that our customers can consume and therefore become fundamentally secure themselves.
So what he’s talking about is, everyone knows what cloud, your email’s in the could and everything else, but the idea is that a lot of these systems are moving to cloud systems. The government has been much slower to do this for security reasons and largely because it’s largely incompetent when it comes to technology compared to most organizations and that they do on-premises work that is done by all these integrators, all around the Beltway, which used to be called the Beltway Bandits when I covered them for the Washington Post. Tucker why don’t you.
Yeah, so I agree with Edward’s point on the security architectures. One of the most acute challenges that we’re seeing is actually around talent. If you think about digital talent and the talent that’s required to compete and succeed in this space, the DoD is now competing with Silicon Valley. And when you look at the population of the skills that are required, I’ve seen estimates that the number of the 10xers, which folks from Silicon Valley are familiar with that. Those coders and technologists that are 10x more productive than the mean. The average of the those are in the low thousands. And then when you further winnow that down to the number that can get a security clearance that are willing to take a government paycheck, that are willing to go through the turnstiles and not have access to a lotta tools that they typically have, you get to a very small population. So how do you compete for that talent? It’s very challenging. Then there’s the point of, how do you actually… If you’re competing for that talent, and that’s a challenge, how do you also grow talent. And this is were the Department of Defense in the uniform side is starting to make great progress, especially on cybersecurity and some of these other domains. They’re creating career fields for these folks. But then you run into retention issues. Because right when you get to the point where they’re competent and talented, they’re now in extremely high demand and are being recruited away by the private sector, often at three or four times what they’re getting paid as a military person.
[Kara] Right.
And so then the military and the IC says, well we can compete on mission, right? We’re gonna appeal to their sense of mission, and they’re gonna have a platform to do that here. But if you look at cybersecurity professionals, if they’re defending the national grid or core banking infrastructure, that’s also mission related work, that’s national security, so that mission proposition starts to breakdown a little bit as well. So significant challenges there and happy to talk about more—
And you, yourself who worked for the government and then now is in the private sector.
That’s correct, but now giving back.
Okay, whatever you say. So in that area of talent, I mean you can underscore how much these technology companies need the talent, the main ones being Oracle, Microsoft, Amazon, Google, Facebook and others that have all these challenges that the government faces and can pay enormous amounts of money as their stock price is increasing and things like that. Can you just for a second, also talk about the idea of training and the problems of our education system, compared to a China, an India, and even France these days, which is putting enormous amounts of money into the training of more and more people to be able to do these jobs.
That’s a great point. It’s another challenge. And we looked at secondary and post-secondary education particularly for digital talent. And one of the things that we found is a lot of universities are building digital programs, AI programs, cyber programs, but under a traditional bachelors or masters degree model. And what employers and what the DoD, and the IC is saying, I don’t care if they have a bachelors degree or a masters degree, I care that they have these competencies. And they can be a philosophy major or they can have a GED, I don’t care, produce that kinda talent. And what they’re saying is, there’s a bit outspread between the kind of talent that they need and what the academic system is producing. And then if you look in the Washington D.C. area where a lot of this talent demand is for the U.S. government, the D.C. metro region produces three x more digital talent then any other metropolitan standard area. The problem is, is that’s only a third of the demand for that talent in the D.C. region, and most of that talent is getting recruited out of D.C. And going to places like Silicon Valley, going to Austin, where there’s a slightly vibrant, innovation community. There are start ups so they can go from, I’m gonna go to a startup, I’m gonna go work at a large company, I might go to academia for a little bit, and bounce around all in the same area. And D.C. is challenged in that way. But there are some really interesting programs where local employers, including the U.S. government and the IC is actually partnering with local universities to create certification programs to say, hey if you produce graduates with these skills, I don’t care what their degree, I will guarantee that I will interview a certain number and I will hire anyone that meets our hiring criteria. So there’s some good innovation happening there. And it’s also hindered by what is largely a homogenous group of people going into the sector.
That’s right.
Which is to say young white men, essentially versus all kinds of other populations that seem to be opting out of that. And even the main tech companies suffer from this, with persistent data that they put out every year that shows the same stubborn patterns of workplace make up, essentially. All right.
Well I could just talk around the talent point. I think that’s one of the reasons why Ash Carter set up the Defense Innovation Unit, because this is a way—
Can you explain that?
Sure, the Defense Innovation Unit, which he set up in 2015, was recognizing that a lot more innovation is happening, especially in certain sectors, what we call use dual-use, means commercial use plus military use. AI being an example, cyber, commercial space, which we’re gonna hear a little bit about later, autonomy. These areas where there’s a tremendous amount of investment relative to what the military is spending, and I include in that the defense industrial base, your traditional players. So in fact, in 1960 one-third of global R and D was tied to the U.S. military. That number today’s 3.7%. So it just show how much is happening outside. And if we want leading technology, if we want the military to have access to that, we’ve got to reach out and bring that technology into the military. So again, as it relates to talent, one way to have the folks who are out in those innovation hubs contribute, since it’s so difficult to hire if you’re the government, is to take advantage of what they’re doing in the private sector and bring that work in, which is something Defensive Innovation Unit does. We also have a program, Hacking for Defense. I don’t know how many of you heard of it. Real problems that the military has taken to the universities. So let’s get professors, veterans, and folks who’ve never been exposed to national security problems, all in the same room trying to solve these things. And hopefully some of those folks will be interested in the work that the national security community does.
So the challenge that you find, the most important one that you’re facing, is it’s not so much that there isn’t innovation happening, is it’s not happening, directed by the government. And the government’s best, probably best technological feat besides the moon landing, which of course we’re celebrating now, would be the internet, which it created. But talk about what you think the most challenging part of that is.
Well the most challenging part is, how do we take advantage of all that technology that makes our economy run so well and have an easier way for the Defense Department to be a customer? So now we have the challenge as the Defense Department to say how can we look like we’re an easy customer to do business with. So you can imagine that’s an aspirational goal that we have. We have authorities and process to allow us to go faster and what we’re trying to do is work at commercial speed, on commercial terms, not start with a big requirements document but just a problem statement that comes from somewhere in the military, I need this.
[Kara] Give me an example.
So a good example would be, how can we save maintenance costs on aircraft? Think of all the aircraft the military has. And so we went to one of the vendors of commercial airlines, in fact the vendor that supplies Southwest and Delta Airlines, and said how about thinking about working with the military. This is already a successful commercial company that really had no interest at the time we went to ’em working with the military, but the ideal kind of vendor for us to be working with, because they’ve got a successful commercial business to build on. Other people’s money, investors, had invested in that platform and that company will continue to innovate on that platform. This is the ideal kind of vendor for the Defense Department where we’re not, as the taxpayers, funding all of that development, and then the maintenance of that, which as you probably know is a big part of the military budget. And the Air Force, 60 to 70% of the cost is maintaining the fleet. So in this case we said, how about prototyping with one of the aircraft in the U.S. Air Force, a small volume aircraft the E3. We showed we could save 28 to 32% of unscheduled maintenance costs using AI and a platform and ingesting data. In this case, it was just simple logs, handwritten data. And now we’re pioneering that across different aircraft, not only in the Air Force, but also Navy and Marines. So this is the kind of idea that we wanna work on, that has transformative capability across the military, so not just working on one niche kinda problem, and create big benefits in terms of cost and readiness.
And it’s already being done, and innovated elsewhere and paid for by others.
Right, that’s right.
Paid for by the private sector. Edward talk about the technologies that you think are critical for government officials, not just the Defense Department, ’cause security is now everywhere, including election, including all kinds of things, and obviously Microsoft is showing off this election protection kinda stuff. Talk a little bit about what you think the key technologies that maybe we aren’t paying as much attention to that are critical for the government to be part of.
Well I mean I’ll tell what we focus on, what we think is most important for our customers, whether or government or otherwise. One thing that’s unique about Oracle is that we have a really wide range of technology, from the very bottom like CPUs and storage all the way up to very sophisticated applications. And so because of that it let’s us focus on defensive depth when we engineer products together. So instead of having to think about how are we are gonna build a secure solution that involves multiple vendor products, I mean we can create the complete secure stack. And that fundamentally rests though on that secure infrastructure level. So when we built our cloud, one of the things that we did, is we realized that we just can’t predict all the kinds of vulnerabilities that are gonna pop up in the world. And you saw this with Intel processors over the last few years. I mean flaws that no one could possibly imagined existing in these little processors that would allow data to leak from one customer to another if they happen to be running software on the same computer. So fortunately for us when we built our cloud, the way we did it, is we actually took all the security processing for the infrastructure level and we pulled it out, pulled it out of the computer that’s running the customer’s code. So when you use our cloud, there’s actually two computers involved. There’s a security processor computer and there’s the application computer. And so because of that, no matter what code, your code, a bad actor’s code, happens to be running in that application computer, it cannot breakout of the enclave that exists for that one particular customer. Okay, and that’s just kind of example of when you move to cloud, just having a different way of thinking about the problem. That’s not a kind of solution that any customer could have built for themselves. It’s not even a solution we could have built ourselves to deliver to a customer, but it is something that we were able to build in our cloud. You know going along with that, of course, I think is we’ve done a lotta work in terms of artificial intelligence and machine learning to observe patterns of behavior that we see within our networks, in order to help us detect incidents that we should investigate. So at the very lowest levels of our infrastructure we’re scanning all the packets that are flowing through our network looking for patterns that indicate, not necessarily match some bad behavior, ’cause that’s not enough, because new kinds of bad behavior pop up all the time. What matters is looking for patterns of behavior that are different. Okay, so when we see some variance from what we expect, well that’s something we should look at. That’s something we should investigate. Sometimes it’s perfectly, in fact most of the time, almost all the time, it’s perfectly fine. It’s just some different kind of application. Sometimes it’s something which actually shows some customer’s actually been breached through the software they’ve connected to the internet.
Or just watching what comes over, I mean you see this in the commercial space, with Facebook trying to identify…
Yes.
All bad actors, essentially, what’s happening across—
Yeah, which you know, so I think that’s… That’s why, I’m actually—
[Kara] They’re doin’ such a good job.
I’m actually a cybersecurity optimist. It’s very easy to think, hey, the world is ending.
You’re the one.
Yes. The world is ending because there are state actors out there, and there are, right, who are very aggressive, very talented, and incredibly well funded. And there interests are not commercial, and so therefore they don’t take advantage of the flaws they find right away. So they could be there for years, just waiting. But the reason why I’m an optimist is that in fact, the kinds of things that we’re building at Oracle in our cloud, and just cloud computing in general, it’s actually changing the asymmetry that used to exist. I mean in the old days, two years ago, three years ago…
Two weeks ago now.
What you had is vast numbers of IT installations around the world, managed by large numbers people, who have to do everything right everyday, not to be vulnerable, so of course they’re vulnerable. And then you have a cadre of attackers out there looking all the time, looking for vulnerabilities all the time. And it’s just madness. You have one attacker, thousands of potential targets. All of those thousands of potential targets have to invest large amounts of money to try to be secure. That’s just grossly inefficient. They could never spend enough money in aggregate to be secure in aggregate. But if you concentrate, if you use Oracle cloud, or the technologies like that, okay well now there’s many fewer places that we have to defend and we can afford to spend a lot of money securing that infrastructure because it’s used by thousands and thousands of customers.
Well the vulnerability is that there’s one now place, so that if it does get attack that’s—
Well I think, yeah, I’ve heard that, that sort of argument before. I don’t really buy it, right, and the reason why is that if you look at a cloud infrastructure, you can’t possibly build it and run it, unless it’s homogenous. You couldn’t afford to do it. And because our cloud infrastructure is homogenous, we can watch it very, very closely, and we can apply technologies to it that we could never dream of applying in a more traditional, kind of, IT set up.
So one of the parts that gives advantages though to those who are, however, malevolent, or stage attacks on the internet is the idea that they’re work is within the military, like in the Chinese military, that’s a path for upward mobility in China. Same thing with Russia. It’s very closely tied to the government in the ways that it isn’t here. Talk about what we need to do to combat that. Because I think our only thing is to have competitiveness, right? Talk about what we need to do to improve that, ’cause we’re not gonna have a cadre of people in the military that are gonna stay there. We’re just not.
Right.
It’s just not gonna happen that way.
No it’s a great point. And so there’s a couple of approaches. One is fundamentally rethinking the talent model. So instead of a 20-year civil service or a military system where you do your 20, you get a retirement, everything’s great, that’s just not the way the workforce is working today. And Silicon Valley and other places have adapted to that. The U.S. government has not by enlarge, because we have these traditional career paths. So a couple things that I’ve seen the government doing to be successful there, is for certain skill fields, and cyber is one of those, they finally rethought a couple of the models. So there’s one model where we’re gonna bring in young cyber warriors, and the value proposition is, we’re gonna train them, they’re gonna have a three to four year commitment, and then the expectation is that they’re actually gonna go out into industry into private sector.
So they can learn the new stuff. ‘Cause what happens is people that are in government don’t know the latest, or haven’t been working.
That’s the hard thing.
So the cyber warriors that come in, they have really cool pocket protectors. No, I’ve never heard of cyber warriors but okay. So they would come in for a short time. Which a lotta people, they’ve been trying to do this, with some mixed results.
Correct and so the next horizon is how do we think about an in-out-in model, where maybe we train them, maybe they go out to private industry, sharpen their skills out there, get exposed to that, and then do we have the mechanisms to bring them back in.
Right.
And right now, that almost takes an act of Congress to bring somebody back in, find a job description, go through the clearance process. But how do you reduce some of that friction, so that folks can job hop to some degree, which is something that you see quite a bit for this talent?
You know so what would be a good example of that, ’cause say they’re in a military service or they’re in a government service and then they go out to Silicon Valley, which I would call assisted living for Millennials, because they get everything they want, dry cleaning, free kombucha stands.
That’s right.
A massage, but not the Jeffrey Epstein kind and then others. (audience and panelists laugh) I mean come on, all right, anyway they just get a lot. They get a lot of perks, including money and everything else. It’s a very comfortable place. How do you then create that, besides appealing to patriotism?
Right.
Which I think is what they have been doing.
Right, so there’s a couple ways. One is, can we actually start with a longer-term arrangement, either with the individual or with those companies. So for example, take a Google, right? You’ll come to DoD, you’re gonna serve for four or five years and then we’re gonna guarantee a certain spot, a certain level with the company, with the expectation that someday you’ll back. Maybe it’s a requirement, maybe it’s not, ’cause you wanna create that dynamic marketplace and you wanna keep your own value proposition sharp. But also as you think about, what are the skills that we need to build, which may not be in our Cyber 101, for example, training pipeline. So let’s say you come to the military for four years, you’re an offensive cyber operator. You then go out to a utilities company, and you’re working on the defensive side. You’re now learning SCADA systems, industrial control, you’ll learn vulnerabilities there and then you can bring that back into the government as they think about holistic kind of national defense for cyber. And then also on the offensive side, because they’ve been now exposed to specific capabilities which are in demand.
And these companies are fighting nation states, I mean you really are. I mean which is one of the problems is that they aren’t getting as much, they’re doing the work the government used to do.
And Kara this is a huge challenge. Because if you’re a big bank, you’re seeing losses everyday from cyber. The fraudsters are very sophisticated, using the cyber domain to commit fraud, steal money, et cetera. So the business case is there for them to make the investment, because they’re encountering day to day losses. If you look at utilities players, big infrastructure providers, they aren’t seeing the day to day losses, because their adversaries aren’t the fraudsters, they’re the nation states who have that persistent presence, can come in and sit and wait. But because they don’t have the day to day losses, often times the business case breaks down when it gets to the CFO, and then there’s a bit of a perverse incentive, which is, if we have a bad day, it’s a national security issue, and the U.S. government will come in and help us. And I think the reality is, is the government just not equipped and resourced to do that at that scale.
Which you kinda saw at Facebook. They kinda got into that book and it got too late before they understood what was happening there, or maybe they did. We’ll see.
And that’s a fairly minor example right.
If you think, we’ve been talking about great power conflict, if you actually think about great power conflict and activities in the cyber domain, we’ll be at scale commensurate with happening in the kinetic realm. Right, can we scale rapidly enough, not just to defend DoD networks, but critical national infrastructure.
Including electrical grid.
Absolutely.
And things like that. And do you think about that, the other things. ‘Cause defense is now more than, you know in this recent back and forth with China for example, and Russia, we’re disrupting their networks, they’re disrupting ours. Is that part of the purview now of these workers, that work for you and the idea of what we need to defend from? Well it’s always been the idea that you can send an electromagnetic whatever.
Well in the Defense Innovation Unit we’re focused more on what urgent war fighter needs can we solve with commercial solutions, so we’re not working at the national level and the competition. But of course we do spend time thinking about that. And I would just offer that what China is doing, and in my mind, it’s the most strategic threat of our generation. We could talk about declining powers and other dangerous places in the world like Iran, but if you look over the long-term, the next few decades, China is the relationship that we have to understand and get right. And we’re, in my mind, not doing the amount we should do to prepare for that. So none of us alive have ever lived through a time when there’s another economy that’s bigger than ours. And I happen to have the view that national security follows economy security and prosperity. And technology is the new battleground that allows economic prosperity. So what do we need to do to prepare for that. So it’s things like STEM education, federal funding of R and D, which in my mind produced a lot of the success we’re seeing in the economy today. It’s where Silicon Valley started was government investment during the space race. So we need to think about what do we need to do to prepare for that, to make sure that we’re making the investment, fundamentally in science and technology, supporting technology and innovation in the economy to make sure that we’re as prosperous and competitive and as possible, in a world where we won’t be the largest economy, according to most forecasters today.
All right, we’ll use some questions in a minute, but I wanna finish up something. I was at an event last night with David Sanger, from the New York Times, and they were talking about the concept of sovereign clouds that there might, that the internet, which is this open chaotic crazy zone, which has been great for everybody. Created all these billionaires, created all this wealth, innovation, everyone’s got a cell phone, everything else, you can do apps, whatever you wanna do, that may have to go back to that concept. I don’t know if the idea of sovereign clouds, I think Steve David was using the idea of a Berlin Wall now we to build. Or that we have two internet. One authoritarian internet, which is led by China which is spreading out all over the globe, and the Western internet, which has the one that’s been dominated. I’d love to get the thought, if that’s the idea. And not just sovereign internets for countries or areas, but even companies. There’s the Amazon sovereign cloud. There’s the Google sovereign cloud. Or the Oracle. How do you look at that?
Well I think, first of all, I mean there already is a sovereign cloud in China. It exists right? But I don’t think that what we should do in the West is say okay, there’s gonna be a West cloud, that we’re gonna hive ourselves off from these other parties like Russia and China, whatever, because we think there’s a security threat. Because it wouldn’t work, right? (multiple people speaking) It’s just like, okay, you can’t have billions of computers in the West connected to the internet, right, and somehow expect that you’re gonna be able to make sure that state actors outside the West can’t get in. Of course they would get in. They would be in from day one. It just doesn’t make any technical sense. I also don’t think it makes any economic sense. I mean 100% agree, economic growth is the key to security. So what is the biggest engine of economic growth in the West? It’s definitely the internet.
[Kara] Technology.
And so trying to say, okay what we’re gonna do is we’re gonna shackle the internet so that we’re gonna make it more secure. We could actually just turn it off. It would be 100% secure if we just turned it off.
You know what, that would be great for a day.
It’s just a bad idea. I think what we really need to do is invest in technologies that let an open internet be secure.
Yeah and be able to shut Twitter. But go ahead, go ahead, sorry.
I just wanna add how much I agree with what Edward said. It’s one thing for China to have walled themself off with a great wall. Great, we need to make sure we collaborate even more closely with the rest of the world to be our allies, to make sure that we’re all collaborating with open intellectual property backed by law, talent flow, capital flow. That’s the way we’re gonna be stronger and have an impact on China’s behavior. We put $80 trillion of GDP to work against the $12 million that they’ve walled off.
And then finally, before we get to questions, what’s the one thing you think needs to be done over the next five years that’s critical, in each of your areas, whatever the area. Why don’t we start with you Tucker and then…
Yeah, so my perspective is actually harnessing some of the technology that’s already out, be it robotic process automation, machine learning, AI. I think the DoD is making very good early strides there, but the concept that you can sprinkle AI on existing processes is really tough and it requires a lot of unsexy work like going through and thinking about the data rights in every contract that you write so you get the training data and that kinda stuff and then creating the infrastructure to where you can actually build those capabilities, put them into production in ways that actually scale and are sustainable.
Yeah, I mean would you agree, I think right now, I don’t know if people realize that technologies coming are so much bigger than everything else that’s come before.
That’s right and we’ve done research that suggests up to 40% of traditional vocations are gonna be fundamentally disrupted by this technology. Some will be replaced outright. Some you’re gonna have to come to a human, machine interface where the humans are doing the high cognitive function, the machines are doing the repetition, but it’s gonna require a massive re-skilling of talent. (Kara and Tucker speaking at the same time)
[Kara] I always say, everything that can be digitized will be digitized.
Absolutely.
[Kara] Everything, everything. But go ahead.
I think you know, I think it’s really for governments and commercial enterprises it’s execute the plan to move down this road of cloud computing efficiently and effectively. Because I think fundamentally that is, that’s how we get more secure. That’s how we flip the asymmetry that currently exists between attackers and defenders.
And for the Defense Innovation Unit, building on cloud, there’s many other commercial technology, so I’d like to see them in very widespread use within the military, rather than always relying on something that we designed ourselves. And then broader for the society, we’ve got to commit to a fundamental investment, a generational investment in science and technology for our own economic superiority and competitiveness for the future.
And where are we on that?
We’re declining.
Yeah. I wanted you to say that.
We basically have seen a decline in federal funding as a percentage of R and D. It was 2% of GDP in the 1960s and now it’s at 0.7 and declining. And I think as we said before, we’re still living off a lotta that prosperity: the internet, GPS, miniaturized electronics, on and one. We need to make that investment for the next 50 years. That’s what China’s doing today.
Yeah, and also, if people don’t realize it, not just in the government sector, but the private sector I think it’s the lowest start up rate in 35 years right now.
Is that right?
Yeah of small businesses. And at the same time, not just that, with these large companies, there’s not as much innovation of generalized start up. So the last time we had a search engine was never, since Google. And the last time we had a social network, for example, this is just commercial space, was 2011 which was Snapchat. And from what I can tell, they’re chief product officers of Facebook at this point. So it’s a really problematic situation to not keep innovation going. And the only way for innovation to keep going is through competition. And that’s how we do beat these authoritarian regimes by being competitive and having small start ups bubble up, upwards to create all kinds of cool things that are coming. I’m sorry, one more quick question. What would be the coolest thing that you think that they could technologically invent? We just showed a jet pack off at Code for example, which was really disturbing. But what would you, what do you think, the hovercraft that Larry Page is making or what?
I don’t know how cool those things are. (laughs) I certainly don’t want it flying over my house, that’s for sure. (audience laughs) I think there’s a lotta room to go in terms of applying machine learning to all kinds of interesting problems. There’s the kinds of problems we see in front of us everyday like image recognition, you know those kinda things, okay. But like what we’re doing at Oracle, is we apply machine learning to business problems. And I think using machine learning to make accurate data driven decisions, it’s kinda under the surface. I don’t think a lotta people think about that, but it has the potential to have a really fundamental impact.
Patterns and things like that? Act as skeletons.
You’d have to say in terms of broad applicability, military plus the commercial, AI, and the combination of 5G together.
No one, none of you mentioned Elon Musk’s neural net link that wanted to put in people’s head. I did an interview with him where he said that AI is not gonna kill us, but they’re gonna treat us like house cats and that we need to put a chip in our head, he said this several years, so that we can keep up, or it’s gonna just run us over, the way you would run over a group ants when you’re building a highway, which is such a nice view of the world. Anyway, questions from the audience. Let’s start right here. You sir, yes. Okay, waiting for the mic, sorry. Sounds like you have a deep voice though.
Thank you for that. Everyday we see, read about, and impacted by lack of better word, break-ins. They steal our social security number. Every credit card company has been challenged. You get all kinds of emails about how we’re gonna protect you for the next year because all our information went out. It’s really gettin’ old and I have a sense it’s not gonna get any better. But I’m hopeful that you guys can tell us we’re on the right trajectory and we’re gonna stop all this stuff so I don’t have to get IRS codes to put on my tax return and change all my credit cards three times a month. Where the hell are we going with this?
I’ll say, I’ll start, love to get others opinions. I think the good news is, that’s actually getting better for your own personal security and privacy. In some ways in it’s the new normal and it’s something that we’ve just adjusted to and are adjusting to. But also it’s about detection response. How can quickly can we detect that before they’ve actually kind of used your social or something like that. But the biggest change that I see coming that’s happening now is the move away from username and password, which is incredibly insecure. Right, it’s not that hard to get somebody’s password. But as you go to biometric identification, token based systems, it makes it that much harder for someone to get access to your information.
Yeah, that’s so comforting. They’re gonna have your eyeball in other words. (audience laughs) I say now, I think it’s gonna get worse. And by the way, it’s not necessarily hacking. One of the things that I always say to people, is what happened with Facebook, for example, which got a lot of media attention, stuff like that. The Russians were customers of Facebook, they didn’t hack it. They were customers.
I think the dichotomy is, it’s getting worse and better at the same time. So somethings are improving as Tucker just talked about, but then the degree to which technology is expanding, sensors, IG, the attack surface just got a lot bigger. So some things improved, but now there’s a whole…
Unplug the net.
Let me just give you some, so all those kind of attacks that you mentioned, all those kind of breaches, right, we study those, ’cause we wanna understand. Many of them are our customers. We wanna understand what happened. And most of the time, in most of those breaches, the fundamental problem was human error. It was people did not correctly the configure the systems to be secure. And most commonly, people did not apply patches to the software to actually make it secure. I mean software has bugs. Some of those bugs are security related. We, Oracle, and other vendors we produce patches. Our customers often don’t apply them. Sometimes, very often, all customers can’t find all the systems running all the software that needs to be patched. It’s the morass which has created so much consumer exposure to vulnerabilities. And that is why I actually I’m optimistic. Right, it is because we’re moving to a time when there’s much less infrastructure in the hands of these companies that are holding your data. They rely on a much smaller number of parties to deliver the infrastructure and do the patching. That’s just to give you example.
[Kara] I’m gonna have to get to another question, but go ahead.
Okay, just to give you an example here, so when we patch our infrastructure, we patched millions of servers in less than 24 hours. It’s completely automated. Our customers by the way don’t even know we patched, because we developed technology that allows to apply patches without taking the software down. So that why it’s getting better.
Basically we have to get rid of humans. Next, whoops, actually, let me get. Go ahead, right there, right here.
Thank you. I’m just wondering next year being an election year and a census year, how reliable do you think our voting machines are in terms of counting the votes?
That’s next. He’s gonna talk about that, Tom there.
Next, all right.
Yeah, yeah, not very. So just over all. It’s a disaster.
Hence my question, particularly vis-a-vis what the rest of the world does. I know it’s a state by state issue, but I’m curious to your views.
Yeah, your votes probably not counted. But go ahead. (audience laughs) Over here, over here. Over here and then…
You’re a real wet blanket.
I am, I’m sorry. That’s my famous role in Silicon Valley. It keeps them honest.
Yeah, I’m Guy Swan from the Association of the U.S. Army and member of the Homeland Security Experts Group. For, Mr. Brown, question for you. With so much outreach now from the Defense Department to industry, how do we deal with things like the recent Google employee backlash on some Defense Department programs? That’s my first question. Then slightly different, off the cyber just a bit, is is additive manufacturing and 3D printing the panacea we hope it’s gonna be?
3D printing, ha, ha. Go ahead.
So first on Google and Maven and Defense Innovation Unit was involved in helping the Defense Department put together vendors for Project Maven. The good news is, I think this was incredibly well covered by the media and is it would reflect broad views of Silicon Valley, overblown. So there’s different kinda vendors that we work with. Most of ’em are small companies. They’re delighted to have an opportunity to work with a customer as large as DoD. Today when we ask for help on a problem we’re working, we get 30, 40, 50 submissions for each problem. So plenty of help. It becomes more complex for these large multinationals, Google being one. I think they’ve learned, the wouldn’t in the future, wanna crowdsource their business strategy. And I was pleased to see some of the multinationals, Amazon, Microsoft—
Amazon loves doing it.
Yeah, I mean they’ve frankly come out and said, the place to exercise that is at the ballot box and we need to support the government. So that’s great to hear.
One of the problems with that is that the companies have let their employees talk for years now. Google had Memegen. They have these meetings where the employers get together and scream at the founders almost every week. No they do. It’s like, I don’t like the kombucha this week and they yell about it. So they created an employee base that feels that they’re part of the system and they are.
So the bottom line on with working with the Defense Department is we need just to be an easier customer for those companies and that’s about speed and getting some money to the right customers. Just quickly on additive manufacturing, I don’t think it’s a panacea, but incredible progress made with metals, with concrete. We’re now working on a project to allow forward bases for the Marines to be built with additive manufacturing on concrete. So imagine bridges and barracks being build with additive manufacturing using concrete.
There’s some cool commercial companies like Carbon and some others that are really cool in that area, if that is an area. Okay, last question right here, sorry. Sorry, but you can all grab these guys.
Sure thank you very much. My name’s Bishop Garrison. Just a quick question. We’ve talked about all these new evolving technologies when you talk about machine learning, AI, and you talk about the skill sets necessary to deal with it, particularly from the next generation. In your respective organizations, have you really begin looking at training in the ethics in the development of these technologies and their deployment?
Yeah that’s an interesting topic. Wet blanket here writes about that in the New York Times a lot. (panelists laugh) They also need to take humanities courses. Talk about that and then we’ll finish.
Yeah, so just I can tell you at Oracle, we have a large AI, machine learning research group, and we have machine learning, AI experts kind of spread throughout our engineering organization. And so bias and ethics is definitely something that we take into account, just as a matter of course. We’re very careful to try to make sure that we don’t wind up encoding human bias into the models. I mean if you think about, it’s not just the right thing to do, it’s also the most efficient thing to do.
Bad data—
Right, if we’re trying to find the best employee to do a job, if we encode human bias, that probably means we’re bypassing one of the better candidates, so we don’t wanna do that.
And any others on that?
The Defense Department, as we have to do with all technologies, is looking at what are the implications ethically. And the joint AI Center, recently set up at the Pentagon, is working on this very actively.
And that’s gonna be a big issue in facial recognition right now, obviously. The company that makes the cameras that are on police departments, doesn’t think facial recognition should be used yet, ’cause it’s so bad. I might point you to an interview I did with Andy Jassy whose head of AWS at Amazon, which a massive business there, around their recognition software, which has been controversial. But it’s an interesting debate on the issue. Anyway, this is great. Thank you so much. And I’m sure there’ll be tons more to talk about next year. Thank you.