Episode 65

Developing the Collective Defense with Ann Dunkin, CIO at the U.S. Department of Energy

Ann Dunkin, Chief Information Officer (CIO) at the U.S. Department of Energy (DOE), joins Carolyn and guest host Willie Hicks to discuss the National Cybersecurity Strategy and what it takes to secure a large agency like the DOE, as well as how agencies balance cybersecurity compliance and risk management. She also highlights the DOE's role in the Partnership for Transatlantic Energy and Climate Cooperation (P-TECCC) and the agency's relationship with its industry partners.

Key Topics

  • [01:47] - Affect of the National Cybersecurity Strategy on DOE Modernization Initiatives
  • [07:59] - Risk vs. Compliance
  • [14:17] - Protecting a Large Agency like DOE vs. Smaller Agencies
  • [16:49] - P-TECC Overview & DOE's Work with P-TECC
  • [23:14] - Implementing Lessons Learned from the Global Community
  • [26:11] - DOE Modernization Efforts & The Role of Public-Private Partnerships
  • [30:26] - Where Industry Can Improve
  • [36:03] - Tech Talk Question

Quotable Quotes

On the Collective Defense: "The principles of collective defense, which underlie the cybersecurity strategy are incredibly important. That concept that we can't individually be safe, we have to work together. Once upon a time, you'd say, oh, if my cybersecurity's better than the guy down the street, they'll go down the street and forget about me. And we just can't do that. We're too interconnected. There's too much work we do together. There's too many interconnections between our systems. We absolutely positively have to develop that collective defense. In addition, part of that collective defense is ensuring that the burden of defense falls to those most able to deliver on that." - Ann Dunkin

On balancing risk vs. compliance: "The reality is we can't do all the compliance. And so we absolutely have to look at risk to prioritize it. But I would argue that you should always look at your risk and balance that against your compliance exercises. Because number one, if you do all the compliance and then you start risk mitigation, you may be missing something big. But number two, because you probably don't have enough money to do all the compliance anyway." - Ann Dunkin

On workforce development: "I firmly believe that we need pathways to move people in between the private and public sectors. And we need to make it easier for people to cycle between those places over the course of their career to leave government, to come back to government and to learn from each other. And also for the government through DOE and through other places to help build a workforce within the government that looks like America. And then to help the rest of America grow their workforce capabilities." - Ann Dunkin

About Our Guest

Ann Dunkin serves as the Chief Information Officer at the U.S. Department of Energy, where she manages the Department’s information technology (IT) portfolio and modernization; oversees the Department’s cybersecurity efforts; leads technology innovation and digital transformation; and enables collaboration across the Department. Ms. Dunkin is a published author, most recently of the book Industrial Digital Transformation.

Episode Links

Transcript

Carolyn Ford:

Welcome to Tech Transforms, sponsored by Dynatrace. I'm Carolyn Ford. Each week, Mark Senell and I talk with top influencers to explore how the US government is harnessing the power of technology to solve complex challenges and improve our lives. Hi, thanks for joining us on Tech Transforms. I'm Carolyn Ford here with Willie Hicks. Hi Willie.

Willie Hicks:

Good afternoon.

Carolyn Ford:

So today we get to welcome a guest that I have been trying to get for two years. So Ms. Ann Dunkin, she's chief information officer at the United States Department of Energy. In her role at DOE, Ms. Dunkin manages the information technology portfolio and modernization. She oversees cybersecurity efforts, leads technology innovation and digital transformation, and enables collaboration across the department. I'm a fan because I've seen Ann present at multiple conferences and I always, not that the presentations are boring, but sometimes they're boring, but I always find Ann very engaging, very smart. So we're really excited to hear Ms. Dunkin's insights on the recently released National Cybersecurity Strategy. This topic, this next topic, I'm the most excited about, the eco-friendly technology in the government space and innovation initiatives coming out of DOE. So welcome to Tech Transforms, Ann.

Ann Dunkin:

Thank you, Carolyn, it's great to be here.

Carolyn Ford:

And I guess, may I call you Ann, do you prefer?

Ann Dunkin:

Yes, please do. Please.

Carolyn Ford:

Okay. Okay. Well, all right, let's just get it going with the first question regarding the recent National Cybersecurity Strategy. So how does this strategy affect efforts in your department in terms of modernization?

Ann Dunkin:

So there's a couple things that we're doing that tie National Cyber Strategy. I'll start by saying that my team had a lot of engagement developing the national cyber strategy, there's a member of my team who wrote either two or three of the fundamental papers that underlie the National Cyber Strategy. So DOE fingerprints are very much on that strategy and we're very aligned with the Office of National Cyber Director and acting director, Walton, Walden, excuse me, to really move forward, move out on the National Cyber Strategy. And we're looking forward to working with them on implementation. We are developing our own internal strategy, updating our cybersecurity strategy and aligning that with the National Cyber Strategy.

So there are a couple things. So first of all, one of the initiatives within the National Cyber Strategy Implementation Plan is securing the clean energy future. And that includes using secure by design principles and ensuring that the government's digital ecosystem can deliver on the United States governments clean, excuse me, clean energy future decarbonization efforts. So that means that continued research and development capabilities at DOE. So I have a national lab that's responsible for our secure by design program and helping people understand how to do secure hardware by design. We're getting better at doing secure software by design, but they're really focusing on hardware, software systems together. How do you make hardware and software both secure by design?

In addition, the principles of collective defense, which underlie the cybersecurity strategy are incredibly important. That concept that we can't individually be safe, we have to work together. Once upon a time, you'd say, oh, if my cybersecurity's better than the guy down the street, they'll go down the street and forget about me. And we just can't do that. We're too interconnected. There's too much work we do together. There's too many interconnections between our systems. We absolutely positively have to develop that collective defense. In addition, part of that collective defense is ensuring that the burden of defense falls to those most able to deliver on that. And what I mean is government, large corporations should be trying to figure out how to defend us. We shouldn't be expecting small companies, nonprofits, and individuals to carry the kind of burden we do now. Expecting an individual, whether it's a 15-year-old or an 80-year-old great-grandmother, to be able to understand how to secure their home network, how to secure their devices.

That's just an unreasonable expectation. And so DOE is part of that solution, not only in terms of us protecting our infrastructure in DOE, us protecting the national critical infrastructure, but also the fact that DOE is part of US government's new labeling system for the energy sector to provide labels to help understand whether devices follow cybersecurity principles. Now I think that's going to be an interesting program to roll out because people have to understand what that means. You can't take something and say, oh, it's got a secure label, and that means I don't have to worry about it at all. I don't have to do anything. So we're going to have an educational effort, but we are working with the White House and others to roll out that capability.

So we are going to continue our efforts to modernize our defenses as an enterprise, which is part of that, ensuring that we have all the best capabilities, the zero trust, multifactor authentication, encryption, all those things, as well as continuing to work with our international partners on that collective defense. So it's not just the energy sector, which my colleagues in CSAR work with or our internal energy sector, which my team supports, but also those international partners because that collective defense not only includes our own internal to the US but also partners around the world who are going to work together to make this world safer. So those are the ways in which we think about the National Cyber Strategy and how it's going to impact DOE going forward.

Willie Hicks:

Actually, I had a quick question, Ann, if I could just jump in. And it's fascinating because this topic of kind of secure by design and the labeling strategy that you just mentioned, and you may or may not be able to answer this question, but I'm curious, do you think from an administration standpoint that we're going to see this as kind of a voluntary type of, or almost of a mandatory, we're going to have to start labeling that? Or if you can't answer that, that's fine as well. Just curious.

Ann Dunkin:

Yeah, I don't know what, I can't get in the heads of the White House, so I don't know what their intent is.

Willie Hicks:

Yeah.

Ann Dunkin:

But well, I don't know what the implementation is. The intent,

Willie Hicks:

Yes.

Ann Dunkin:

Is help Americans be more secure, and how we do that remains to be seen. That program's, its very early days.

Willie Hicks:

Yeah.

Carolyn Ford:

But I love that what I heard you say is it's your mission as a leader, as a government agency to provide that guidance to our citizens. And there were a lot of things that you said that I was like, I love the idea of the collective defense. You touched on, I think you touched on something that you mentioned the first time I heard you say something about compliance a couple of years ago,

Ann Dunkin:

Oh yeah,

Carolyn Ford:

At CyberTech. You said that organizations maybe too focused on compliance, let's just check that box and making them unwilling to take necessary risks. So has the new NCS affected this tendency? Has it made it better, worse?

Ann Dunkin:

Yeah, so I'll give you, let me give you a little background on the issue of compliance versus risk management. So when I was first in the federal government during the Obama administration, we were very, very compliance focused. We get this list of things from the White House, from Congress, from whomever was sending then. I can't remember if CISA even existed at that point yet. But whoever is telling you what to do, you get this list. Right. And you got to check the boxes and do these things. And I was seeing very much a compliance mindset. I'm going to go check all the boxes and then I'm done. And as I started, towards the end of the time I was in the administration, people really started to understand that compliance does not equal risk mitigation. So it could, but more than likely your risks don't nicely fit in that box of compliance.

So it's important to start looking at what's risk mitigation look like. And I was starting to see that. And while I was gone, there became a much bigger sort of shift towards risk mitigation versus compliance. And then right when I arrived, they had just had the SolarWinds incident when I came back and I was concerned that we were going to see the shift back to compliance because now, and even then arguably, but even more so now, there are more things on the compliance checklist than people can do. I don't have enough time, money or resources to do all the things in the compliance checklist. So if all I do is look at compliance than I'm never even going to think about my risk because I'm just checking those boxes. So people need to look first at how to mitigate risk and then figure out how to prioritize compliance within that framework.

So it doesn't mean I'm not going to do any of those compliance things, but I may have things that I need to do to mitigate risk that don't check any of those compliance boxes, and I need to do those first before I complete that compliance exercise because that's really going to be where it mitigates my risk. Now to be clear, most of those things for compliance are designed to mitigate risk, but it's not a one size fits all. And that's where we get into trouble with people just looking at compliance. So that's where that big picture around that, and I think it's a challenge, but I have to say I'm pleased that at least in the parts of the government I'm involved in, we haven't seen people sort of go back guardrail to guardrail and go, oh, we're going to do only compliance now. So people are still thinking about risk and risk mitigation even when they're trying to fit in a lot of compliance that has to be done.

Carolyn Ford:

Well, with compliance, I feel like this is a little bit of a thick question from me, but I'm just thinking about like don't the agencies, aren't they mandated to meet compliance? So I mean they have to go down the list and check the box. So don't they have to do that first before they think about mitigating risk? I hear what you're saying and can they?

Ann Dunkin:

Well, I suppose in theory. If you could do all the compliance activities and you had the time and money and resources, to do all of them, you might say, well, I'll do those before I do risk mitigation, but I don't have the time, money, and resources to do everything on the list of compliance. Some of the compliance items are literally technically not possible when you look at my OT and my research portfolio; literally some things I just can't do, it's technically not feasible. There are also things where you go, okay, this instrument cost millions of dollars, sometimes billions of dollars. I am not going to throw that away and start again because I've got a compliance requirement. So what I'm going to do is risk mitigation and I'm going to put compensating controls in place that meet the objectives of that compliance exercise with, but it may not meet that compliance exercise on the face of it. Right.

So if you look at our scores on FSMA when they come out, they're not great and I don't like that. But I also recognize that they're not a true reflection of our security posture because in all the places or virtually all the places where we're not in compliance, we have compensating controls in place. I mean, I'm lucky because DOE is full of lots of really smart engineers and scientists who understand security risk and are going to take action to deal with those regardless of whether someone tells them, here's a compliance exercise, but they will also tell me, well, I'm not going to do that the way they told me to because I can't afford to or it impacts my mission, but I did these other things that are going to compensate for that. And we all agree that yes, those were the right compensating controls and we feel good about where we are. And that's fine.

It's unlike, say I'll pick on HHS, which is not full of scientists and engineers, I have no direct knowledge of their security posture, but I would tell you that it's got to be harder to have a conversation with their workforce about security than is with mine. So we're kind of lucky from that standpoint, but the reality is we can't do all the compliance. And so we absolutely have to look at risk to prioritize it. But I would argue that you should always look at your risk and balance that against your compliance exercises. Because number one, if you do all the compliance and then you start risk mitigation, you may be missing something big. But number two, because you probably don't have enough money to do all the compliance anyway.

Carolyn Ford:

So you're doing the right thing rather than just checking the boxes.

Ann Dunkin:

Yes. Exactly. And I want to be clear. The boxes are important. They're there for a reason.

Carolyn Ford:

They're a place to start.

Ann Dunkin:

Yes. They add value, right, but they can't always be implemented as designed.

Willie Hicks:

And just to dovetail on that a little bit, and I'm no expert here, but I talk to a lot of agencies and you run a very large, energy is a huge agency, a lot of budget, a lot of labs and so forth just as HHS. But then you look at some of the smaller agencies. I wonder, like you start looking at some of the smaller agencies, the independent agencies that have much, much less budget, much less resources, and people just like you were saying, how do they even approach that, this problem?

Ann Dunkin:

And some of them it's actually easier.

Willie Hicks:

Okay.

Ann Dunkin:

Because some of them may not be well resourced, but they just have enterprise IT. And so securing enterprise IT is not necessarily easier, but there's known solutions, right? So my solution for Office 365 is I'm going to hire Microsoft and they're going to do some things and then we'll do some other things and we know how to do that. The challenge of how do you secure a nuclear power plant? How do you secure a substation? How do you secure the NIF? (Which is where we did a fusion reaction that created more energy than it used, right?) We've got supercomputer user facilities all around the world, all around DOE, excuse me. They're used by people all around the world. So the complexity is higher, the resource level is higher, but the complexity is probably incrementally higher than the resources provided, if that makes sense.

Now, some of those small departments and agencies, absolutely. They are so under-resourced, whether it's overall or just in IT that they have the same problem we have, they can't get there because they don't have resources. But in some cases, if you look at scores or you have conversations with folks who are running small-to-medium organizations that primarily have enterprise IT, they're able to check a lot of the compliance boxes more easily because those compliance boxes are designed around their business. Their compliance boxes are not designed around NASA's mission in space or around my mission to generate a fusion reaction or to build the world's fastest supercomputer or to shoot light beams around a building to do basic science. So that's where it gets complicated.

Willie Hicks:

Makes total sense. All right. So just maybe shifting gears a little bit, and I know that Carolyn was really excited about this topic earlier, but I am also very interested in the whole concept around the partnership for what is the transatlantic energy and climate cooperation. I want to make sure I get that right. So that's the P-TECC. So that,

Carolyn Ford:

Do you say that as a word like we do with our acronyms?

Ann Dunkin:

Yeah, P-TECC.

Willie Hicks:

[inaudible:

Carolyn Ford:

P-TECC. Okay.

Willie Hicks:

P-TECC. Okay. All right, P-TECC, got it. Thank you. I've learned something new. So I'm just curious, kind of going back to what we were saying earlier. So this is a DOE focused kind of area and you're supplying it sounds like resources, tools for to kind of build these secure, resilient, climate conscious is the key here, energy system. So can you maybe just tell me, because I'm learning here and also the audience a little bit more about the mission of your office here and maybe a little bit around the P-TECC as I've learned here, partners, maybe some success stories, key initiatives.

Ann Dunkin:

Yeah, so let me tell you who a little bit who P-TECC is. My office's involvement is relatively new with P-TECC, but DOE through our international affairs office coordinates P-TECC and I think you got it right. It's the Partner for Transatlantic Energy and Climate Cooperation. And half the time, I can't remember what it is, so I get it and it's an international group of policymakers and civil society stakeholders within Eastern and Central Europe. It is, you look at it sort of primarily former eastern block countries, but it's not entirely former eastern block countries by any stretch of the imagination. But it's 24 countries plus the EU. And the goal is to support European-based energy security. So that is energy security in the big sense of having sufficient energy and having homegrown energy as opposed to just cybersecurity. But cybersecurity plays into that.

And so they interface with the EU's energy union framework and also what's called the 3Cs initiative. And please don't ask me more questions about the 3Cs initiative because I can't answer them. And the countries in P-TECC, I will not read you 24 countries, but it's like everything from Albania to Ukraine and places like that you've probably been like Germany and places you probably haven't been like North Macedonia. So it's a big mix. And there's a place where there's technical collab, there's a lot of technical collaboration which includes improving energy efficiency and clean energy deployment, especially renewable energy. But that includes nuclear energy and it also includes carbon management. So how do we reduce carbon emissions, how do we capture carbon, things like that. It includes energy cyber best practices. It includes promoting capital investment in energy infrastructure, includes climate impacts, so predicting climate impacts, risk mapping, and also adaptation planning because we know that unfortunately we're going to have to do some adaptation. And then we also do analysis and vulnerability assessments for electricity and national gas. So that's sort of the background.

So here's some things P-TECC does, some of which my office has been involved in. With the unwarranted Russian invasion of Ukraine, there were a number of things that happened, one of which was P-TECC worked together to create a energy plan for the winter for Moldova, I can't even pronounce country names, Moldova because like many countries in Europe, they relied upon the Russians for gas. And so as you recall, last winter, I guess it was technically the winter before last now, was a little dicey at times and last winter as well. Thankfully it was a mild winter because there was a lot of concern about the loss of natural gas from Russia and oil from Russia through the winter. And so Moldova was one of the places they worked directly with on that.

They've also done cybersecurity workshops in Croatia, Estonia, Latvia, Lithuania, and Poland. We are now working with the Poles. My office is working with the Poles and Lithuanians to put together some exercises that we can do a red team, a blue team exercise with them, and then we're going to do a train the trainer and then that will be their exercise that they will use to train others in the region. So where it's a capacity building exercise where not only do we teach them, but we all, and they're actually pretty good in terms of cybersecurity, they're really good partners, but we give them some more skills and then we give them the skills to share those with others in the region.

o get that delivered by early:

Carolyn Ford:

Do any of those efforts translate or do we implement any of that here in the US or is it really just helping those European countries with the sustainability and the cybersecurity?

Ann Dunkin:

Well, much of what we do with our European partners is modeled on work we're doing here in the US, so there's grid resilience, there's a lot of work in DOE labs around grid resilience. They do a lot of modeling. And so we can then take those models, whether it's a list of cybersecurity controls you should put in place or new technology to help you manage grid failures. Those things come from our research at DOE. They get implemented in the US then they get implemented in Europe sometimes, maybe not in that order, but they certainly do. One of the fascinating things for me is not a P-TECC country, it's Portugal. Portugal's grid is 60% renewables. I was at one of our labs and I was talking about their model and they said, I said, well, what point does your model say the grid starts to have problems? And they said 28%.

So they're less than 28% renewables in our grid, well under 28%. They're modeling the grid and saying, at 28% we have challenges and we need to think about how we can manage renewables better. This is about, well, how do I handle that transition from daylight to darkness? How do I store energy? Things like that that we're trying to figure out. Well, Portuguese are already at 60%, so here's an opportunity for us to learn from Portugal about how they got their grid to 60% renewables and it's stable and they're going 80%.

Carolyn Ford:

We say we struggle. Or Portugal says they struggled with the renewable energy at 28%, which is,

Ann Dunkin:

No, our lab is modeling,

Carolyn Ford:

We do. Okay. Okay.

Ann Dunkin:

Our grid, our lab is modeling our grid and saying at 28% our model starts to run into trouble.

Carolyn Ford:

Yeah.

Ann Dunkin:

Meanwhile, they're at 60 already. So there is something to learn from our partners in Europe, at least in Portugal about how they're managing their grid at 60% renewables already.

Carolyn Ford:

Right.

Ann Dunkin:

So this is not a one way, US has all the answers and we tell our international partners how to do things. This is very much a two-way street of learning from each other. How can you manage a grid at such a high level of renewables? How can we learn from that and how can we help you with some of your other problems? So there's a reason it's a partnership and not a push. Right. And like I said, Portugal's not a P-TECC country, but it's a great example. And there are other examples in P-TECC countries of how they have been able to harness different types of resources that we have not.

Carolyn Ford:

Yeah. And a great example. I mean we really are a global community. It's not just their problem, our problem, it's our problem. So as you work on your modernization efforts, you've already touched on DOE works on not normal stuff.

Ann Dunkin:

Yes. Yes.

Carolyn Ford:

How important is public-private partnerships for DOE?

Ann Dunkin:

Yeah. Well it's interesting because DOE is by definition a public-private partnership. Right. Our labs, our private sector labs, they're primarily not for profit. I mean, Battelle runs, I think it's eight labs that Brian keeps telling me and I keep forgetting how many it is, but I think it's eight. They're a nonprofit. Universities run several more, but it is in fact a private sector partnership with DOE that is part of DOE, as are many of our contractors who run our labs, plants and sites. But here, there are a few things that are hugely important in public-private partnerships we'll talk about, one of which is workforce development. So I firmly believe that we need pathways to move people in between the private and public sectors. And we need to make it easier for people to cycle between those places over the course of their career to leave government, to come back to government and to learn from each other. And also for the government through DOE and through other places to help build a workforce within the government looks like America. And then to help the rest of America grow their workforce capabilities.

We've got a variety of programs in DOE, including our Omni Internship Alliance, which my office funds with the Office of Science and NSA, which is designed to bring students in for three summers and let them see different parts of the federal government ultimately with the goal of them choosing to work for the government or for a private lab that serves the government when they graduate. Another huge area of public-private partnership for us is knowledge sharing. And a lot of that obviously is in cybersecurity, but I just talked about another example which is, Hey, how are you getting your grid up to 60% renewables? We need to learn from you. So it's that knowledge sharing with international partners, with the US interagency and with the private sector. The labs do a tremendous amount of work that is given to the public and whether that's individuals or corporations that people can pick up and use to improve their cybersecurity resiliency, their sustainability, whatever that may be.

And so that sharing among the labs, plants, and sites and with the public is incredibly important. And then our collaboration on research and development between DOE, between the public sector, excuse me, between the private sector within our own organization and then other private sector companies. DOE doesn't just do work for DOE or even just for the government. I just had lunch with a colleague who said, oh, our company is doing a few hundred million dollars worth of research with DOE. I'm like, oh, a few hundred million. Yeah, that's nothing.

So we have university research, we have private sector research, we do research for other governments, companies outside the US. All that collaboration is growing our capabilities across a vast array of things including cybersecurity and advanced wireless. And then I think the other thing I would just say is that from a partnership standpoint, DOE is trying to be as transparent and visible in our community as possible. We want to make sure that people do understand what DOE does because I don't think most people do, and that we're able to share that knowledge and capability throughout the US so. But yeah, I mean DOE is basically built on public-private partnership. That's what we do.

Willie Hicks:

So Ann, just a quick question. I think we've talked in the past, I may have even brought this up, but from an industry perspective, I am 100% in agreement, in agreement with you on the importance of public-private partnerships. And I'm curious though, and we talked a lot about, you've talked about cyber and all these places where we can, and AI I know is another big one where we're seeing a lot more partnership. But from your perspective, from a government perspective, where do you see some places we can improve also? Just talking to me as industry, talking to me as a representative of a sector here, what advice can you give me that I can take back?

Ann Dunkin:

Well, unfortunately, I think there is still this attitude that is prevalent among a lot of people, not everybody, that the private sector has all the answers and government doesn't know anything. And I think the reality is that you have answers and we have answers and we need to work together to solve problems. And so that's the biggest message that I would put out there is that we've got to work together to solve problems and that neither one of us has all the answers. And so the more that we can share that information with people. Nothing gets me more hot under the collar than someone making some snide remark when something's not going well about, oh, there's the government at work. Our government does amazing things. Is it perfect? No. Do we have a lot of stuff we could do better? Yes. But we do amazing things for the public and our public servants work under incredibly ridiculous conditions sometimes. Right. It's just the thing, the burdens we put on people, how hard we make it to get something done.

I had someone work for me at Santa Clara County who was like, oh, I can't, I'm not good enough for the private sector. I'm like, are you kidding me? She goes to private sector, gets a job and she's just knocking it out of the park because she's like, this is easy. I mean, I just said, I'm putting a purchase order and I got this thing and I could go do it. I'm like, yeah, yeah. The private sector is not a cakewalk, we all know that. But some of the barriers you have in the private sector or excuse me, the public sector just melt away. Right. You got different challenges and different problems, but some of those barriers to getting stuff done aren't there. And you see people just, "Why?" And so I made a short story really long, but my point is to answer your question is we've both got things we bring to the party and we need to work together to demonstrate that. And I think on both sides, we can be equally critical of the other and lose track of the fact that both sides bring value.

Willie Hicks:

So thank you. Thank you so much for that candid answer because from my perspective, and I've been doing this for a little while, I won't tell you how long, but I've been doing it for a little while. And I have always looked at it as just about the perspective that we approach problems from because from an industry standpoint, we're motivated by revenue. We have shareholders we're beholden to and so forth. Where I always try to explain because I think to your point, I hear these things a lot of times too and how kind of people talk about the government and so forth. I'm like, you realize that that is where a lot of this starts. A lot of the pure research, because it is not often in industry's best interest to spend a lot of money, a lot of resources on pure research for the sake of research.

Ann Dunkin:

Right.

Willie Hicks:

The things that you're doing at Energy, the things like, I'm so fascinated with the National Ignition Facilities and things like that. Why are you doing that? It is for the future. You're looking at investment 20, 30 years down the road. Industry is not going to invest that kind of money for something that might not bear fruit for 40 years.

Ann Dunkin:

That is correct. Yeah, exactly. But the reason industry goes fast is what you just said. They got to make money at the end of the day.

Willie Hicks:

Yeah, exactly.

Ann Dunkin:

So that drives to a solution, that drives to solving a problem. And that's good too. Right. So you need the people who have that really long game and you need the people who are looking for tomorrow. When I worked at HP, we had HP Labs. Right. They did whatever the heck they wanted to, basic research, applied research, occasionally a product would pop out of there, but we had the luxury of basically operating kind of like a national lab. Not a lot of countries, companies, excuse me, have that luxury anymore. And so you need DOE, you need NASA, you need NIH, all these things in the government if you want to advance science. And if you want to compete, keep us globally competitive, that's where it's coming from so.

Willie Hicks:

And that's why we've got to work together. That's really what comes down to it.

Carolyn Ford:

Well, and it's so interesting, Ann to hear you say that DOE is an industry government partnership. That's the model.

Ann Dunkin:

Right.

Carolyn Ford:

And it's not us and them, which often, like you just said that, and I'm like, yeah, we do. We say that a lot. We think of it a lot as the government is them, and then here we are as us, and your model at DOE is we're a global community.

Ann Dunkin:

Right.

Carolyn Ford:

We're all in this together so.

Ann Dunkin:

Very much so. Yes.

Carolyn Ford:

Well, time has beaten us. So as usual, I would like to ask you just one quick fun question. What's the last thing that you listened to, read or watched just for fun? I mean, do you even have time to do that?

Ann Dunkin:

Well, yeah. So I do because there's a couple things. One is I listen to podcasts whenever, people come to my office, they're like your on the phone, I'm like, no, I just got a podcast going in the background. I know well enough to know I'm not truly multitasking, so I don't catch it all. But if I'm in the car or whatever, I hear the whole thing. And then when I'm working out, I watch TV. So I am in the middle of watching the Hungarian Grand Prix. I'm on lap 40 something out of 70. So tonight I'll get to see who won. Unfortunately, I think I probably know, but that's another story. Darn Max for stopping...anyway. But well, I like competition and he's sort of been winning all the races this year. I like it to be a little more mixed up.

And then I was just listening to actually a good friend of mine on a podcast. He's the director of the National Postal Museum. I just finished listening to the episode earlier today where Elliot was talking about a museum on a podcast. And so I was just listening to that and I just sent a note to Elliot saying, what a great job I thought you did on the podcast. So yeah, every minute it sort of drives people crazy, because every minute I'm trying to do something because there's not enough hours in the day. People are like, so do you actually sit and do nothing? I'm like, no, I never do. There's too much to do.

Carolyn Ford:

Yeah, that's what I assumed. But Hungarian Grand Prix?

Ann Dunkin:

Yeah. Yes. Formula One. Formula One, yes.

Carolyn Ford:

All right, Formula One. All right. Well thank you so much for taking time to talk to us. Thank you to our audience for tuning in. Smash that like button, share this episode and we'll talk to you next time on Tech Transforms. Thanks so much, Ann.

Ann Dunkin:

Thank you.

Carolyn Ford:

Thanks for joining Tech Transforms sponsored by Dynatrace. For more Tech Transforms, follow us on LinkedIn, Twitter and Instagram.

About the Podcast

Show artwork for Tech Transforms
Tech Transforms
Tech Transforms talks to some of the most prominent influencers shaping government technology.

About your hosts

Profile picture for Carolyn Ford

Carolyn Ford

Carolyn Ford is a passionate leader, doer, adventurer, guided by her father's philosophy: "leave everything and everyone better than you found them."
She brings over two decades of marketing experience to the intersection of technology, innovation, humanity, and the public good.
Profile picture for Carolyn Ford

Carolyn Ford

Carolyn Ford is passionate about connecting with people to learn how the power of technology is impacting their lives and how they are using technology to shape the world. She has worked in high tech and federal-focused cybersecurity for more than 15 years. Prior to co-hosting Tech Transforms, Carolyn launched and hosted the award-winning podcast "To The Point Cybersecurity".