You are currently viewing Ensuring Security Within the DoD: The Clouds War

Ensuring Security Within the DoD: The Clouds War

The Pentagon is committed to securing new competitiveness in all emerging sectors. Technological advances will be the basis for the US Department of Defense’s optimization through the use of both new IT systems, such as Cloud Enterprise, and combat resources, such as C3 networks. 

Photo: https://www.fedscoop.com

On July 15th, the US Department of Defense (DoD) published the “Digital Modernization Strategy”, a new phase in the technological revolution that the Pentagon is conducting. The new Programmatic Document indicates the different phases of the digital transformation necessary for the construction of a “cloud” accessible at a global level, which contains both high-ranking military data, and IT services that the DoD intends to purchase for the entire structure (instead of leaving, as currently, each service the autonomy of choice).

In the US national security doctrine, the current Document is three levels under the National Security Strategy: it represents, in fact, an operational document of the DoD Cyber Strategy (Level III) and an address document for three Level 5 documents (Cyber Risk Strategy, Artificial Intelligence Strategy and Cloud Strategy). The Document represents the strategic vision of the CIO (Chief Information Officer) of the DoD, Dana Deasy, to create “a more secure, coordinated, transparent and effective IT architecture that transforms the available data into usable information and ensures a reliable execution of the missions to facing a persistent cyber threat.” This vision is guided by four priority documents and framed in four organizational objectives.

Photo: https://www.csoonline.com

The four priority areas indicated in the Strategy as beneficiaries of the new approach to the digital age are: Data Cloud, involving the entire Pentagon structure; Artificial intelligence; C3 (Command, Control and Communications); Cybersecurity.

 The use of cloud computing has the priority objective of protecting and handling the wealth of the DoD’s data as a strategic asset for national security, a definition introduced (for all federal agencies) with the Executive Order (“American AI Initiative: on Maintaining American Leadership in Artificial Intelligence) of February 2019. During the same month, the Pentagon also published the reference document of its Cloud Strategy related to the phases and procedures of migration of its calculation and archiving functions towards a single cloud. Joint Enterprise Defense Information (JEDI) is the reference name of the so-called “War Cloud” and so far, has been a subject that has had little technical impact and has become stuck in a bureaucratic impasse. There has been strong criticism from Congress and industry against the Pentagon’s decision to create a single cloud managed by a single company which would receive the 10-billion-dollar contract. Google said it was out of the race in October 2018, and IBM and Oracle dropped out last April. Eventually, a federal court rejected Oracle’s appeal against the DoD (and Amazon Web Services as an interested third party) allowing the Pentagon to resume the tender procedures after more than eight months delay. Now, it’s a head-to-head match between Amazon and Microsoft. The Amazon Web Services cloud platform is, however, the market leader and the assignment of the contract to Amazon – in the current conditions – seems nearly certain. 

Photo: https://www.army.mil

Despite the large amount of media coverage that JEDI has received during the past year, a new product is said to cover a much more important technical role within the new strategy. Indeed, a consortium of companies led by General Dynamics, which includes Dell and Minburn Technology and provides solutions based on the Microsoft 365 platform, won the $ 7.6 billion contract to provide cloud-based office enterprise solutions to the Pentagon. The contract (Defense enterprise office solutions, or Deos) was awarded by the US General Services Administration, the American federal procurement body, and the US Defense Department, and has a ten-year term. Deos, the GSA website reads, includes a series of Microsoft productivity tools (document creation, email, collaboration, file sharing, storage) that will replace the Pentagon’s IT legacy office applications.

The idea is to have a uniform cloud-based solution for all the services of the Ministry of Defense and its various agencies, such as the Army and Marines. The Chief Information Officer of the Defense Department, Dana Deasy, stressed that the ministry’s strategy is multi-cloud and aims to ensure security and reduce costs for the federal administration.

Deos is a separate and stand-alone project compared to Jedi, the $10 Billion contract for the Pentagon’s cloud infrastructure. The contract is the subject of controversy between the companies competing to supply their products: IBM, Microsoft, Oracle and Dell have argued that the criteria of the public tender favour the assignment to Amazon. Eventually, only Microsoft remained. 

“DEOS takes advantage of technical, security and contractual lessons from these ongoing pilots, while military services are leveraging them to assess the readiness of their infrastructure to support migration to DEOS,” said Deasy. The contract has a five-year base period, with two two-year options and a one-year option following. The DoD used the General Services Administration IT Schedule 70, which is used for long-term contracts for GSA-approved technology, for the acquisition. “[DEOS] will bring cost savings and help DOD easily share mission-critical information across all military services while enhancing cybersecurity and reducing costs,” said GSA administrator Emily Murphy.

While it is too soon to give an evaluation of the newly awarded cloud system, the premises seem promising. 

Written by Agnese Gambuzzi, European Defence Researcher at Finabel – European Army Interoperability Centre.