Why Moonshots Fail
Tech and historical purists will tell you that the term moonshot is overused and misinterpreted. They might even tell you that there was really only one true moonshot that started in 1961 and any other initiatives that call themselves moonshots are just copycats. The truth is, what we call our centralized, transformational effort to mobilize and fix cybersecurity doesn’t matter. What does matter is that we are able to galvanize a movement and term moonshot is an appropriate way to capture the magnitude of the work ahead of us.
The truth is, The Cyber Conundrum is not the first call for a cybersecurity moonshot. Others have come before it. Others are working in parallel to it. Why have others calls for moonshots failed to gain momentum?
The Cyber Conundrum looks at how other transformational initiatives gain momentum. Many start slow, like America’s involvement in WWII or the fight against polio. It is best to look at these initiatives through the lens of how change starts.
In a previous blog, we looked at Harvard Business Review’s “The Biology of Corporate Survival” indicating there is tension between what is beneficial for individuals within the company and the market as a whole. Maintaining the status quo is often the default force that drives organizational behavior. Organizations, governments, societies don’t seek change, they seek stability and the status quo.
Following this principle, if we look at organizational change models acceptable change is often small and peripheral. In this way, change is only accepted if it is low risk and offers little chance of disruption.
What we are talking about with a cybersecurity moonshot - at least what is proposed in The Cyber Conundrum, is a radical, core transformation series of changes that may be viewed as high risk and highly disruptive to our organizations, society and our government. Making a case for such a transformation will be difficult because there is so much at stake.
The forces keeping the US out of WWII were powerful. Hundreds of thousands supported the America First movement championed by Charles Lindbergh. America First sought to maintain the status quo, looked for ways to actively prevent US mobilization and opposed direct support of our European allies. Facing the axis powers, who fielded the most powerful armies ever seen was a daunting challenge many felt was too risky to pursue. The Japanese attack on Pearl Harbor challenged our isolationist policies and catapulted us into the war after the cost of maintaining the status quo became too high.
We don’t need to experience a cyber Pearl Harbor before we take up the flag of radical, cybersecurity transformation. As we saw in Kennedy’s effort to get humans to the moon, all it takes is a critical need, enlightened leadership, a centralized effort and lots of hard work to get us off the ground. Getting to the moon was a national security priority - one that gained momentum and change the status quo when the US missile program fell behind the Soviets. Kennedy, fearful a Russian ICBM technological advantage would put the US and our allies in peril, used the space program to transform and catapult rocket technology years beyond the Soviets.
The truth is, years before Kennedy’s call to action, many had been working feverishly to improve US rocket technology and create a strategic, battlefield advantage. The defeat of Germany - where many German rocket scientists emigrated to the US and the start of the Cold War accelerated this effort.
It seems unfair to say that other, previous calls for a cybersecurity moonshot have failed. They were just a little before their time. It is clear for those of us who have studied cybersecurity challenges that radical transformation is necessary to address challenges in the technology ecosystem. All we need to gain momentum is strong, enlightened leaders to help drive the movement.