How the Pentagon's Move to the Cloud Landed in the Mud

Rivals complain that specs for a potential $10 billion contract favor Amazon.
Image may contain Head Face Human Person Coat Clothing Overcoat Apparel Suit Audience Crowd and Speech
Jeff Bezos, CEO of Amazon, considered the favorite to win a lucrative Pentagon contract.Andrew Harrer/Bloomberg/Getty Images

The Pentagon didn’t mince words in March when introducing the Joint Enterprise Defense Initiative, or JEDI Cloud program: “This program is truly about increasing the lethality of our department and providing the best resources to our men and women in uniform,” the Defense Department’s chief management officer, John H. Gibson II, told industry leaders and academics at a public event. JEDI aims to bring DOD’s computing systems into the 21st century by moving them into the cloud. The Pentagon says that will help it inject artificial intelligence into its data analysis and equip soldiers with real-time data during missions, among other benefits. For the winning bidder, the contract will be lucrative: Bloomberg Government estimates it will be worth $10 billion over the next decade.

Or at least that’s how it should have worked. But little about the JEDI Cloud contract is standard. With dramatic pre-bid accusations, ever-changing deadlines, and a last-minute dropout due to ethical concerns, the story of the JEDI contract reads more like a bizarre corporate thriller than a simple cloud-computing deal.

Case in point: Late Monday evening, Google announced it no longer plans to submit a bid by Friday, the deadline for interested applicants. Google said it “couldn’t be assured” that the work to fulfill the JEDI contract “would align with [its] AI Principles,” among other things.

It’s a reasonable assessment, given that developing the JEDI program would conflict with Google’s recently codified stance against developing or deploying artificial intelligence technologies that “cause or are likely to cause overall harm,” as the digital backbone of the Pentagon will certainly do in one way or another. However, it was also a bit of a gimme, as Google probably wouldn’t have won the contract anyway.

That’s because Amazon has been considered the clear front-runner for the JEDI Cloud deal since the details of the contract were first released. Accentuating concerns about the fairness of the bidding process, IBM on Wednesday protested the contract’s ground rules to the US Government Accountability Office. IBM said the stipulations would prove both counterintuitive and dangerous, and that the contract was written to clearly favor one well-known cloud service provider. “JEDI turns its back on the preferences of Congress and the administration, is a bad use of taxpayer dollars and was written with just one company in mind,” wrote IBM general manager Sam Gordy in a statement. Another potential bidder, Oracle, had previously lodged a similar protest.

The Pentagon’s 1,375-page winner-take-all request for proposal for JEDI is a web of restrictions and requirements that some critics allege leaves few viable candidates beyond Amazon. To qualify to submit a bid, potential applicants must have the infrastructure to transition approximately 3.4 million Pentagon users and 4 million devices to the cloud, generate at least $2 billion a year in revenue from cloud services (a tough order, given that Google’s cloud businesses only recently broke the $1 billion a quarter mark), prove they can win certification to handle the government's most classified information (a status only Amazon currently holds), derive most of their revenue from sources other than federal contracts (disqualifying many traditional defense contractors), and ensure that their data centers are placed 150 miles apart, among many other stipulations. Viewed in their entirety, the rules suggest bids would be limited to a handful of tech giants that have made names for themselves in the cloud computing industry over the past decade, of which Amazon is king.

This already short list is only made shorter by the Pentagon’s insistence on awarding the JEDI contract to a single company; most contracts of its size are split among several vendors. In their protests, both Oracle and IBM argued that the DOD’s insistence on awarding the multi-billion contract to one bidder would stifle innovation and pose a huge security risk by giving would-be attackers a single large entity to target. Their protests forced the Pentagon to justify its approach to Congress and contributed to repeated delays in the bid-submission date.

Google agrees. “Google Cloud believes that a multi-cloud approach is in the best interest of government agencies, because it allows them to choose the right cloud for the right workload,” said a Google spokesperson in a statement to WIRED. “Had the JEDI contract been open to multiple vendors,” Google said, “we would have submitted a compelling solution for portions of it.” That seems at odds with its statement Monday about pulling out because of its policy on the ethical use of AI. The company did not respond to a request for additional comment.

The Pentagon argues that hiring multiple companies would be more complicated, costly, and less secure. But few industry experts and companies outside of the DOD and Amazon agree. Using multiple vendors is considered more reliable, as it reduces the risk of a total failure if one has a freak outage or vulnerability. It also would allow the department to make use of the expertise of several providers, rather than relying on a single entity to know everything.

Kris Lahiri, chief security officer of Egnyte, an enterprise file-sharing and cloud-computing storage company, finds the Pentagon’s insistence on a winner-take-all approach worrisome. It feels too risky to bet it all on the capabilities of a single provider, says Lahiri. For that reason, he says, a lot of larger tech companies eventually end up relying on more than one provider as their needs become more complicated. Lahiri says that the government’s decision to put a huge swath of the DOD’s operations in the hands of just one bidder feels awkward, as it’s not as if the Pentagon couldn’t afford to divvy things up in the name of increased security.

Of course, Amazon isn’t just any cloud provider. It's the only web services company authorized to handle extremely sensitive, classified government data with a well-documented history of performing similar tasks. Back in 2013, the then-underdog Amazon Web Services beat out IBM for a $600 million contract to develop a similar cloud system for the CIA.

However, Amazon’s experience in the intelligence cloud-computing market has critics worried the government might be putting all its eggs in one basket. If Amazon wins the JEDI contract, it would be the sole guard of a worrying amount of highly sensitive information about the government, says Lahiri. Meaning any sort of issue affecting Amazon could have a cascading effect throughout the intelligence community. “Which I feel is very risky,” he added. Amazon did not respond to WIRED’s request for comment.

Recent reports by Bloomberg alleging that Chinese agents compromised the supply chain of a technology supplier to the Pentagon and private industry have increased pressure on the Pentagon to prioritize security when selecting a winner. According to Bloomberg, the illicit hardware additions compromised the security of “Department of Defense data centers, the CIA’s drone operations, and the onboard networks of Navy warships” as well as hardware by Apple and Amazon. Amazon, Apple, and the supplier, Super Micro Computer, have all denied the allegations.


More Great WIRED Stories