The Perils Of JEDI: A Single Cloud Provider For The Pentagon And CIA Could Spell Disa
 

The Perils Of JEDI: A Single Cloud Provider For The Pentagon And CIA Could Spell Disaster
By: Dave Deptula Aerospace & Defense / 2-27-19
RE: https://www.forbes.com/sites/davedep.../#5fd766f86477

JEDI Cloud Approach Key To U.S. Security(ZAUR EYLANBEKOV)


JEDI is not only a reference to an order of wise warriors in Star Wars movies, it's an acronym that stands for the Joint Enterprise Defense Infrastructure, an effort by the Pentagon to unify its information-sharing infrastructure. Later this year a company will be awarded a multibillion-dollar contract to manage a cloud system that will instantly become the number one target for hackers and attackers around the world—including adversaries like China, Iran and Russia.

JEDI is an attempt to modernize the entire spectrum of Department of Defense information technology systems into a cloud services solution. It will affect every defense agency and all branches of the military services. Beyond IT, JEDI will set the stage for a new era of modern warfare. Accordingly, the Pentagon cannot afford to get the JEDI IT modernization implementations wrong as our national security and the safety of our troops in the field depends on access to modern computing. The Pentagon’s mission is to manage the infrastructure that provides guidance, equipment, and maintenance of our Armed Forces: 2.15 million strong, operating to defend America and its interests in over 160 countries around the world.

Because of the size and importance of the JEDI contract, most of the leading cloud services companies such as Amazon.com, IBM, Microsoft (for whom I do consulting) and Oracle bid on the contract. Google announced that it will not participate due to conflicts with its “AI Principles.” Other controversies have also surfaced. Both IBM and Oracle issued protests to the GAO over the JEDI competition but they were overturned late in 2018. Oracle has filed a new complaint against the government in the Court of Federal Claims regarding the JEDI contracting process.

Whichever side prevails in court, there remain important questions DOD must carefully consider in selecting the winning cloud provider for JEDI. If Amazon wins, there would be a single cloud provider for both the DOD and the U.S. intelligence community since Amazon already manages the Central Intelligence Agency (CIA) cloud, known as C2S. If hackers and attackers can unlock the keys to one, they get both because the United States’ national security data assets would be stored in one company’s safe—making it the motherlode of a target. In the meantime, China is doing the opposite by using its three main cloud providers.

The military is required to be a worst-case planner and take extreme measures to mitigate cyber and supply chain risks. In my multiple experiences in war planning and execution of joint combat operations, we optimized our plans to reduce operational risks to the extent feasible. In the context of JEDI, regardless of whether or not it will ultimately be awarded to a single contractor, a consideration is the risk assumed by having both the DOD and CIA clouds operated by the same provider.