A lot has been written about the Pentagon's plan to move its computing operations onto the cloud. The contract to do the work is said to be worth $1 billion in just the first year to the firm that wins the bid, and billions more after that. The contract is sole source - meaning one company would be responsible for designing and maintaining the contracted services for at least a decade and probably in virtual perpetuity - so it's no surprise rumors about the bid being rigged are flying around. There's a lot at stake for the winners and the losers.
The Pentagon is looking for a company that can service 3.4 million users and 4 million devices. That's a big job, but not so big that any of the companies that currently make the internet work can't handle it. But there's more to it than that. At the recent Reagan Defense Forum, Under Secretary of Defense for Acquisition, Technology, and Logistics Ellen Lord said, "We are, no kidding, right now writing the contract to get everything moved to one cloud."
It's not clear if she meant that as a joke or as a statement of disbelief, but if she meant the latter, she's right. It hasn't really been determined, outside the Pentagon anyway, whether giving the work to one company - and only one company - is really the best way to go. Maybe the Defense Department shouldn't be putting all its cloud computing eggs in a single cyber basket, since doing so could put America's national security in jeopardy.
Matt Stoller, an economist at the Open Markets Institute and critic of Amazon (the company said to be the favorite of the Obama holdovers inside the Defense Department overseeing the cloud computing contract) believes letting the contract be a sole source proposition could have wide-ranging negative effects.
"This is a monopoly story, but this is a really serious national security story," Stoller told The Hill. "A single-source provider for Pentagon cloud services is obviously reckless. The Pentagon should clearly have multiple cloud providers so that if something happens to one of them there is resiliency and redundancy."
He's right, but he's only scratched the surface. Performance criteria, security requirements, and respect for the taxpayer dollars funding all this activity all lean in favor of the multi-cloud approach which, some policymakers inside DoD seemed to have missed, is how things operate in the real world.
For example, as a matter of security DoD personnel records and tactical command-and-control communications and Pentagon web pages providing information to the public don't all need to be on the same cloud. The argument it's more efficient (and thus less costly) to have it all in the same space is dubious and secondary to security concerns. Technologies can be put in place that limit individual access to specific classes of information, but an individual intent on espionage or sabotage can more easily wreck the system or steal critical information from it if everything is on one cloud.
The Pentagon reportedly tried to rush the contract through to completion before anyone took notice. In that, obviously, they've failed. Now that at least part of the discussion is out in the open, Congress and Defense Secretary James Mattis should both step in and apply the brakes - and not because the process has been tainted by allegations of cronyism made in full page ads running in major metropolitan newspapers.
It would be a mistake for the Pentagon to go forward with its plan as currently formulated, no matter which company gets the work. The job needs to be broken up, not because the corporate types attacking the supposed frontrunner need their own chance to get a space at the trough but because the nation's cybersecurity demands it.
A single cloud, like all the warships anchored at Pearl Harbor's Battleship Row in December 1941, makes for too tempting a target.