On Point: Q&A with Bob Gourley
Bob Gourley, chief technology officer and co-founder of OODA LLC, is a due diligence and cybersecurity consultant who also publishes OODAloop.com and CTOvision.com.
How can Defense Department decision-makers take better advantage of the innovations being produced by U.S. technology firms?
There is a famous William Gibson quote I’m fond of: “The future is already here—it’s just not evenly distributed.” Every day that quote becomes more relevant. Defense Department decision-makers who are seeking combat advantage can tap into the future by understanding that industry innovation is occurring at a rapid pace, and solutions to challenges in the Defense Department may have already been designed and built by industry. This is especially true in information technology. Too frequently, decision-makers in the department mistakenly think their mission would be best served by having their own developers, or the developers of an integrator on contract, write software. That is usually the worst possible approach and should be the last option selected.
What should technology firms do to improve their ability to support national security missions?
I always recommend technology leaders go the extra mile in seeking to understand the mission demands of the enterprises they seek to serve. There are many ways to do that, including listening to what Defense Department leaders say they need, networking with other peers that serve the national security community, and of course, engaging with organizations like AFCEA that help both government and industry better understand each other. Tech firm leaders can also improve their ability to support national security missions by ensuring their solutions leverage best practices in security and identity management. Solutions should also be built to be interoperable, since almost all national security solutions need to import and export data to other systems.
What must be done, especially by technology firms, to reduce the cybersecurity threat?
I’ve studied this question hard for decades, and finally I have a succinct answer to that question. At a high level, technology firms need to have CEOs that truly care about mitigating the cybersecurity threat. If the CEO does not really care, the company might be compliant with security guidance, but the lack of care and attention will translate to serious security gaps that could be the weak link in our national security. If the CEO does care, there will still be hard work ahead, but there is hope for agile, cost-effective cybersecurity that leverages best practices and really helps mitigate the threat. The CEO that cares about cybersecurity will continuously engage with the company’s leadership team, not just the developers in the firm, to discuss cyber risks and potential avenues of attack and mitigation strategies. Having a CEO that really cares is the magic ingredient.
What do you think is the next great information technology trend?
Convergence. In a defense construct, I would call that convergence on mission. But convergence is a broad trend that is going to impact every element of society. Convergence is the synergistic impact of new capabilities feeding off of each other. Think of the mission impact of all these topics converged: cloud computing, artificial intelligence, mobility, big data analytics, robotics, IoT, cybersecurity, quantum computing, virtual reality, augmented reality, additive manufacturing, space sensing, advanced communications (especially 5G, WiFi6). Any one of those trends could dramatically change how the Defense Department executes missions. So, imagine the power of transformation by considering them all at once! My recommendation: study these many trends, but always focus on how they relate to each other and how their convergence will improve national security missions.