JEDI delay impacts classified cloud provisioning

A federal court hit the brakes on the Defense Department's multi-billion-dollar Joint Enterprise Defense Infrastructure cloud program, granting a temporary injunction on Microsoft's work in response to Amazon Web Service's lawsuit. Microsoft was awarded the contract in October.

In filings by U.S. government attorneys arguing against the injunction, defense officials said that JEDI needed to move forward despite the ongoing lawsuit for reasons of national security because delays would cost DOD $5 million to $7 million a month. Additionally, any delay would push back testing of a tool designed to execute cloud provisioning in the classified space more seamlessly and efficiently than is currently possible.

Currently DOD has no mechanism for buying classified cloud services directly from a vendor. There is now a gap of "weeks or months" between an order being submitted and verified in DOD's contracting systems and it being executed on the vendor side, because of security checks and requirements, Sharon Woods, the director and program manager of the Cloud Computing Program Office in the DOD's CIO shop, explained in sworn declaration dated Jan. 31 and released with redactions on Feb. 12.

"The potential security implications of mishandling this process are enormous," Woods stated.

To reduce this gap, the Cloud Computing Program Office entered into a contract in March 2018 -- while JEDI was still being developed -- to create a tool that, as Woods stated, "automates this process gap in a manner that supports user authentication and security auditing."

DOD acquired this service more than a year ahead of the planned JEDI award to make sure the tool was in place at launch. In a footnote to her declaration, Woods explained that the CIA "did not automate provisioning when it first launched Commercial Cloud Services (C2S), and expressed to DOD that its failure to do so earlier was one of its more significant lessons learned."

The ordering tool will still need to be tested at the unclassified level. That can't happen, Woods explained, if JEDI isn't open for business. "It cannot be deployed into the classified environment until at the unclassified level it is validated as functioning properly and the reporting and auditing capabilities are more mature," she stated.

The JEDI procurement has been embroiled in controversy extending to the White House. President Donald Trump made comments in July suggesting he would "look into" the "tremendous" problems with the JEDI buy. Amazon complained about those comments in its lawsuit against the Defense Department, asserting the White House tampered with the award process.

The AWS complaint also asserted that senior DOD officials, including the Defense Secretary Mark Esper and CIO Dana Deasy, were "uniquely susceptible" to pressure from Trump and that such political influence was likely present throughout the decision chain.

This article combines two reports first posted on FCW, a sibling site to Defense Systems.