The Drone War’s Real Problem – The Cipher Brief

OPINION — When Steve Blank and I sat down over coffee a decade ago and realized that the customer discovery process in Lean was identical to what I’d been doing with the Rapid Equipping Force in Afghanistan, neither of us imagined we’d still be making the same argument in 2026. But here we are.

The Department of War has just executed the most ambitious acquisition reform in 60 years. Portfolio Acquisition Executives have replaced PEOs. JCIDS is dead. The Warfighting Acquisition System rewards speed to delivery. These are real reforms, and they implement nearly every recommendation the defense innovation community has made for the last decade.

And they are about to repeat the most expensive mistake of the post-9/11 wars.

Here’s why.

The Counter-Drone Fight Is Not a Technology Problem

Everyone in Washington is talking about the counter-UAS challenge as though it’s an engineering puzzle. Build a better jammer. Field a cheaper interceptor. Develop AI-enabled target recognition. The technology shelf is full: directed-energy weapons at $12 per shot, drone-on-drone interceptors with over 1,000 kills in Ukraine at $14,500 each, electronic warfare systems that can defeat commercial flight controllers.

The technology works. The process for getting it to the warfighter does not.

A new drone variant appears on the battlefield every week — built from commercial parts, open-source flight software, and components available on Amazon and Alibaba. A firmware update that defeats your jammer costs nothing and takes hours. Your counter to that update, through even the reformed acquisition system, takes months.

This is not a technology gap. This is a cycle-time gap.

And I’ve seen this exact gap before.

I Had This Problem. It Was Called the IED.

From 2010 to 2013, I led the Army’s Rapid Equipping Force during the height of the counter-IED campaign in Afghanistan. The structural parallels between that fight and the current counter-drone fight are not approximate. They are exact.

Both threats share five characteristics that make them resistant to conventional acquisition:

Cheap, dual-use components. IED parts were globally available commercial products. Drone components are identical — flight controllers, autopilot software, motors, all commercially sourced. A Shahed-pattern drone costs ~$20,000. An FPV kamikaze costs a few hundred dollars. We engage them with $400,000 Stingers.

Knowledge that proliferates faster than countermeasures. IED construction techniques spread through informal networks faster than JIEDDO could field counters. Drone designs spread even faster — through open-source repositories, commercial supply chains, and state-sponsored proliferation from Iran to the Houthis, Hezbollah, and Russia.

Modular adaptation at near-zero cost. Every time we fielded a jammer, the adversary swapped trigger mechanisms within weeks. Drones are modular the same way. New radio, new software, new flight profile — all outside any formal process. The adversary’s development cycle runs in days. Ours runs in years.

Tactical variation that defeats one-size-fits-all solutions. At the REF, we learned that the pressure-plate IED in Helmand Province was a fundamentally different problem from the explosively formed penetrator in Baghdad. Different triggers, different emplacement, different defeat mechanisms. The C-UAS threat has identical variation. A Houthi one-way attack drone flying 1,500 km is nothing like an FPV kamikaze at the platoon level, which is nothing like a Chinese autonomous swarm. Washington wants a consolidated solution. We made the same mistake with IEDs.

5. The institutional reflex to throw technology at a systems problem. We spent over $75 billion on counter-IED. We stood up JIEDDO. We lost that fight anyway. As War on the Rocks concluded last November: drones are “IEDs that fly now.” The failed counter-IED framework should not be replicated. But that is precisely what is happening.

The Real Problem: Nobody Owns the Front End or the Back End

Steve and I have spent the last decade teaching the same lesson: the quality of your solution is determined by the quality of the problem you choose to solve. Or as Einstein reportedly said, if given one hour to save the world, spend fifty-five minutes understanding the problem and five minutes on the solution.

The Pentagon’s C-UAS response addresses the last 5 minutes of the equation, not the first 55.

The Department has invested heavily in the develop and deploy phases. JIATF-401 was stood up last August to proliferate counter-drone capabilities. The Army runs biennial industry competitions. DIU scouts commercial technology. The PAE reform consolidates requirements, contracting, testing, and sustainment under a single portfolio leader. These are the middle phases of the innovation cycle, and they are getting real investment and real attention.

But nobody is doing the other four things:

Detect — Nobody is persistently monitoring how the drone threat evolves at the tactical edge. There are no forward-deployed problem discovery teams embedded with operational units, scanning for how the adversary adapted since last week. The REF & AWG had these teams. They no longer exist.

Define — Nobody is scoping the specific problem each unit faces with enough precision to drive useful solutions. A PAE leader at headquarters, no matter how empowered by the new reforms, cannot see the distinctions that matter without ground truth from the fight. Requirements still originate from within the institutional system — headquarters staffs, Service-level assessments — not from soldiers and Marines observing the problem in context.

Missing also is a Fusion Cell that collects the inputs from the operational force, industry and the labs and executes the discovery required to confirm we are working on actual problems (not symptoms) and the required speed to solve them.

Assess — Nobody is systematically measuring whether fielded C-UAS systems actually work against an adversary who adapts after every engagement. We field systems and declare victory. Without assessment, there is no feedback loop. Without a feedback loop that anticipates adaptation, you cannot out-cycle the adversary.

Distribute — Nobody is ensuring that what one unit learns reaches every other unit facing the same threat at operational speed much less delivers that same assessment to industry. The Asymmetric Warfare Group used to do this with forward deployed embeds, rolling assessments back into TRADOC schoolhouses. That function was absorbed by the Center for Army Lessons Learned, which operates at institutional tempo — months — not operational tempo.

Three of six phases of the innovation targeting cycle have no organizational owner. The reforms built a faster engine. Nobody built the steering.

The PAE Reforms Are Necessary but Insufficient

Let me be clear: the PAE restructuring is genuine progress. Consolidating authority under a single portfolio leader eliminates the handoff delays between requirements writers, program managers, and testers that killed tempo under the old PEO structure. The new Capability Trade Councils can make real-time tradeoffs. Killing JCIDS removes the most ossified layer. These are serious reforms.

But they widen the scope of who writes requirements without changing where the inputs come from.

At the REF, we didn’t just have streamlined requirements authority — though we had that. I could validate a requirement and commit funds on the spot. The REF’s real advantage was something else entirely: forward-deployed teams generating requirements from direct observation of the fight. Any soldier, from private to four-star, could submit a problem via a one-page 10-Liner. We aimed for 90-day solutions and sometimes delivered in 72 hours. We transitioned 170 programs into production and leveraged $150 million into ten times that through partnerships. Our Expeditionary Lab at Bagram fabricated prototypes in days.

That wasn’t just fast acquisition. That was problem curation at operational speed — sourcing problems from the field, validating them through direct observation, and converting them into actionable problem statements before committing resources to solutions.

The Army disbanded the REF and the Asymmetric Warfare Group in 2021. It has not replaced either. We eliminated our most effective problem-detection and solution-distribution capabilities just as the drone threat was accelerating.

What Needs to Happen: The Innovation Targeting Cycle

The solution is not recreating the REF or AWG. It is ensuring that all six phases of the innovation cycle have organizational owners, dedicated resources, and a shared operational tempo.

I call this the Innovation Targeting Cycle[1] [2] [3] , modeled on the F3EAD process — Find, Fix, Finish, Exploit, Analyze, Disseminate — that JSOC used to dismantle terrorist networks in Iraq. Gen. Stanley McChrystal’s Joint Special Operations task force went from one raid a month to ten raids a night not because it got better technology, but because it collapsed the cycle time between intelligence and action. Every raid generated the intelligence for the next one. Every completed cycle made the next cycle faster.

The same logic applies to innovation. Six phases — Detect, Define, Develop, Deploy, Assess, Distribute — run continuously by a fusion cell, each rotation generating the input for the next. A 70% solution fielded in weeks, assessed against operational reality, with findings distributed across the force and fed back into detection of the next problem.

The PAE reforms provide the authorities and organizational structures for Develop and Deploy. The Innovation Targeting Cycle provides the front end and back end that connect the warfighter’s reality to those authorities.

Each PAE needs four things the current reforms don’t provide

Forward-deployed Problem Discovery Teams — small, cross-functional teams embedded with operational units, sourcing and curating problems from direct observation. Not technology scouts. Problem scouts. These don’t need to be organic to the PAE.

Fusion Cells — that collect all the sensor data from the field, industry and labs and do the due diligence to ensure we are working on the right problems at the right tempo with the right expected outcomes.

Rapid operational assessment — built into the cycle, not conducted as a post-mortem months after fielding. Every deployment of a C-UAS capability should generate data: did it work? Did operators adopt it? Did the adversary adapt? That data feeds the next rotation.

Lateral distribution at operational speed — what one unit learns must reach every other unit facing the same threat before the next engagement, not the next rotation. Our institutional schoolhouses operate at institutional tempo. The drone threat operates at commercial tempo.

The Bottom Line

The Department has reformed how it acquires. It has not reformed what it acquires, whether it worked, or who else needs to know.

In the counter-drone fight, that gap is not academic. The adversary doesn’t need to out-technology us. He only needs to out-cycle us.

We proved with IEDs where that leads. $75 billion. Two decades. We lost.

The same fight is here again. The technology is better this time. The process failure is identical. You don’t beat an adaptive threat by building a better mousetrap. You beat it by running a faster, smarter cycle — one that starts with understanding the problem, not building the solution.

That’s the lesson of Lean. That’s the lesson of the REF. And if the Pentagon doesn’t learn it this time, the drones will teach it the hard way.

Pete Newell is the former director of the U.S. Army’s Rapid Equipping Force and CEO of BMNT. He co-created Hacking for Defense with Steve Blank and is the author of “The Innovation Targeting Cycle: Time-Sensitive Innovation Fires Inside the Continuous Innovation Cycle”

Not a Subscriber+Member? Let’s fix that and get you even deeper access to expert-level national security insights.