Security, Resilience, and the Future of Mobile Infrastructure

What It Covers

Navy CTO Justin Finelli and Cape CEO John Doyle discuss how China's Salt Typhoon operation fully compromised every major US cellular carrier, how Cape built a secure mobile network that operates on top of hostile physical infrastructure, and how the Navy is accelerating commercial technology adoption through structured pilots and defined success metrics.

Key Questions Answered

• •Clean-install security architecture: Rather than auditing compromised telecom infrastructure for embedded threats — a process with no clear endpoint — Cape's approach assumes all physical infrastructure is hostile and builds encrypted traversal on top of it. This "clean install" model was validated on Guam before Salt Typhoon became public, and now underpins military exercises in Japan with Rakuten.
• •Lawful intercept vulnerability: Every US telecom outsources wiretap compliance (required under CALEA) to a small number of third-party vendors. Cape's SRE team discovered one top vendor shipped an installer containing an unencrypted text file with usernames and passwords for every client — exposing the exact attack vector China exploited in Salt Typhoon three months later.
• •World Class Alignment Metrics (WAMs): Before executing any government pilot, Cape and the Navy iterated extensively on specific, measurable success criteria. This upfront alignment — not contract size or timeline — was the mechanism that allowed the Guam pilot to finish ahead of schedule, under budget, and produce an unclassified, shareable 50-page third-party technical evaluation usable across services and with investors.
• •Wildcat pilot scaling: The Navy's CTO office shifted from two pilots per year to a target of 25 by forcing program managers and contracting officers through a boot camp on commercial acquisition. The key lever was running side-by-side comparisons (A/B pilots) so that when a crisis like Salt Typhoon emerged, validated technology was already staged and ready to scale rather than starting from zero.
• •Defense startup entry strategy: Founders without a specific idea should physically go where military personnel work — ships in San Diego or Norfolk, hackathons, structured challenges now codified in the Defense Authorization Act — and rank problems by pain severity. The Navy prioritizes solutions that replace five legacy systems with one, actively seeking vendors who will decommission old systems as a condition of adoption.