The bids are in for the Pentagon’s latest major contract to provide the U.S. defense establishment with cloud services. The Joint Enterprise Defense Infrastructure (JEDI) program is part of the effort by the Department of Defense (DoD) to bring its information technology (IT) infrastructure and acquisition practices into the 21st Century. This new contract will help the Department access the latest in commercial security technologies, support the rapid development of new applications and capabilities, move in the direction of software as a service and leverage commercial cloud service to transform the way data is acquired, manipulated and disseminated.
Most important, JEDI reflects the military’s recognition that information is now the most important weapon in warfare. The Pentagon intends this new contract to be its first major step in creating a secure and robust computing and data storage environment that provides not only headquarters and operational commanders with relevant information but extends this capability down to the warfighters at the tactical edge with actionable, even real-time, intelligence.
In a speech to an IT industry meeting, then Air Force Brigadier General David Krumm, the Joint Staff’s deputy director for requirements, explained the challenge confronting the military with respect to moving to the cloud. “We need to take your commercial solutions and we need to integrate them into the military. We need to put them on a global scale in both the unclassified and classified environment. That information has to be available to the warfare on the tactical edge, not just the headquarters.”
Since DoD first announced that it intended to release a request for proposals (RFP) for JEDI, it has been the subject not just of criticism but of misinformation and mischaracterization. For example, a recent article in Wired suggested that there was something amiss with the JEDI effort because there had been pre-bid complaints by some potential bidders, changing deadlines and even the very public withdrawal from competition by one potential competitor, Google. This article went on to cite another publication, Vanity Fair, to the effect that the massive (nearly 1,400 page) RFP has so many restrictions and requirements that it skews the competition in favor of a handful of competitors.
What these commentaries demonstrate is not a problem with the JEDI procurement but rather the authors’ profound ignorance of the way DoD conducts such competitions. Anyone familiar with the world of government contracting, not just at DoD but with any federal department or agency, knows there is nothing unusual about pre-bid complaints, changing deadlines, companies entering and leaving the field and even post-award protests. All of these are pretty standard stuff.
Nor is there something sinister about the Pentagon publishing a long RFP with lots of conditions and requirements. The excruciating length and complexity of most RFPs is a function of the often onerous requirements imposed by acquisition regulations. While this may exclude some commercial companies, the fault lies not with the JEDI RFP nor the Pentagon, but with a Congress that has passed a myriad of laws that force those contracting with DoD to jump through an endless set of hoops. Nor should it surprise anyone that in an era of massive cyber attacks targeting not only DoD networks, but those of private companies working for the government, that a contract for cloud services would have extensive security requirements. Again, pretty much standard stuff.
One criticism that continues to pester the JEDI procurement is that it is a single, winner-take-all contract with a fixed duration of ten years. Recently, IBM, which nonetheless submitted a bid for JEDI, added its voice to that of Oracle when it filed a protest on this specific issue. The heart of IBM’s argument is that DoD should mimic the practices of private sector cloud users and acquire multiple clouds.
This criticism both mischaracterizes the JEDI RFP and does a profound disservice to DoD’s strategy for migrating to the cloud. The fact is that JEDI is not the first, longest or necessarily even the largest cloud computing contract awarded by DoD or one of the military services. The Pentagon already has multiple clouds; some, like MilCloud, are based on long-term, single source contracts.
The duration of the contract is not actually ten years. It is divided into increments. DoD has the right to terminate the winning contractor at the end of two years. As part of their proposal, each offeror had to submit a detailed transition plan in the event their contract was not extended. The $10 billion total value of the contract is a maximum figure that would only be reached if JEDI were wildly successful and used by virtually every DoD component. Finally, nothing in the JEDI RFP precludes the Department from contracting with other companies over the next ten years.
But more importantly, the critics mischaracterize the challenges involved in moving the Department to the cloud. DoD is unlike any commercial company or even part of the federal government. It is the largest single operating entity in the world. It is also, arguably, the most complex. It will never be able to respond to the organizational, operational and cultural changes that cloud computing will require with the speed and ability of a private sector company. Imposing the requirement to contract with multiple providers on the already difficult challenge the Pentagon will face with cloud migration is just asking for trouble.
Tim Van Name, deputy director of the Defense Digital Service, provided a compelling rationale for the Pentagon’s decision to begin its migration to a military cloud by awarding the JEDI contract to a single team.
“The department is framing the solicitation in a way to best meet the department’s requirements. The lack of standardization and interoperability today creates pretty significant barriers to accessing our data where and when it is needed, especially at the tactical edge on the battlefield. The decentralized management and our inability to automate provisioning and configuration overburdens our teams. And we believe that multiple award cloud[s] would exponentially increase the overall complexity.”
The risk of getting JEDI wrong must be measured not in lost business but in terms of the potential for lost battles and, more significantly, lost lives. Allowing DoD to move to the cloud in a step-by-step fashion, initially with a single contractor, makes the most sense when it comes to the Nation’s security.
Find Archived Articles: