How America Loses the Next War Part I of V
The Next War Won't be a Cyber War, it will be a DevOps War
A software developer with a government background check can be billed out by contracting companies at the rate of anywhere between $200 - $400 an hour - not that I ever saw that kind of money.
There’s a term in the government contacting industry called “butts in seats” - get the contact, stuff it with as many cleared developers as possible and make money. At the end of the day the government gets software that usually works.
My program wrote the C4ISR (Command, Control, Communications, Computers, Intelligence, Surveillance, Reconnaissance) for terrestrial-based tethered aerostats. These balloons floated above the battlefield stuffed full of optical, IR, Radar and acoustic sensors. It was a major force multiplier for coalition forces in Iraq, Afghanistan and the Horn of Africa.
I was the program software architect. Traditionally, a software architect communicates with businesses and clients to design and execute solutions with a team of software engineers. They work as an expert-level developer to make executive software design decisions.
In reality I was a one man band.
I would code, act as an engineering manager, do cybersecurity, networking, backlog grooming, tech support and talk the customer down from the ledge when they wanted to jump.
I also did DevOps.
DevOps is a portmanteau of DEVelopment and OPerationS - it’s basically how you deploy software to the customer.
In the case of this Aerostat program, here is how we would do that:
I would receive the software updates from a development team in Massachusetts.
I would go to a secure computer in our SIL (Software Integration Lab) in Maryland.
I would download the drop (usually 22GB) from an Amazon S3 bucket.
I would split the drop into 5 parts using 7Zip.
I would burn the drop onto multiple DVDs.
I would bring the drop to the test computer.
I would move each DVD over and reassemble with 7Zip.
I would install the software.
The testers would test.
If there were no problems, I would burn a second set of DVDs and mail them out to a site in Arizona where we did field testing.
Sometimes I would have to hand carry the DVD disks there myself and perform the install manually.
If the field tests were successful, I would burn more disks and send them out to sites.
Deployment would take about 10 days. It would take weeks to get to each site.
If this sounds incredibly inefficient, it was! This entire deployment pipeline could have been fixed with a few python scrips and a cross domain solution.
But this wasn’t about efficiency. If you make something more efficient, you lose all of the billable hours that you made by being inefficient.
The Center for Strategic and International Studies wrote a paper on how a war with China would go. America might lose up to 4 aircraft carriers in this fight.
Ask yourself how you are going to get a software update out to an Aircraft Carrier in the middle of the ocean via DVD. Could this update increase the lethality or defensive capability of the ship? Could your software save lives?
Ukraine began to receive HIMARS GPS guided rockets in the Summer of 2022.
And Russia just could not shoot any of these M31 missiles down.
The S-300 36D6 Tin Shield radar and associated software had no idea what it was looking at.
The target wasn’t a Theater Ballistic Missile - wrong speed and trajectory
The target wasn’t an aircraft - too fast
The target wasn’t a helicopter - too high and too fast
The target wasn’t a cruise missile - too fast
The target wasn’t a drone - too high and too fast.
So the software passed the targets over to the system operator and said:
I have no idea what I’m looking at. You make the call on shooting this thing down.
Would you want to be that operator? Do you want to be responsible for shooting down a track that isn’t in the database and may or may not be friendly?
So the Russian operators did nothing - which was the safest course of action, unless you were the intended target. Then it was very unsafe indeed.
I predicted that it would take Russia 6 months to fix their software. This was about right.
Back in December of 2004, Secretary of Defense Donald Rumsfeld said:
As you know, you go to war with the Army you have. They're not the Army you might want or wish to have at a later time.
While he could have been more tactful, since he was speaking to soldiers who were operating unarmored vehicles in Iraq… he wasn’t wrong.
And today it’s truer than ever.
It takes about 43,000 hours to manufacture a single F-35 jet.
Compare that to aircraft from World War II where a new B-17 could be pumped out every 4 days.
If American gets into a fight, we are going to war with the military we have. And additional capabilities and counters to our adversaries will be delivered via software.
It is critical to develop an efficient combat-robust path to deliver software, or American will be placed at a disadvantage during the next war and quite possibly lose.
If you want to hear me speak about this subject, as well as 4 other factors that will cause America to lose the next war, I will speak on this topic in Austin, Texas at the Texas Cyber Summit September 28th-30.
So, back in the early 90’s, I built a remote software update process for a system deployed on oil tankers. It worked over modems connected via a satellite telephone link. NASA does similar stuff with their interplanetary probes. These things can be done!
Reminds me of reasons behind the Navy's C2C24 effort https://www.doncio.navy.mil/chips/ArticleDetails.aspx?ID=10501