A few years ago I wrote some thoughts for Wired about why more people and organizations don’t take moonshots. I realized recently I was missing one: the inertia caused by widespread faith that “people out there” are already working on a particular problem and will eventually get a handle on it.
I think of it as the “yeah, yeah” problem. As in, “yeah, yeah, I know, Internet access is still a problem for billions of people, but existing technologies like cell towers and wifi are going to get us there eventually, right?” As in, “yeah, yeah, a lot of people have diabetes, there are things to manage it.” Or “yeah, yeah, car crashes are just a fact of modern life.”
Over the years X has found new ways to tackle these challenges with internet-beaming balloons, smart contact lenses, and self-driving cars because, for the world’s most intractable problems, improvements to existing solutions aren’t usually going to be enough. This is one of the reasons we set up X in the first place: to find radical new approaches that could unlock a 10X better way to do things.
Cybercrime is the latest problem that’s slipping into the “yeah, yeah” zone. Jaw-dropping security breaches have come to dominate the headlines on a regular basis (if you want a refresher, check out Wired’s list of biggest hacks of 2017). Organizations deploy dozens of security tools to protect themselves, and their security teams are highly skilled and extremely dedicated, but they can’t keep up with the growing number, sophistication and ambition of attacks.
Solving this problem isn’t simply a question of time and trusting that we’ll catch up eventually. We have to start fresh and look at the problem from new angles — and this is why we started a cybersecurity project at X in early 2016 which is now graduating to become Chronicle, an independent company within Alphabet.
This never-before-disclosed team at X is now part of Chronicle — Alphabet’s newest company.
The reality for most companies today when it comes to cybersecurity is reactive: find and clean up the damage. The real moonshot, which is still several years away, is predicting and deflecting cyber attacks before they infiltrate an organization’s network.
The digital world needs an “immune system.” Most organizations currently have to work like doctors treating a disease after the symptoms have shown up and the damage has been done. But hackers aren’t invisible; they leave tiny clues like a virus or bacteria in the bloodstream while they quietly harm the host. But all too often these clues and their perpetrators go undetected for months or even years. Your body solves this problem by adapting — by building antibodies to identify and reject things that shouldn’t be in your body even if it has never seen that particular bad thing in your body before. What if we could find a way to do the same kind of real-time adaptation to emerging cybersecurity threats to keep companies safe?
If we’re ever going to get there, we need to begin tackling this today. Chronicle is starting by trying to give organizations a much higher-resolution view of their security situation than they’ve ever had by combining machine learning, large amounts of computing power and large amounts of storage. The information that security teams need to identify and investigate attacks is right there in an organization’s existing security tools and IT systems, but it’s hidden in enormous volumes of data and therefore can’t easily be seen, understood, or used. Providing better capabilities for finding the patterns in that data might not sound like much, but shrinking the time between when an attack starts and when it’s discovered (from a few months to a few hours or days) could reduce a lot of damage — and teach us what other technologies and capabilities might help us turn the tide against a widening array of vulnerabilities and attackers.
Our job at X is to create new startups that can have a huge impact on some of the world’s most pressing problems, and we’re proud that Chronicle will be joining the self-driving car company Waymo and life sciences company Verily as the third Alphabet entity we’ve developed and graduated. We’ve always graduated teams when they were ready for a new environment that’s better suited their next stage of growth — whether to become an Other Bet, find a home at Google (like Brain), or set up outside of Alphabet (like Dandelion).
Now, Chronicle is ready to start developing its own direct relationships with enterprises who are interested in working with them to give “the good guys” a better chance against cybercriminals. And that means we can direct X’s resources into other X projects, like our work in robotics, free-space optics, and other adventures we look forward to telling you about in the coming months. Congratulations, Chronicle team!