Back to news

May 6, 2020 | International, C4ISR, Security

EXCLUSIVE: DoD CIO Makes Case For Sticking With JEDI

No current cloud, commercial or military, lets frontline troops access both classified and unclassified data from all over the world, Dana Deasy told Breaking Defense. That makes JEDI unique – and too complex to split up among multiple contractors.

By

WASHINGTON: A lot of people – even experts – don't get what the JEDI cloud computing program is really about, Dana Deasy told me. And that, the Defense Department's Chief Information Officer admitted, is partly the Pentagon's own fault he told me during a half-hour interview.

So, this morning, after Breaking Defense published the latest of several stories on JEDI's legal and political troubles and the mounting criticism of the program, Deasy agreed to an interview to explain just why he thinks the worldwide military cloud is still essential – and too complexly integrated to split chunks off to different contractors.

There are three fundamental misunderstandings about JEDI that the Pentagon needs to dispel, Deasy told me:

  • First, people think JEDI is meant to be the one cloud to rule them all. It's not. While JEDI will be the default option for “general purpose” cloud computing across the entire Department of Defense, it will not replace hundreds of existing cloud contracts across the DoD not prevent the creation of new “fit for purpose” clouds tailored to specific missions.

“We definitely had created the wrong perception. People believed that we were going to take all of our clouds, get rid of them, and migrate everything over to JEDI,” Deasy told me. “That was clearly never the intent.”

  • Second, people think JEDI is a 10-year, $10 billion contract. It's not – not necessarily. While that's the maximum value and duration of the contract, the Pentagon has the option to terminate it after two years. There's another end-it-or-extend-it decision three years later, and a third three years after that. The minimum the winning contractor is guaranteed to get? Just $1 million over two years.

DoD graphic

The Defense Department's strategy to transition to cloud computing.

“When I came on board, one thing I did was restructure the terms,” Deasy told me. “I've been working with clouds since clouds were first brought to the commercial industry marketplace, and about every two to three years, you see really big changes. I'm talking about significant enough changes where you just want to step back and look at the marketplace. That's why we changed the terms of the contract.”

  • Third, people think JEDI is just another cloud. It's not. While existing military and even civilian clouds can do some of what JEDI is meant to do, none of them can do all of it. None of them can pull unclassified, secret, and top secret data, from the Pentagon, bases around the world, and forward outposts, and put it all together in a way that even troops in combat can access.
  • “Go out to the tactical edge, sit down with the warfighter, and look at how we push information out to someone who's literally outside of the village on the side of a mountain,” Deasy told me. “I spent some time in Afghanistan last year, and you look at what it takes for them to prepare for a mission, to execute a mission. They are pulling data from a variety of sources, some unclassified, some classified.”

But doing that today is damnably hard. It takes a lot of awkward workarounds to bridge the gaps between different and frequently incompatible networks, and you can't bring the kludged-together solution with you into combat. That's why one of JEDI's first priorities is building backpack-sized mini-servers.

“To actually combine that data and physically get the information out to the warfighter in a form factor that they could use when they're out in the field, it just doesn't exist today. And no — you cannot pull that off the shelf,” Deasy said. “That is a unique capability that we have to build.”

“We have to find a partner to help us do that, and that is what we've been looking to do with JEDI,” he told me. He really means a partner, one contractor, not many, because the task of building this highly complex, tightly integrated system is not something you can split up, the way you would an order for bulk commodities like potatoes, jet fuel, or even online storage.

Why not? Let's let Deasy explain it in his own words (edited for clarity and brevity).

Q: There's been a lot of excitement over JEDI since the program began in 2018, and a lot of frustration over the delays. How would you respond to the critics who say it's time to give up, or even that it was the wrong approach all along?

A: At the time I joined [the Defense Department], which was actually two years ago this week, the first thing that Deputy Shanahan turned over to me was JEDI. The first thing he asked me to do was to go back and take a hard look at was, was this the right thing we were doing for the Department of Defense, were we going about it the right way.

Was it the right thing? Yes. Were we going about the right way? Well, I'd say, mixed results.

[Now] there's this whole conversation: “Should the DoD give up? Should the DoD start over? Should the DoD go and do something else?” I've spent a lot of time contemplating a bunch of different scenarios, and no matter what scenario I look at, you still have to solve the problem for the warfighter. We need to take data all the way out to the tactical edge, across multiple classification levels.

And even if I wanted to stop JEDI today, there is no solution that is available already inside the Department of Defense to do that. I'd have to turn right around, go back out to the market, start an RFP once again to solve for that particular problem.

This is why we stay the course.

We're not staying the course because we're just being defiant or stubborn. We're staying the course because it's the shortest way to get from point A to point B, because if we don't stay this course, we will still have to go back and solve this particular warfighting need. And that is why I believe staying with JEDI and moving forward is the right solution.

It's very easy for critics to say, “hey, there's a bunch of clouds already inside of the Department of Defense, why don't you just go use one of those?” Or “why don't you just split this up and give this to a bunch of different suppliers?”

Yes, of course, JEDI can do commodity cloud capabilities, and so do a lot of our other clouds across the Department of Defense. The whole world of commodity cloud has gotten better and better. But it doesn't solve for our classification levels. It doesn't solve for the tactical edge today.

If you look at the heart of that RFP [the 2018 Request For Proposals] and you really sort through all the requirements, what makes JEDI still unique today, that cannot be satisfied by other cloud environments, is the fact that it was solving for both OCONUS [Outside the Continental United States] and CONUS; it's moving data across multiple classification levels; and it was looking to create a commercial solution that would give us far better terms, conditions, and pricing than we'd ever seen inside the Department of Defense.

When we looked across the landscape of all the cloud environments we had, there was not a single cloud environment that we had that could do all those things, nor was there one being contemplated inside the Department of Defense.

We've got the Army that is now looking to consolidate their clouds, we have the Air Force has their cloudOne platform, Navy has stood up a special purpose cloud with their SAP HANA to consolidate their various SAP environments. All of those things fit exactly what we were trying to achieve in the cloud strategy document at the end of 2018.

However, if you look at all those cloud environments and other ones that are stood up across Department of Defense, none of those, still, can do CONUS and OCONUS, none of them is solving for the tactical edge, and none of them is solving for multiple classification levels.

[Before the stop-work order], we had dozens of projects across combatant commands and the services wanting to be the first to standup in the new JEDI cloud, because of two fundamental things: It offered capabilities that their clouds didn't offer and it offered it at a way better price.

At the end of the day, the most competitive way of looking at market forces is, where are the services going to? And they were clearly going towards JEDI because of what it offered in terms of technology and what it offered in terms of price.

One of the criteria that we really wanted out of JEDI was to get to the best commercial terms and conditions. And I can tell you after we were done with that award, we clearly in that award had better terms, better pricing than we had in any cloud across the Department.

Q: But you took a long time assessing which competitors could meet your technical requirements, finally choosing Microsoft. Given the delays, and given how fast IT changes, is that assessment now obsolete?

A: We did not take this final decision on the selection of our vendor until towards the back half of last year. Yes, we started this in 2018, but the offerings that we were looking at were being updated and refreshed throughout the entire RFP process until the point that they submitted their final submissions.

Our [implementation] schedule is actually going to be in phases. First, we're going to roll out unclassified, then we're going to roll out the secret, and then we're going to roll out the top secret. And those solutions were going to be designed and built as we went through this process. One of the reasons we did that was because we did recognize that technology would change.

We set it up in a way that we absolutely can stay fresh with technology as it changes, because we have these option periods [at two years, five years, and eight years] to go back and look at whoever our provider is and to decide whether or not they're staying current.

If we saw that a vendor was starting to lose its competitiveness either on pricing, on speed of delivery, or on technology, you make it clear that if they were to continue down the path they're going, there's not going to be a renewal.

The best evidence you get is just how are they delivering every day? Is it working, is it up and running? Do they really give you a tactical edge? Do they really give you multiple classifications? Are the warfighters benefiting from it?

Q: But why is having a single contractor you can opt out of at set times better than having multiple vendors competing all the time for work orders under an Indefinite Delivery, Indefinite Quanity contract?

A: It's a fair question. And if what we were providing the Department of Defense was pure commodity cloud, a platform for storing and compute and building applications in a standard way that we see industry doing it today, IDIQ would be a perfect way to go.

But that's not what we're doing here. That's what gets lost in this whole conversation. This is not your typical, basic, commodity cloud offering where you can put it out to three or four vendors and let the service pick every day who they want.

Let's go back to what the requirements are. We are trying to build a cloud that can handle CONUS, OCONUS, unclassified, secret, top secret, traverse the data between those environments, and create hardware solutions at forward bases and to the tactical edge.

Imagine for a second that I now wanted to have three or four vendors to do that. Think of the complexity it would take to build cross domain solutions for unclassified, top secret and secret, OCONUS, CONUS, forward bases, tactical edge devices, all the way out to the guys on the side of the mountain.

Especially when you think about trying to move forward with this Joint All-Domain Command & Control, where the fight of the future is going to be multiple services and combatant commands having to work together and share data. That becomes almost untenable if you set it up as an IDIQ with multiple vendors. I mean, how would you ever build that to work all the way to the tactical edge?

To move data from unclassified to secret to top secret, it's extremely complicated. It's not like you go buy this off the shelf. This is a very bespoke, tailored solution that has to be built.

There is an actual hardware element of this, of creating the hardened devices that need to be put into the hands of a warfighter out there on a mission and that's what we don't have today. You have to find a vendor that can help you build those hardened devices out on the tactical edge.

If we're doing IDIQs and every time we have a new warfighter need, we now are going to go out for three or four vendors, we're going to put that out, they're going to come back and bid, they're going to give a solution and then we have to go back and now re-integrate that solution. That gets be very hard and very complicated and very time consuming.

You have to FEDRAMP all of them, you have to test all of them, you got to run them through certification. We have to put NSA red teams onto them, we have to put US Cyber Command to oversee each of those environments. Is that in the taxpayer's best interest? Does that sound like to you the lowest cost, most efficient solution for the DoD and the warfighter?

There's going to be a lot of business across the Department of Defense where IDIQs are going to be perfect and we'll have lots of cloud providers that will flourish. But JEDI is a unique environment where having a partner to help us build this out is the smartest way to go.

Throughout this entire process one thing has stayed constant: You have to find a way of putting a warfighter cloud capability into the hands of our men and women out on the tactical edge every day. And I've always looked at my responsibilities as CIO is to not to satisfy the cloud industry, but to satisfy what the warfighter needs. We have a unique war-fighting need that you just can't go get off of the shelf today.

https://breakingdefense.com/2020/05/exclusive-dods-cio-makes-case-for-sticking-with-jedi

On the same subject

  • COVID Disrupts Network Tests – But Army Presses On

    May 12, 2020 | International, Land, C4ISR

    COVID Disrupts Network Tests – But Army Presses On

    The Army pushed hard to field-test new tech with real soldiers. Then came the coronavirus. Now the service will have to rely much more on lab testing. By SYDNEY J. FREEDBERG JR.on May 11, 2020 at 5:11 PM WASHINGTON: The Army is taking a calculated risk to field much-needed network upgrades known as Capability Set 21 on time next year. To do that, the service needs to start buying radios, computers, satellite terminals, and much more in bulk this year so it can start fielding them to four combat infantry brigades in early 2021. Many Army weapons programs are staying on schedule because they're still doing digital design work and long-term R&D, much of which can be done online. But Capability Set 21 is so far along that much of its technology was already in field tests with real soldiers — testing that has been badly disrupted by precautions against the COVID-19 pandemic. As a result, said Maj. Gen. David Bassett, Program Executive Officer for Command, Control, & Communications – Tactical (PEO-C3T), the Army may have to rely on more testing data from the lab to make up for limited testing in the field. “As soon as we possibly can, we're going to get this back in the hands of soldiers,” Basset told the C4ISRNet online conference last week. “In the meantime, we know an awful lot from the lab-based risk reduction that we've done.” “The risk,” he said, “is pretty manageable.” Risk & Return The field tests done before the pandemic, combined with extensive lab tests, should be enough to prove the technology will work, Bassett said. In fact, the Army already largely decided what technologies to buy for the upgrade package known as Capability Set 21, he said. What it still wanted soldiers to figure out in field tests, he said, was how they would use it in the field. That feedback from those “soldier touchpoints” would help both fine-tune the tech itself and figure out exactly how much to buy of each item – say, single-channel radios versus multi-channel ones — for each unit. Going ahead without all the planned field-testing means the Army will have to make more fixes after the equipment is already fielded, a more laborious, time-consuming, and costly process than fixing it in prototype before going into mass production. It may also mean the Army initially buys more of some kit than its units actually need and less than needed of other items. But CS 21 is a rolling roll-out of new tech to four brigades a year, not a once-and-done big bang, Bassett explained. So if they buy too much X and too little Y for the first brigade or two, he said, they can adjust the amounts in the next buy and redistribute gear among the units as needed. It's important to make clear that the Army's new technologies have already gone through much more hands-on field testing from actual soldiers than any traditional program, and have improved as a result. In the most dramatic example — not from CS 21 itself but a closely related system — blunt feedback from soldiers and quick fixes by engineers led to major improvements in prototype IVAS augmented reality goggles, a militarized Microsoft HoloLens that can now show soldiers everything from live drone feeds to a cross-hairs for targeting their rifle. Doing such “soldier touchpoints” early and often throughout the development process is central to the 20-year-month Army Futures Command's attempt to fix the service's notoriously disfunctional acquisition system. But to stem the spread of the COVID-19 coronavirus, the Army – like businesses, schools, and churches around the world – has dramatically cut down on routine activities. “Units are either not training, or they're training with significant control measures put in place – social distancing, protective equipment, and things like that,” said Maj. Gen. Peter Gallagher, head of the Network Cross Functional Team at Army Futures Command. That's disrupted the “access to soldiers and the feedback loop that's been so critical to our efforts.” Nevertheless, the Army feels it has enough data to move ahead. It may also assess that the risk of moving ahead – even it requires some inefficient fixes later – is lower than the risk of leaving combat units with their existing network tech, which is less capable, less secure against hacking and less resilient against physical or electronic attack. 2021 And Beyond Capability Set 21 focuses on the Army's light infantry brigades, which don't have many vehicles to carry heavy-duty equipment, as well as rapidly deployable communications units called Expeditionary Signal Battalions. It includes a significant increase in the number of ground terminals for satellite communications, the generals said, though not quite as many as they'd hoped to be able to afford. It'll be followed by Capability Set 23, focused on medium and heavy mechanized units riding in 20-plus ton 8×8 Strykers and 40-plus-ton tracked vehicles. While units with lots of vehicles can carry much more gear, they also cover much larger distances in a day. That means CS 23 will include much more long-range communications through satellites in Low and Medium Earth Orbit, “which give us significantly more bandwidth at lower latency,” Gallagher said. “In some cases, it's almost having fiber optic cable through a space-based satellite link.” Even with CS 21 still in final testing, the Army's already gotten started on CS 23. It's reviewed over 140 white paper proposals submitted by interested companies in January, held “shark tank” pitch sessions with the most promising prospects in March, and is now negotiating with vendors. An Army slide summing up the systems being issued as part of the Integrated Tactical Network. Note the mix of Commercial Off The Shelf (COTS) and military-unique Program Of Record (POR) technologies. There has been some impact from COVID,” Gallagher said, “[but] we will have all the contracts probably let no later than July.” The chosen technologies will go into prototype testing next year, with a Preliminary Design Review of the whole Capability Set in April and a Critical Design Review in April 2022. Further Capability Set upgrades are planned for every two years indefinitely, each focusing on different key technologies and different parts of the Army. Meanwhile, Bassett's PEO shop is urgently pushing out more of its existing network tech to regular, Reserve, and National Guard troops deployed nationwide to help combat COVID-19, Bassett said. That includes everything from satellite communications links to military software on an Android phone, known as the Android Tactical Assault Kit (ATAK). Originally developed to help troops navigate and coordinate on battlefields, ATAK is now being upgraded to provide public health data like rapid updates on coronavirus cases. “Any soldier that was responding to this COVID crisis that needed network equipment, we wanted them to have a one-stop shop,” Bassett told the conference. “They would come to us and we'd go get it for them.” https://breakingdefense.com/2020/05/covid-disrupts-network-tests-but-army-presses-on

  • Researchers Reveal ConfusedFunction Vulnerability in Google Cloud Platform

    July 25, 2024 | International, C4ISR, Security

    Researchers Reveal ConfusedFunction Vulnerability in Google Cloud Platform

    Tenable discloses a vulnerability in Google Cloud Functions, allowing unauthorized access to sensitive data and services

  • Inside The UK’s Integrated Defense Review  | Aviation Week Network

    March 24, 2021 | International, Aerospace, Naval, Land, C4ISR, Security

    Inside The UK’s Integrated Defense Review | Aviation Week Network

    The UK military is aligning its focus to platforms that will serve it well in the Pacific, and this is a quick look at how the nation’s plans for aerospace programs are changing.

All news