In 2006, Raj Shah was an F16 pilot in the U.S. Air Force, flying combat missions in Operation Iraqi Freedom. It was the war’s worst year, and Shah had a problem. The display screen in his cockpit had no moving map. The GPS showed him ground coördinates, but there was no overlaid image—no moving dot or icon—that showed where he was in relation to those coördinates. “There were times,” he recalls, “when I didn’t know whether I was over Iraq or Iran.” During home leave, he bought an iPAQ, one of the early pocket PCs, and loaded it with a standard, cheap aviation-map program. Back in his F16, he strapped the pad to his lap and relied on it—not the plane’s multimillion-dollar mil-spec software—for navigation.
Shah realized that commercial technology was racing ahead of the U.S. military’s own, and that this was a dangerous trend for America’s security, given the nation’s reliance on its technical edge to win wars.
Today Shah is managing partner of DIUx, the Defense Innovation Unit Experimental, which was created less than two years ago to address this problem. The program’s budget is only $30 million, barely the size of a counting error in the Pentagon’s ledgers. Yet it’s already having an impact, mending the tattered ties between the military and Silicon Valley—and it might revolutionize the way defense contracts are awarded, making U.S. military missions far more likely to take advantage of high-tech inventions.
For the same reason, it’s also in the crosshairs of various factions within the Department of Defense bureaucracy and the corporations that supply the military. They have developed elaborate ways of doing business with each other and regard anything deemed “innovative” or “experimental” with suspicion. Yet Shah is convinced that if something like DIUx had started up a few decades ago, his F16 would have had Google Maps built into its display screen.
From the top
DIUx is the brainchild of Secretary of Defense Ash Carter, a theoretical physicist who has taught and done research at Harvard and MIT and previously served in senior posts in the Pentagon. “The concept of a DoD outpost in Silicon Valley, and in other technology centers around the country, was in my mind when I entered office,” Carter says. In 2000, he wrote a paper called “Keeping the Technological Edge,” foreseeing that commercial industries would soon overtake defense labs at innovation and that, to protect U.S. global interests, the Defense Department would need to form new relationships with the private sector. When Carter took over the Pentagon in February 2015, he was smacked by international crises, but he declared that defending America’s strategic dominance in technology was a top priority. Two months into his tenure, he announced the formation of DIUx in a speech at Stanford: the first time a defense secretary had come to Silicon Valley in 20 years. The program was launched in August of that year.
The program’s headquarters is located in Mountain View, California, on the grounds of a sprawling Air Force and NASA research base, much of it now occupied by Google. The DIUx staff of around 40 people—a mix of civilians, military, and contractors—work on the second floor of a squat brick office building once used by the Air National Guard, until the area’s housing became too expensive for Guard personnel. The corridors are old-school drab, the doors secured with combination locks. But inside, the newcomers have revamped the spaces with blackboards, whiteboards, and desks arrayed in random diagonals, to match the nonhierarchical vibe of a Valley startup.
It was vital, in Carter’s mind, to place the office in the heart of Silicon Valley. He wanted to tap into projects that were already in the works—at startups and companies that didn’t do business with the government—and adapt them to national-security missions. The budgetary advantages were straightforward: the Defense Department wouldn’t have to pay for R&D, because the companies would already have incurred the costs. And DIUx wouldn’t pay procurement costs: those would be paid by the military service that agreed to put the product in the field.
But in its first year, despite support from the top, the program seemed doomed. Carter didn’t fully appreciate that such an unconventional program had to be run in an unconventional way. He named as DIUx director George Duchak, who’d been a DARPA program manager, director of the Air Force Research Laboratory’s Information Directorate in Rome, New York, and a high-tech entrepreneur. But on the organizational chart, Duchak reported to the undersecretary of defense for acquisition, technology, and logistics. Carter had held that post before his ascension to secretary, but it was now occupied by Frank Kendall, an engineer who had worked for big defense contractors. Kendall didn’t share Carter’s enthusiasm for the whole idea of DIUx and shuffled its oversight to an acting assistant secretary of defense for research and engineering, who didn’t know what to do with it and wouldn’t have had the authority to do much if he did. Duchak was thus three layers away from Carter.
Isaac Taylor saw the ensuing train wreck up close. Taylor had spent the previous 13 years at Google, designing and building its first self-driving cars. From there, he rose to operations director of Google X, where he started a number of projects involving robotics and augmented reality. Still, he was looking for a change, keen to work on “meaty projects that matter to the nation.”
Taylor began pitching products from within Google. He soon realized the program couldn’t work—not as it was organized. From the sidelines, Taylor also witnessed how two of California’s most creative companies came afoul of DIUx’s processes. One, Shield AI in San Diego, had built a small, autonomous indoor drone, which the program thought might appeal to the Special Operations Command, whose soldiers might want to know who is lurking inside a building or a cave. The other, Bromium in Cupertino, had designed cybersecurity software that could isolate operating systems from untrusted users. Meetings were held; the interest was palpable. But nothing happened. In Silicon Valley’s culture, meetings end either with a decision on whether a deal is possible or, often, with the deal itself. In the Pentagon’s culture, meetings lead to more meetings, which might lead to an R&D contract in 18 months, followed by testing, approval, then a renewed competition for a contract to build a prototype in another couple of years, then an assessment, followed by several more stages. No one in the Valley could put up with such delay: among other things, the technology would have changed three times between the moments when the contract was signed and the hardware fielded.
One of Secretary Carter’s assistants called Taylor to ask what had gone wrong. Taylor replied that the people at DIUx were talented, but the process doomed the idea. “I told them the organization was failing slowly, and that in Silicon Valley, that’s the worst way to fail,” he recalls. “The longer a firm keeps failing, the less inclined that people in the Valley will be to give it the time of day.”
Carter recruited two White House aides—Todd Park, a Silicon Valley entrepreneur who’d rescued HealthCare.gov, and DJ Patil, another Valley insider who’d been persuaded by President Obama to bring big data into the executive branch—and asked them to fly to California, survey the situation at DIUx, and report back on how to fix it.
Park and Patil soon had answers. First, they reported, the office needed to be able to close a deal by the end of a meeting or no more than a few days later. Second, because no one person had all the skills necessary to run something as complex as DIUx, it should be run by a senior team of four or five people who together knew about management, venture capital, technology, and the internal workings of the Pentagon. Third, this team should have a direct line to Secretary Carter himself—in part to exude authority, and in part to get approval quickly.
Finally, Park and Patil assured Carter, failure was okay in the Valley. The important thing—it’s a local motto—was to “fail fast.” In other words, Carter needed to shut down DIUx and reboot with as much fanfare, and as clear a sign of commitment, as possible. If he proclaimed failure forthrightly, he’d even be respected; the executives who’d looked and turned away might give the program a second chance.
On May 11, 2016, Carter flew to Mountain View and announced the start of what he called “DIUx 2.0.” He also introduced the leadership team he and his staff had assembled just weeks before. They were Isaac Taylor, who had decided to give DIUx another chance after hearing assurances that his criticisms had been addressed; Chris Kirchhoff, who’d worked as a long-term strategist in Obama’s National Security Council and as the civilian assistant to General Martin Dempsey, chairman of the Joint Chiefs of Staff; Vishaal Hariprasad, a highly decorated Air Force cyberwarfare officer, who later cofounded a Silicon Valley firm called Morta Security and sold it to Palo Alto Networks; and Raj Shah, who after flying F16s in Iraq had earned an MBA at the Wharton School of Business and emerged as a Valley entrepreneur, partnering with Hariprasad to start and sell Morta.
Shortly before Carter’s announcement, the four met at a long dinner to discuss the terms of this new enterprise. They agreed they would take the offer under crucial conditions: they’d need hiring and firing power, authority to manage their budget, and permission to take risks and fail. (In the traditional culture of the Pentagon, managers tend to double down rather than cut their losses, accreting bloat along the way.) Carter signed off on those terms without hesitation.
There remained the main challenge: how to cut through the Pentagon’s byzantine procurement process. All four of DIUx’s leaders, as well as Carter, were inspired by the example of the Defense Advanced Research Projects Agency, which had spurred defense innovations such as the Internet itself. Particularly intriguing to them was a DARPA project called Cyber Fast Track, run by a white-hat hacker named Peiter “Mudge” Zatko. His idea was to open up R&D competitions to startups and even individuals that seldom or never worked with the Department of Defense. The result was surprising: 130 contracts awarded, between two and 16 days after first proposal, at an average cost just shy of $150,000. Some led to research breakthroughs—most notably an experiment demonstrating that Jeep Cherokees (and, by inference, all computerized cars) were vulnerable to hacking. (The cost of that contract was the retail price tag of two Jeep Cherokees and a modest fee for the two people, one of them a former NSA hacker, running the experiment.) “Mudge’s Cyber Fast Track was our inspiration,” Chris Kirchhoff recalls. “He showed it was possible to take an idea and award it a contract in a few days.”
But DARPA is strictly an R&D cauldron. For a development project to pass into production, it generally has to be turned over to the Pentagon procurement bureaus, which, as a first step, post a wide-open competition to build a prototype. Even large, traditional defense companies refer to this gap between R&D and actual production as “the valley of death.” For Silicon Valley firms, the notion was anathema: they weren’t going to spend time and money developing a new technology only to lose the bid.
When DIUx 2.0 got under way, Raj Shah and his team talked to Lauren Schmidt, the program’s “pathways director” responsible for contracts, who told them of a discovery she had made of enormous consequence. Previously, Schmidt had worked in the Army’s acquisitions branch, where she had learned of a type of contracting blandly named “other transaction authority.” In an OTA contract, the government and commercial companies can design prototype projects without the onerous rules and regulations of the traditional defense acquisition process. Congress had created this authority in the 1950s to allow the space program to “enter into and perform such contracts … as may be necessary in the conduct of NASA’s mission.” But other than its use by NASA, the law had mostly languished, invoked only by DARPA (this was how Zatko rammed through Cyber Fast Track) and an Army arsenal in Picatinny, New Jersey, that manufactures guns, bullets, and precision guided missiles.
Schmidt’s discovery was Section 815 of the newly passed defense authorization act, which allowed the use of OTA contracts for a wider range of projects, so long as a senior official affirmed that they enhanced the “mission effectiveness” of military personnel or their weapons systems. This changed everything. Section 815 meant that the company developing a project could take it into the prototype phase without having to endure another layer of Pentagon bureaucracy. True, the obscure article limited this expansion to contracts valued at no more than $250 million, but few of the projects that DIUx had in mind would cost that, and if they did, the new language allowed OTA contracting for those programs, too, if the undersecretary of defense for acquisition assured Congress in writing that they were “essential to meet critical national security objectives.”
For the DIUx team, Chris Kirchhoff said, Section 815 “was like Thomas Jefferson taking out his pen and writing the Declaration of Independence.” The pen, in this case, had belonged to a senior staffer on the Senate Armed Services Committee named Bill Greenwalt, a former Pentagon official who had written a paper likening the Defense Department’s acquisition system to “an 18th-century wooden warship that has been out to sea for too long, accumulating such a surfeit of barnacles that it can barely float, let alone operate under full speed.” He didn’t know about DIUx when he wrote what would become Section 815, and the DIUx people didn’t know about him, but their aims were the same and their purposes converged.
The partners contacted executives who’d pitched the aborted projects during DIUx 1.0—the autonomous indoor drone and the cybersecurity software—and urged them to pitch again. This time, they were approved. The drone is now being field-tested for a Special Forces unit deployed overseas.
On October 13, 2016, the new team released its first quarterly report. It listed 12 signed contracts, totaling $36.3 million, with another $100 million coming from the military services that had agreed to buy or test the products. (So far, for every dollar DIUx spent, the buyer—whatever military branch will use the device—has spent three dollars.)
One of the items, made by a San Mateo company called Sonitus, is a small plastic two-way microphone and listening device that fits over a soldier’s teeth like a mouth guard and conducts signals through the bone. No earbuds are required, so soldiers dropped into a combat zone can communicate with one another while still hearing what’s going on all around them and retaining “situational awareness.” The contract for the device was signed at the end of the summer; by October, the Air National Guard was using it in Afghanistan.
For the 12 projects, the average time between the initial proposal and the signed contract was 59 days. All the products were designed for commercial markets—the companies involved hadn’t even thought about possible military applications—and no one in the military had been aware that the products or the companies existed. It was DIUx that put the two together. All this was a radical departure from standard practice. Under typical Pentagon contracting procedures, the military services write a “requirement,” which bureaucrats translate into a “request for proposal,” to which corporations respond with product designs, which another layer of bureaucrats evaluate, and on it goes until competing prototypes are introduced. The officers who write the original requirements never speak to the corporate managers who manufacture the resulting hardware or software.
Isaac Taylor says, “I spend lots of time traveling to military groups. I ask, ‘How can I help? Where is the technology acquisition system not meeting your needs?’ No one has said, ‘No, thanks, I’m doing fine.’ They all say, including the most senior officers, ‘We’ll take all the help we can get.’”
These are precisely the sorts of conversations Ash Carter hoped the project would provoke. “My intent with DIUx,” he says, “is to ensure there are more people who are able to understand both universes and to bridge them: those who come from the tech community and contribute to our vitally important mission and those already part of the Defense Department who get to know the technology world better.”
One pleasant surprise has been the large number of firms that have expressed interest in the program. Silicon Valley is often painted as a landscape populated by cyber-libertarians, hostile to the national-security state, but Raj Shah insists the stereotype is overstated. “Silicon Valley was built on a private-public partnership in national security, and I’d love to rebuild that,” he says. “There’s certainly skepticism about whether it will work; but there’s not as much skepticism as people think about the broad value of the military.”
Since the summer reboot, DIUx branches have opened in Austin and Boston. An office in Kendall Square in Cambridge, Massachusetts, is now headed by Bernadette Johnson, who took a leave of absence from her job as chief technical officer at MIT’s Lincoln Lab to become chief science officer of the program. While the headquarters has devoted most of its efforts to robotics and drones, the focus in Boston is on biotech and biomedicine. “It turns out there are lots of reservists at Harvard labs and Boston hospitals,” Johnson says. “I’m optimistic about our growth.”
The presidency of Donald Trump throws these prospects—perhaps the very existence of DIUx—into doubt.
New administrations often scrap the programs of their predecessor, especially if headed by the opposing party. During the campaign, DIUx managers reached out to both candidates’ staffs: they briefed some of Hillary Clinton’s defense advisors, who seemed happy with the program, but they weren’t able to sit down with anyone on Trump’s team, because there were no defense advisors to brief. Trump’s pick for secretary of defense, retired Marine general James Mattis, has a strategic mind and a penchant for innovation, and he really cares about the needs of those in the field. He might embrace DIUx.
Even before the election, there was nail-biting in Mountain View. In 2016, the House Armed Services and Appropriations Committees eliminated the program’s budget for the next fiscal year. Secretary Carter urged them to restore funding. The Senate committees have approved full funding, but the House-Senate conference committees will make the final decision. Some observers are optimistic. The House panels made their cuts after learning of the unit’s initial failures, and justifying its existence was why DIUx rushed out its report on the 12 contracts in October: it wanted to show Congress that the program was succeeding.
But some members of the committees, especially those from the House, prefer the old way of doing things. So do the big defense corporations that molded their structures and procedures to fit the regulations of the Pentagon’s procurement bureaucracy.
The perception that DIUx might disrupt the Department of Defense’s settled ways is not entirely unreasonable. Frank Kendall, the undersecretary of defense for acquisition, who once was unimpressed with the outfit in the Valley, now touts its strengths. On November 21, he sent an “all-hands” e-mail headed “New Rapid Contracting Tool.” The message encouraged “all acquisition professionals to familiarize themselves” with the OTA contracting approach, praised DIUx for using the method “to rapidly meet warfighter requirements,” and announced that the Department of Defense had asked Congress to approve “an expansion of this authority” to cover emerging “state-of-the-art” technologies, not just those stemming from commercial projects.
The communiqué was not a memo or a directive. The sort of contracting it champions does have its limits. Ash Carter emphasizes that OTA isn’t suitable for every weapons program. “We’re not going to use DIUx to procure aircraft carriers or the F-35,” he says. But he adds that he does hope DIUx has “a transformative impact” on the Pentagon’s procurement practices broadly, encouraging its bureaucrats “to embrace a culture of innovation.” To some people, that’s not a hope but a threat.
Small, still-nascent programs that haven’t built up sizable constituencies often need support at the top to survive. DIUx has been Ash Carter’s pet. It’s hard to say whether the next secretary of defense will give it the same attention. But the inadequacy of the present system is clear. Raj Shah recently traveled to the Middle East to talk with U.S. commanders about DIUx projects. He made a point of talking with some F16 pilots who are flying combat missions over Iraq, just as he did 10 years ago. Their jets had been upgraded with moving maps. But not long before, they had still been strapping iPads to their laps, after loading them with commercial aviation map apps, so that they knew exactly where they were flying.
Fred Kaplan is the “War Stories” columnist for Slate and the author of Dark Territory: The Secret History of Cyber War.
Keep up with the latest in Silicon Valley at EmTech Digital.
The Countdown has begun.
March 25-26, 2019
San Francisco, CA
DIUx is the brainchild of the secretary of defense. He thought it vital to place DIUx in the heart of Silicon Valley: he wanted to tap into projects at startups.
The white-hat hacker was responsible for Cyber Fast Track at DARPA.
DIUx is based on the grounds of a California Air Force base that features one of the world’s largest structures, built to house airships.
No one knows whether the new Congress will continue to fund DIUx.