Security, Resilience, and the Future of Mobile Infrastructure

I was at Davos last year in a cyber forum and one of the speakers was talking about Salt Typhoon. It was closed door, room of 60 cyber folks. And she said, wait, how many people know about this? It was 5 out of 60.

0:00

What we learned was that China has infiltrated major telecommunications carriers in the US for all intents and purposes, fully. They can listen to the phone calls, the lawful intercept plugin points, they have control of those, and they can just turn along at any time and listen. I mean, what do you do on your phone? You know, how much of your life runs on your phone? Basically all of it. And what we continue to learn is that that's true for everybod, everybody in the United States. Rather than trying to ferret through the existing carriers on Guam and find all the China and try to get rid of it, let's just do a clean install of a telco on top of the existing physical infrastructure.

0:12

Just assume it's hostile.

0:44

This was literally three months before the Salt Typhoon news broke and we learned that China had compromised the X1 interface of all these major telcos.

0:45

The more folks who are kind of bringing connecting the dots, speaking the same language, I think the better off we all are from a national security and economic prosperity perspective.

0:53

In late 2024, the United States confirmed that Chinese hackers had infiltrated every major American cellular carrier. The operation Salt Typhoon gave China access to lawful intercept systems, live phone calls and the communications of senior government officials. It was not a one time breach. It was the product of an industry wide failure in cybersecurity. Years before the story broke, a former Green Beret and Palantir executive had started building a new kind of cell network. One designed to operate securely on top of compromised physical infrastructure. The Navy was an early partner testing the technology on Guam before anyone outside the intelligence community fully grasped the scale of the threat. David Ulovich speaks with Justin Finelli, CTO of the Navy and John Doyle, Founder and CEO at cape.

1:03

Thank you guys for being here. We are very lucky to have Justin Pinelli, the CTO of the Navy, on his Tekken tour back with the Navy and in this role. And we have John Doyle, the founder and CEO of Cape, with us and we're going to have a terrific discussion about building for the country, building for the Navy, partnering with the Navy and all the technology transformation work that is going on at the Navy. So thanks guys for being with us today.

1:57

Thanks for having me.

2:22

Justin, just give us a quick background who you are, what's your job today, how long you've worked in this space.

2:23

Thanks for having me. Awesome to be with winners. That's actually a big part of my job is, hey, let's figure out where needs are, where gaps are. Listen to our sailors and Marines, spend time with them and then connect dots for people who are bringing either improvements or breakthroughs. The name of the game is how do we lessen pain and increase gain. And so across the board, it's a little bit of signal to noise detection. The good news is we have a really healthy and thriving and growing ecosystem. And so this is not a me thing. This is, hey, how do we make sure that folks who are super innovative are able to get in? How do we catalyze? And so my backstory is I'm an engineer. Air Force picked electrical engineering. It was a pretty good time for that. This is just before the world starts getting eaten by software.

2:29

When was this?

3:22

Were you going to date me? This is early 2000s. Okay. This is right after 9 11. But the hardware revolution and the Internet starting. I think that quote from Mark Andreessen happens late August, early 2000s.

3:23

Yeah.

3:36

And then we start to like kind of my office within the Navy at that point starts to ride the wave towards software. So really early glistenings on software defined warfare. No one called it that at that point. I think the earliest name was network centric effects.

3:37

Right. That sounds like a Cisco term where I used to work convergence.

3:54

Very strong early BD efforts by Cisco.

3:59

Overnight success, a decade in the making.

4:03

Right.

4:05

And so like they end up adding up. And so kind of an engineer waypointing through. So worked in the intelligence community, in the actual manpower and business systems operational systems within Department of War and Department of Navy. Went to darpa, helped stand up two new agencies from scratch. So Space Development Agency and darpa. H. So DARPA for healthcare.

4:05

Oh, cool.

4:27

And then is that something that works

4:28

with like the VA and things like that?

4:30

Yeah, yeah, yeah. And so when I was at Defense Health, we were working with VA to try and connect the dots. This is during Trump 1. Let's make sure that we are flattening the government, connecting where we can be connected. Right. Have synergies. At one point there, the health records for the veterans were on a different backbone than the health records for active duty. It didn't make sense. So kind of trying to be again around people who want to make things happen, scouting for new capabilities, new technologies and then pulling those through. And I think right now we have the most encouraging, best set of pullers I've ever seen. So it's a great Time to be in the moment and in the ecosystem.

4:31

Awesome. John Doyle, who I've known for a long time, you. We're excited to be investors in cape. We've been investors, I think from the very beginning.

5:09

The very beginning, yeah. Just almost exactly four years ago is February 28th.

5:16

Amazing.

5:21

Okay.

5:22

A lot is anniversary.

5:22

This is the relationship anniversary.

5:23

A lot, a lot is. Yeah, a lot, a lot has happened in, in that time. Tell us before we tell, I want you to tell us what CAPE is, but before that, you've had an amazing career to the extent that you are able and willing to tell us about your career, Tell us what you've done before starting cape.

5:25

Sure. Cool to be here. Thanks. My background, I was a computer science major. But then as soon as I graduated, I went in the army. We had just invaded Iraq. I joined up, became a Green Beret. I was Army Special Forces from 2003 until I left in 2008. Brief detour to law school. I'm a law school graduate, Harvard Law School. Wow. Passed the bar. I figured out early I never wanted to be a lawyer and instead I went to palantir. This was 2012 or 2013 in the way that people found their way to Palantir in those years. I did. I had an amazing run there. Nine years at Palantir. Started as a forward deployed engineer doing technical work, wrote code. But my signature contribution to the company was running the national security business from 2017 until I left in 2022. Amazing. Super mission focused, kind of wild. Five years we went public in the middle of all that. But it's also where I had the opportunity to learn about a whole host of vulnerabilities that exist in the commercial cellular network. And that was interesting to me. And then I was obsessed about it, and then I had ideas on how to fix it. And so in 2022, with the help of the American Dynamism team, who was really in the early days at that point, I left Palantir to start cape. Awesome.

5:40

All right. What is cape?

6:50

CAPE is a global cellular network, commercial cell network. So your phone, hopefully yours, says Cape. Here's my save. Verizon in the upper left hand corner. Mine says Cape because I'm on network, is live in 190 countries. We're more private, more secure and more resilient than any other commercial carrier on Earth.

6:51

We're going to dig into this a little bit, but just briefly, what does more private, more secure, more resilient mean?

7:08

Right? It's a good question. Those all mean different things. When we talk about privacy. We are highly differentiated in the way we manage our customer data, the way that we assign identifiers to their phones. You need a bunch of identifiers on your phone for it to work. We rotate ours kind of like Apple rotates Mac addresses on the iPhone. We do that for a bunch of other ones. More secure means. It means a lot of things. As we've four years now into starting and running a telco when an entire team with almost no telecom experience. When we started a bunch of defense tech folks started at telecom, what we learned was that the status quo in the telecom industry was really, really poor when it comes to cybersecurity. And then I'm sure we'll talk about salt typhoon at some point. A few years in this became not just a suspicion, but a reported story. And so for us, that just means deploying commercial cloud employ industry best practices when it comes to cybersecurity. When we find off the shelf components that are lacking from a security perspective, we just build our own and we in house it. And so over four years now, we've been able to make real strides. And we are, I'm confident in saying, meaningfully better than any other carrier from a cybersecurity perspective. And then resilience for us means we are what's known as a mobile virtual network operator in the V, the virtual means we don't own any towers. We rent capacity on towers from major carriers wherever we are in the world. In the US the list of companies that that includes overseas, we just announced last week a partnership with Rakuten in Japan. We did a joint US and Japanese Self Defense Force military exercise on Rakuten's physical infrastructure with Kapes software in Japan that was really successful. So what that means is we become and what we've built is a network of networks. So we stitch together physical infrastructure wherever we find it. And the result is that you're not reliant on any one physical infrastructure provider. I won't name any names, but in the last six months, two of the three major US telcos have had significant outages. Those aren't as scary for a Kape subscriber as they are for someone else, because there's another network you can fail over.

7:13

I see. Awesome. Well, I'm going to get to how you two met in a moment, but Justin, you are CTO of the Navy. That is a very, very big title. And with it must come a significant amount of responsibility, opportunity and impact. You know, when you stepped into that role as CTO of the Navy. How did you decide how to figure out your priorities? How did you identify opportunities? What are those opportunities? What are the priorities, and what are some of the things that you have focused your efforts and time on in the role?

9:03

I left and came back. And so I'll tell you a quick story about coming back. I was doing healthcare, I was loving it. We were getting after it, making huge strides. And so you always know where your cowboys are in the organization. And so someone who I worked with a little bit, but not a lot said, hey, heard you're coming back to work with us. And I said, oh, I hadn't heard that. And he said, yeah, the Navy is pulling you back in. And I said, I really like what I'm doing. And he goes, it's different from when you left. We've slowed down. I said, oh. And he goes, and we know how to fix it, but we need you. And I did not want to go. And. And so we had just kind of this group of unleashed folks, and they knew where others were, and so they kind of handed me, hey, here's a pipeline of wins that we'd like to get through. And so what that ended up looking like was it for us, kind of formed part of the barbell strategy. And so, like, from a finance perspective, we're excellent at the high end, but on the lower tradable commercial, there hadn't been a lot of really strong experience of moving that through quickly. And I think I probably had the best team anywhere. And I had some experience doing.

9:36

It's not a sourcing issue or procurement issue or contracting issue of identifying the technology priorities. What makes the low end of the barbell, why hadn't that been moving or what needed to change?

10:43

I think reps. And so if everyone was previously trained on here's how you buy a plane, here's how you buy a ship, then everything looks like that. And so we started with, what are the differences if you're doing software? And so we found the folks who are saying, hey, I think we can accelerate software acquisition. I think we can spot talent. I had done a little bit of VC work at that time. There were four VCs making investments in the space. There's 168 now, by my last count, 42x in seven years means that we have private sector that's ready to go knocking on the door. We have some folks in senior leadership positions now who are saying, hey, come in. And so that was a shift for us from make everything yourself innovate to let's be adopters. Of innovation. And so that just between practice and kind of a different way of measuring yourself, that was a huge shift for us. Now the good news is there's so much for support for this right now that even if people haven't had experience just what, three months ago now, vice admiral, total champion of these type of efforts, initiator, succeeder at many levels, said, hey, let's do a bootcamp together. And so we took all the program managers and contracting officers, most of them who had never worked with commercial or very little, and said, here's how you do this differently. Here's how you can do something in three months. That used to take 18 months. And so we had the folks who were doing that well and pulling things through and then we had folks who had questions. We kind of workshopped that out. It's a tale of two cities now. It's really exciting.

10:54

See that answers excellent because when I asked the question, I was just thinking about all the things that startups were doing wrong that they didn't know or the private sector wasn't partnering with the Navy. But what you just spoke about was really about internal education, internal training, rethinking about how they work with the private sector and maybe really, really takes, really takes both halves. You got, you need the startups and the companies to figure out how to work with the government, but the government has to figure out how to work with the companies.

12:23

I think we weren't listening enough before and it's definitely like a collective action thing. We can talk about the outside in, but the inside out was the bottleneck. And so we've taken huge.

12:48

Yeah, like the primes have had 70 years to refine the go to market motion of how to sell to the government. They already know how to do it and it's a new muscle for startups to build. Maybe this is a good segue, John, to you. Like how did you meet Justin, how did you get to meet the Navy and how do you sell to the government? Maybe we'll get to that last part later.

12:59

Sell to the government? Yeah, it's a great question and maybe I'll as a bit of framing. When I started Cape four years ago and I didn't make this up, the conventional wisdom was if you're going to do a defense tech startup or dual use startup and sell to the government, go to the Navy last because they were the hardest to do business with, the Air Force was fastest. The Marines are also fast but don't have very much money. The army is somewhere in the middle there and Then go to the Navy last because they're the slowest to adopt. And that was just conventional wisdom that got repeated over and over and over again, which is important framing for. When I met Justin and had the opportunity to brief he was on at PEO Digital in the Navy. I had the opportunity to brief them on an exercise we had just done at Cape, where we deployed our network in support of a training exercise and had discovered, had done a lot of validation. It was a really good early, early proof point for us and had discovered an interesting feature where we thought that we could offer a trusted cellular connection over known compromised physical infrastructure. We tested this within the US borders by simulating a compromised telco. Turned out to be a good thing to simulate. When we talked to Justin in his office about it, Justin said, let me talk about Guam, right? We have this problem on Guam, which is we believe that there's a real problem with penetration of the telcos on Guam and it's that they've been compromised. They've been compromised. And it's strategically important ground, of course. I mean, it's a really hard problem to unravel. Maybe we can just deploy. What if we just deployed the CAPE network on top of the known compromised physical infrastructure? Could we trust that connection? And we worked with Justin and his team and what I think became was sort of on their end also a prototype of the system and the way of thinking that you've developed and really gone a long way towards implementing over the last four years to get a pilot together quickly and not spend a bunch of time wringing our hands over exactly all the kind of classic things that are hard to get under contract. We worked as a sub with a major prime. We worked with Justin in his office to identify funding from diu, the Defense Innovation Unit, to help us go faster. And then we just went to Guam. And one thing I want to hear Justin's perspective on this story and his side of it. But a really important thing that you did early on that I have a ton of respect for and I've seen now play out many, many times over, is insist from the beginning on defining success metrics. He calls them, or they call them world class alignment metrics. Whams. We call them success metrics. It's the same thing. Let's be rigorous and specific at the outside. What does winning look like and what does that mean and why is that important? And really, transparently, you don't know the story, but we thought it was a pain in the ass. Internally, we're like, oh my God, we gotta. Because we went. We didn't get hung up on contract and we get hung up on dollar amount. We iterated with your team several times on the whams. Like we got. The whams have gotta be right. The whams have gotta be right. But they were. And we got em really crisp and we got really strong alignment between the Navy and between cape on what success looked like. And then we went and executed this pilot and it was ahead of schedule and under budget and we hit all the whams. And in the middle of that story is when the salt typhoon news in the US broke. And it turned out to be the case that Justin and his team in partnership with DIU had incubated and validated this technology that then was critical for an emerging national security threat. So in my mind, it's exactly the way that system is supposed to work. That's a little rambly. I want to hear your perspective on how that went.

13:16

So the normal. Hey, we need to meet. We have a game changer. Yep, everyone has a game changer. We think we're awesome. I know. And so I go and see them and I'm impressed with the tech. But the translation is always the problem. Right. Everyone who wants to meet with us, they're like, if I just convince this person, but then we have to go back and convince people and then ultimately there's going to be a room that we're not in where a decision is going to be made. And so this is why. And you tell that story. But I'm not surprised that it was annoying because the translation is what carries forward. So like, what often will happen is like someone will say like, we can do something with Quantum that no one else can do. And like, yeah, but who's going to explain that to everybody? Like if we're talking about tech and we're not talking about outcomes, then like how many engineers do you think are in that building?

16:21

Right.

17:05

Or can pull this forward? And so to this point it was pretty clear that hey, there's pain relief here. And it's actually this is an interesting one to carry. Like things that we haven't really shared. Is defense acquisition system historically, like hinges on a requirements axis and that's a slow axis. That's three years to write them all of this stuff. This was ahead of need. And so this is a case where we're looking at things that we think could be game changers but not following. Like the full formal process and small dollar amounts and then like ultimately like little bets that could turn into big bets if they carry. And so you guys doing the business case and the mission case for us, like, it made it a lot easier to pull that forward because there's still so many levers. So the continuation of that story, like, what I thought about it was, hey, if these guys can get over the hump, then we have an ace in the hole here. And what we did and kind of what that looked like at scale was when we set up the team, the tech director team for this program executive office with an acquisition. When I'm at this point acting cto, we're looking at it and we're saying we only have a handful of new investments. There aren't even as many investments as there are problems. Right. And so I was like, when are we going to get after these next ones? And they're like, next year. I'm like, but there's going to be more. It's like me sprinting against Usain Bolt. If he has a head start, I'm not going to catch up. Right. It's going to increase the distance. And so what we did at that point was we started wildcatting and we said, hey, you did two pilots last year. How many do you think you could do? Well, if we really pushed it, we could do five. Great. We're going to do 25 this year. Oh, gosh. Figure it out. Right? And so on the back end, how do you catch 25? Well, you need a funnel. Right. And so what we did was we had a couple, like, caped that when they are really comparatively advantageous, it greases the skids on the funnel. And so no one was going to be able to do the Rube Goldberg all the way through. But if we had side by side, if we had AB and. And could show how much better that was, then I thought people would get a taste of that.

17:06

They did.

19:13

And then when opportunity or crisis strikes, then you scale and you have, like, kind of those use cases.

19:14

That's a good. So I guess my question is, your team and your office can drive these pilots and drive these evaluations. How do you take that innovation and then spread it across the Navy and make sure. Is it your team's job to make sure that you know what all the problems and needs and asks are across the Navy? How do you basically make sure that the new technology, new capabilities, and the awareness of those capabilities get spread across the Navy?

19:20

Yep. I have the pleasure of working with, like, some of, like, the best servant leaders you've ever seen. I can normally keep people up until they get offers about four times their salary. At that point it's harder to keep them. But the amount of kind of talent on a small team, it would still be a bottleneck if we were trying to keep it in house. And so what we do is always scouting, but more so it's a network of networks. So to go meta with cape, like we're looking at, here's what's out there, here's what's available. And then we kind of have the unleashed people that we know in every. Within the munitions community, here are the hitters. Within the robotics and autonomous systems, here are the hitters, here are proxies, here are some investors who are looking at this. When a new company is in stealth mode, we probably know more about it than others. Right. And so that landscape, I'd say in general, what's happened and this isn't our team, this is the department under a really strong leadership is we went from a group of just straight builders, try and build everything to gardeners and we're okay, that's coming along. Right. We planted a seed there and it's springing. Right. And so how we pull those through, we have an Innovation Adoption Kit. We wanted to make sure these tools scaled. And a cool story recently is I was with the special ops community and they said, yep, we're doing an exercise and through the Innovation Adoption kit we found these pilots and we're going to send them into Horizon one. I was like, who told you to say that? And they're like, well, like sometimes we think of ourselves as the proving ground for the larger departments, Big Navy otherwise. Right. And so if we are learning things within the special ops community on maneuver warfare and that applies to the Marine Corps, then if they have the business submission case, why wouldn't we pull that through? And so it gives us an easier way to do that translation and conversion

19:45

using constant conversations with lots of people at all.

21:35

We're speaking the same language. Sure. And so the overhead costs are way down. Like we're now all, all talking TCP IP instead of there were 27 different dialects.

21:38

Totally. So maybe John, has that been your experience? So you, I would say are sort of in the. You're starting to mature from a go to market standpoint as a company, you now have multiple engagements with the government across different areas of the government. Do you find that they're talking to each other? What advice do you have for founders who want to sell to the government? I mean you found a number of. And by the way, selling telco services is not Easy when there's very, very large entrenched incumbents. So talk to us a little bit about how you've been able to then take relationships and successful outcomes like you've had with the Navy and expand from there. And what does that look like? A little bit.

21:47

It's a great question. Do they talk to each other and how do you navigate that? The one thing that's been true forever is if you fail, that gets around fast.

22:26

I see.

22:36

Right.

22:36

And so you bad news travels.

22:37

Yeah, yeah. Bad news travels. Yeah. Really quick. And so that's always been the case. What's interesting for us, and maybe it's broadly applicable, is the work, certainly the Navy's doing the work DIU is doing to do these tech validation and like move companies and tech more quickly through the stages of adoption. A really powerful thing is unclassified and shareable tech evaluations. On Guam we did something we. I shouldn't name the company, I guess, but we had a independent pen tester, a really credible third party come and do a deep dive on the tech and evaluate it at multiple levels of the stack. And they wrote a 50 page report that Diu paid for because they wanted it and it was the right thing to do. But also they made it unclassified and shareable. And now we can use that across services, we can use that with other customers within the US Government. We got permission to share it with investors as we went out to raise more money. And that has really positive effects for the company because we don't have to convince people that it works and does what we say that it does, but it's also really beneficial to the government, not only because it helps our tech get out more broadly, but the fact that then we're then able to go raise more money and more capital and go more quickly, ultimately that all that money goes right back into government work anyway. And it's a really super positive flywheel.

22:38

Awesome.

23:50

Yeah.

23:50

I kind of think we need to re engineer the system for a better flywheel. Right. And so I think the. I don't know. You're an anthropology major, My understanding did research is now outed.

23:51

I didn't know that. Interesting. Okay.

24:04

But bad news travels six times faster than good news. Right?

24:06

Right.

24:08

And so you just need more good news or a way to carry. And so like the success metrics like our whams. Hey, if you just are talking about cyber, if you're like, we hit more of the zero trust activities than other people, that falls on deaf ears for a lot of folks. If we Say we move the needle on operational resilience, right. In the nuclear Navy, they say two is one and one is none. So if you're not resilient, you're in no good shape. Right. The idea of doing resilience as a function, as a return on investment measure, as a success measure, we've had amazing war fighters and we have people who know their part of the process right now. We have economists and financial minds who are, who can actually see the forest through the trees and tell a larger story. And so if we have the data to feed them and we have a kind of a return on investment data substrate going, then we can choose better products that move the needle in a way that if we were all stove piped, everyone's working on the same tree, it doesn't always turn into the forest that you want.

24:09

Sure. We talked about secure communications and cape here. What are the other areas within the Navy where you think that the private sector can find? Areas where there's opportunity, there's transformation underway. I know we're investors in a company called Saranic that makes unmanned surface vessels. I think obviously the subsea domain is interesting. Talk to us about some of the areas where you think there is exciting opportunity for the private sector to meet the Navy at its needs.

25:17

So maritime industrial base, very large. We've been talking a little bit at the Dow level of hey, here's the defense industrial base. And we look at the suppliers. We used to kind of distinguish, oh, that's from this service or this department. We're one organization. And so honorable Michael put out, hey, here are the six key technology areas to say, hey, let's operate as a department with a, like a unified demand signal. And so taking the lead from there, right? And saying, okay, within these six here areas that we can surge. And so the research and engineering department, like that used to be a, at times like a study, the problem thing, they're moving with urgency so that we can, can catch. And so the answer to your question is obviously we want to get way better at scale and speed on manufacturing. And so the idea of like working with some of these companies, I guess I shouldn't name them, but who are either working on point solutions where they're doing additive and just distributed manufacturing, parts repair that. And the difference that can make, if you think about like point is there's a little bit of, some of that's not sexy, especially if it's at the point, but the question is like, how much difference is it making? Right? And so theory of constraints tells us that if you are blocked up.

25:44

So we've been told that there's equipment out in the field where one little part is broken and if you can 3D print a replacement part, you're back in service. And if you have to wait six months for something to come from some factory that only makes it once a year because they only make 500 of them, you know, you have a vehicle out of operation for six months.

26:59

It's crazy that full through line on that for manufacturing across the board. And there's going to be an expertise, right. And so hey, here's what it is for aviation, here's what it is for maritime, here's what it is for just front end users on ships. So I think that's like an area that we have started to see and continue to look for kind of big impacts.

27:16

What about on the software side?

27:36

On the software side? Well, here's the useful and interesting part. I think people recognize now that software, networks, cyber have a seat at the table across the board. The basis for kinetic activity and soft activity, all of that highly dependent. And so from what we've said is we want to get better at bending metal. But for software there's just so much ripeness. So here's how I think about that. I can describe a couple problems, but realistically, the amount of technical debt is significant. And so what I always encourage people to do is say, hey, if you're going to look at logistics, here are all of the government systems that are here right now. Disrupt those, but make sure you're taking things out with them. Right. We want to divest, to invest. And so kind of like what we had said in the past was there's room for everybody and we can just keep adding systems. That's just not the case.

27:37

Right.

28:36

And so if you can take out five systems with one application, this is modern service delivery. And so we actually put a guidebook out, Modern Service Delivery 3.0 to say here's how you loosely coupled, here's an actual implementation of modular open systems. Here's how you pull those things forward. And so for almost every domain where we're doing software, there are too many systems. And so if you can do secure data delivery with intuitive user interface, we will find room for you. As long as you're taking things out and sending it to operation Cattle drive, sending it to the boneyard afterwards.

28:36

Yep.

29:12

Can I ask a follow up question?

29:12

Yeah.

29:13

A question. I get a lot. I bet you get a lot. Also, you may not get as much. Is either like a oftentimes the veteran in business school or sometimes from a lot of different places, I get asked the following question. I am inspired by this dual use and defense tech movement. I want to start a company in the space. I don't have an idea of what I want to build. I just know I want to be building and I'm ready to do it.

29:13

Yeah, yeah, right.

29:36

I'm ready to go. What should they read? What should they research? Someone who's full of entrepreneurial drive and low on defense specific knowledge. Where should they start?

29:37

Yep. So go to. I'm going to channel my inner Steve Blank. Go to where the problems are. And so there are a lot of ships docked in San Diego and Norfolk. If you are friends with someone else who's working in the area and you just want to learn listening to their pain points, we have hackathons. So one of the plays from the Innovation Adoption kit is structured challenges. That's now in the Defense Authorization Act. And so we're supposed to do structured challenges. This includes pulling people in who are problem solvers and ultimately giving the problems. And so here's the point. Don't do that from on high or over there. Be where the problems are and rank them by here is the size of the pain. Right. We don't want to solve three headaches. We want to solve a migraine and then something imminent. Yep. And so the closer we're at at that and then you check the scale on that.

29:45

Right.

30:37

But the problem that you read about is probably being covered by other people. If we start there and then we look at, oh, here is a system that doesn't need to be there anymore. I'll give you an example. We shut down a system this year that people have been trying to shut down for 10 years. Just couldn't put it in the coffin. Right. And so there's always some defender somewhere

30:37

someone's collecting those monthly bills.

30:59

Look, what often happens is if there's 10 modules, nine of them don't matter, but one is indispensable. And these are severable tasks. And so whenever I say turn something off, find a way to make it fully severable because we're not looking to pay more for the one thing that they need which will happen.

31:02

Right.

31:19

So go after that, not a whole problem, but a chunk of a problem and pull the plug on the hardest piece.

31:20

Yeah.

31:27

When people ask us that question that you asked, like they have the desire, they're fully bought into the mission. Maybe they're veterans. Like we spend time with the Commit foundation, which are Helping people transition out of government service into the private sector. We usually tell them if they don't have an idea of what to do, they should go join a company like Kate.

31:28

Yeah, yeah.

31:44

And we tell them, like, go get startup experience. And then we try to tell them, like, try to work at a startup. That's good. Because getting startup experience at a crappy startup actually does not help you. It's actually a negative because then you learn all the bad behaviors.

31:45

Everyone's saying you're probably going to hate it.

31:56

Right. Right.

31:57

And you won't like it.

31:57

Right. Sometimes you learn what not to do. But that's not the lesson I'd rather you learn. I'd rather you learn what to do. So that is what we see. We're going to wrap up in a little bit here. I do want to mention Salt Typhoon because that's a huge story in all of our lives and something that we've paid attention to. But I still think, because it was a little bit of a complicated story, it never quite hit the mainstream to the degree that it probably should have.

31:58

Yeah.

32:19

Explain to us what Salt Typhoon is and to the extent you can, how something like Cape is a resilient alternative. Yeah.

32:19

To amplify your point, I was in. This was shocking to me. I was at Davos last year in a cyber forum and one of the speakers was talking about Salt Typhoon and had like, kind of glazed over.

32:26

Yeah.

32:39

A room of 60. It was closed door. Room of 60 cyber folks. And she wait, how many people know about this?

32:40

None.

32:46

It was five out of 60. It's crazy for cyber practitioners who traveled to Switzerland.

32:46

Yes. So they answered the first.

32:52

So what is Salt Typhoon?

32:54

Yeah. What is Salt Typhoon? Strictly speaking, Salt Typhoon is the name for an apt and advanced Persistent Threat Group, or a group of Chinese hackers who work for the government and do hacking on behalf of the Chinese government. They have targeted critical infrastructure in the United States and in particular the cell phone networks. And so when the story came out,

32:55

and what capability can they get by having infiltrated the cell phone network?

33:15

I mean, what do you do on your phone? How much of your life runs on your phone?

33:19

For me, more than I'd like to admit.

33:23

Basically all of it. And what we continue to learn is that's true for everybody. Everybody in the United States up to including the most senior folks. Right. And that's not surprising. The smartphone is one of the best products ever made. The iPhone's one of the best products, certainly the most exquisite communications platform ever built. So, of course, you run Your life on it. What we learned was that China has infiltrated major telecommunications carriers in the US for all intents and purposes, fully. So you can listen to the phone calls via the plugin points that if the FBI comes and wants to put a wiretap on your phone, those are the lawful intercept plugins, the lawful intercept plugin points.

33:25

So they have control of those.

33:57

They have control of those, and they can just turn them on at any time and listen to. During the last presidential campaign, then candidate JD Vance's phone calls were listened to and that got reported. That was an early. That was like a canary on the, on the Salt Typhoon story. You know, call data records, who's calling who, the duration of the call connection, the Internet websites. I mean, it's just kind of everything that you're doing on your phone effectively. And what was interesting was when I started the company, when we started the company four years ago, part of the pitch was this idea that China can leverage telecommunications network to basically see everything about you and us and most importantly, the armed forces and the national security professional in the US and people didn't laugh us out of the room when we said that. But it also, it wasn't quite concrete in the way that it became after the Salt Typhoon was broken. And then we just learned actually, in fact, China has fully infiltrated the telecoms and it has expanded now. The story has grown from just the US to now. Not every, but effectively every major carrier in the world is somehow implicated in the salt typhoon story. The intelligence and the national security implications of that are enormous. The implications for everyday citizens are enormous to the extent you care about your privacy and security, as you should.

33:58

It also, it seemed to me one part of the story that is relevant is that it also allowed the hackers to know who was being lawfully intercepted.

35:02

Yes.

35:12

Which is also confidential information.

35:13

Correct.

35:15

Right. Because there could be grand jury subpoenas, there could be all kinds of investigations underway, drug cartels, you name it. And now the adversary knows whose calls are being tapped. Right. So that very, very scary. Puts people at risk.

35:15

Yeah.

35:28

Okay.

35:28

Yeah.

35:29

And to the extent you can talk to us a little bit about how Cape can help mitigate some of this threat.

35:29

Let me give you a broad version, and I want to tell you a specific story. The broad version is the way we've come to talk about Guam was rather than trying to ferret through the existing carriers on Guam and, you know, find all the China and try and try to get rid of it and never quite know when you're done or know if you've succeeded. The basic idea was let's just do a clean install of a telco on top of the existing physical infrastructure.

35:35

Just assume it's hostile. Yeah. And then.

35:56

And rely on our architecture which allows for encrypted traversal of the physical of the towers into our software. Our mobile core.

35:57

Yep.

36:04

And we tested that and that now has formed the basis of work we're doing with Rakuten in Japan and elsewhere in the world. Because wars run on cellular networks just like everything else does. And so there's a lot that we can offer. The specific story that I think is interesting is related to lawful intercept when we were building our telco. Also we're live nationwide in the US right now. Consumers can self drive and onboard. One of the things you have to build is your story for responding to lawful intercept requests from law enforcement. You're required by something called CALEA to be responsive. Nobody builds that themselves because it's super administrative. The tech is actually quite easy. But there's a huge administrative burden to responding to a search warrant or a wiretap request. And so everyone, every telco in the US certainly and I think around the world turns to one of a small number of sort of cottage industry vendors who will do that for you. You say, I want to hire this company. They'll plug into my X1 interface and do my wiretaps for me. So we picked one of the top ones and put them on a pilot and we're getting them installed into our network and kicking the tires and whatever. And our SRE team, we may be the only telco in the world, was an SRE team by the way. But our SRE team was evaluating the connection and looking at it and they discovered in the dollar that the vendor sent out to us when they unpacked it, there was an unencrypted text file that had the usernames and passwords. Every single client of that.

36:05

Crazy.

37:23

Insane.

37:24

Yeah.

37:24

And this was literally three months before the salt typhoon news broke and we learned that China had compromised the X1 interface of all these major circles. And I don't. I have no specific knowledge.

37:25

That doesn't seem like it was that hard for them to do it doesn't seem that hard.

37:35

And when I said at the outset that the industry baseline is so low, that's what I'm talking about. Right. And so the SRE team just did what they're supposed to do. They notified them and said you shouldn't do this. And by the way, we're going to Use a different vendor for our CALEA compliance. But that's the state of play where we're operating.

37:38

Okay.

37:50

Justin, you're up on 27 years of working in the government, you know, in and out private sector as well. I think from where I sit, this is the greatest time to be building companies that support the national interest, working with the governments largely, and thanks to people like you, been more receptive to partnering. But are there any parting words or thoughts or asks that you have for

37:51

the private sector kind of across the board. I feel like at this point I get a decent amount of credit because I have an office that's made some things happen. There are so many people behind the scenes. And so it's a little bit. I'm from Pittsburgh, City of bridges. No one designs a city with 300 bridges, but it ends up helping. Right. And so here's the point. Be a bridge. And so you mentioned from one side to the other, we have so many hitters. I was reading John Boyd this weekend and so Ooda Loop creator and history fighter pilot. And at his eulogy they mentioned that he was a warrior engineer. We have warrior engineers around right now and we have the bi and trilingual people. We have lieutenants. We have a handful of The Marine Corps lieutenant colonel who started the innovation challenge, Steve McGee, he made things happen and he is again, an amplifier who is funneling things in. And so I would say for people who want to join and be pullers on side of that bridge, do it on folks who want to push things in and make a difference. I would just, number one, recognize that we're in a moment where we care more about results. We were focused on just kind of process and then some spray and pray. Now we're focused on results and we can measure those outcomes. So do that and bring us over matches and show how much difference you can make. And we're going to increase value, we're going to increase impact, and we're going to increase deterrence. And so just be a part of that. I don't have to tell people because this is the best support we've ever had. But the more folks who are kind of bringing connecting the dots, speaking the same language, I think the better off we all are from a national security and economic prosperity perspective.

38:12

Awesome. Well, Justin and John, I want to thank you both for being with us today. It was a great discussion and thank you both for what you're doing.

39:55

Thanks, dude. Appreciate it. Thanks, man.

40:03

Thanks for listening to this episode of the A16Z podcast. If you like this episode. Be sure to like, comment, subscribe, leave us a rating, or review and share it with your friends and family. For more episodes, go to YouTube, Apple Podcasts, and Spotify. Follow us on X16Z and subscribe to our substack@a16z.substack.com thanks again for listening and I'll see you in the next episode. As a reminder, the content here is for informational purposes only, should not be taken as legal, business, tax, or investment advice, or be used to evaluate any investment or security, and is not directed at any investors or potential investors in any A16Z fund. Please note that A16Z and its affiliates may also maintain investments in the companies discussed in this podcast. For more details, including a link to our investments, please see a16z.com disclosures.

40:08