Blog 5: JEDI to JWCC; How the DoD is using top Cloud Service Providers to fulfill battlefield needs

TL;DR: The 2017 Department of Defense Cloud Computing Contract (JEDI) awarded to Microsoft was cancelled due to a need for a more inclusive cloud computing infrastructure of the DoD. Last week, the Pentagon announced JEDI’s replacement, JWCC, and who they have identified as able CSPs to bid on its next major cloud initiative: Amazon, Microsoft, Google, & Oracle. No awards have been given out, first unclass awards should start in Q3FY22. The DoD is using a unified cloud infrastructure to establish a cloud presence necessary for a 21st-century battlefield.

Computer networks cover our business world, but they also cover our “battlefields” and in today’s combat space future wars will be fought across multiple domains (sea, air, land, space, cyber…etc). The US Government needs to make sure that its forces are synchronized and can share information, intelligence, and data regardless of physical location. The networks that the US Armed Forces use on a day-to-day basis cover anywhere from unsecured to Top Secret information, and the networks that carry these data need to be secured themselves. Over the last two decades, more traditional computer networks have given way to clouds. As such, the US Department of Defense (DoD) awarded a contract to Microsoft in 2019 to develop the Joint Enterprise Defense Infrastructure (JEDI) to bring these cloud capabilities to the warfighter. However, this past summer, the Pentagon scrapped the $10 Billion contract with Microsoft after a lawsuit from Amazon cited unfair selection of Cloud Service Providers. If you recall, there was a lot of tension between then President Trump and the then CEO of Amazon Jeff Bezos. Media reports alleged Trump may have tried to influence the contract because of his dislike of Bezos, who owned the Washington Post – a newspaper that had repeatedly criticized Trump. Some cite this as a reason as to why Microsoft was awarded the contract, however, there is nothing concrete to back up those accusations.

Nonetheless, JEDI was scrapped in July 2021 and the Pentagon put together another contract that would allow for “evolving requirements, increased cloud conversancy, and industry advances” (DoD)

What Was JEDI?

The JEDI Contract: What really happened?

The Joint Enterprise Defense Infrastructure contract was intended to replace the current set of networks that the DoD uses to piece together information and upgrade that network with a unified cloud enterprise. The benefits of a unified DoD cloud are that it would allow for increased reliability and better information flow across the different systems. Additionally, a cloud-based enterprise would allow the DoD to add evolving technologies into their battle rhythm as they are developed. Success on the modern battlefield is contingent on getting the right information to the right person at the right time. While there are numerous technologies tied into this – artificial intelligence, machine learning, big data analytics – the vast size of the defense enterprise necessitates the need for cloud computing.

DoD graphic

So JEDI is CANNEX…What’s Next?

The need for a robust cloud network is still vital to the success of the US Government and Armed Forces. Multi-Cloud is not a foreign concept to big businesses or Cloud Service Providers. Multi-Cloud is a way of using multiple cloud service providers within an ecosystem. There are huge benefits to using a multi-cloud approach including competitive pricing, agility, upgraded resilience, and being able to use the best products from the specialties of each CSP. Especially for the military, having a single cloud enterprise from a single vendor is a significant vulnerability risk. The size of this system would make it difficult to secure, and a single intrusion could result in catastrophic consequences. Rather, having multiple clouds allows for each cloud to be more readily protected while also containing any security breaches. And so, as soon as JEDI was canceled, the Joint Warfare Cloud Capability contract was announced. JWCC is expected to be a multi-cloud, multi-vendor opportunity for different CSPs to provide value to the Government.

Army graphic

JWCC Announces Winners

The initial announcements for the JEDI program in 2017 served as a green light to several military organizations that they could move to the cloud. However, as we have learned throughout class and have lived through the COVID-19 Pandemic, advances in technology, especially Cloud Computing have advanced at rates that we initially thought were over a decade away. Re-soliciting this contract was a good idea to include new capabilities by then smaller Cloud Service Providers, including Google Cloud Platform and Oracle. CEO of Google Cloud, Thomas Kurian said recently, “When the JEDI RFP was issued, Google Cloud was not in a position to bid. First and foremost, our technologies were not ready to meet the various classification levels and other technical requirements necessary to compete.” Two years later, the “Hottest Cloud Provider” is ready to take a seat at the table with the most secure CSPs in the market.

Last week, November 19th, The DoD picked Microsoft, Amazon, Google, and Oracle to be the four CSPs for the JWCC program.

“The DoD studied the commercial cloud market and assessed capability statements that were submitted by cloud service providers and any follow-up communications provided to the department,” Russell Goemaere, a Pentagon spokesman, said in a statement. “We assessed each CSP’s service and capability offerings as they related to the department’s unfulfilled warfighting needs, enduring capability gaps, high-level JWCC requirements, and each CSP’s ability to meet the JWCC capability delivery schedule. We also collaborated with DoD stakeholders from the military services, combatant commands, principal staff assistants, defense agencies, and field activities to survey requirement owners about what they would want to see in an enterprise-level cloud offering.”

Under the terms of the current Request for Proposal (RFP), Amazon, Microsoft, Google, and Oracle have been invited to bid. That multi-vendor approach is markedly different from the JEDI RFP, where just a single vendor (Microsoft) was going to walk away with the prize. In fact, the Pentagon makes clear that while it favors Amazon and Microsoft, any of the qualified (invited) vendors could get a piece of this deal.

US Army Lt. Gen. Charles Flynn pointed to reasons why this cloud environment is necessary, “The Army’s data is stored is primarily stored through four different locations, including the warfighting mission area that I own.” But those disparate systems weren’t built to easily exchange data with each other – hence the need to migrate data to the cloud.”

Okay, so really, what’s next?

While the announcement to include four CSPs in the JWCC bid, the announcement does not necessarily mean that any awards have been identified, meaning that work has not started and companies have not been given anything to work on right away. The Government still needs to negotiate separate indefinite-delivery, indefinite-quantity (IDIQ) contracts with each company. Awards should start to be announced Q3 FY22.

JEDI was announced in 2017 and since then there has been a significant standstill while litigation efforts poked holes in the JEDI Award. Three years later, we still do not have a unified cloud infrastructure, but we are working toward it. If there is a silver lining, it is that the DoD is upgrading, across the width of the services and is concerned with breaking down information silos to make DoD networks stronger, more capable, and more inclusive – to the warfighter and the CSP!

Cloud computing illustration

7 comments

  1. Brett- wow! Thanks for an insightful analysis on a highly technical post! I really had no idea that such incredible projects are taking place at DoD and the impact and scope of those projects. Obviously the future is cloud based (wink) but I’ve never considered it to be the next battlefield in the traditional sense of the word. Forgive the unsophistication, but would a project of this scope be able to adequately protect and defend, say power grids, dams, etc not just weapons and the cool military stuff? Can those be integrated or is most of the current technology too outdated to be connected?

  2. Great article, interesting that it seems like multi-cloud or cloud choice is all the rage in the private sector, and the government adopting the same approach makes sense given their needs. I have to imagine outside of ease of use and accessibility, latency and security are major issues. I don’t hear much about Oracle’s cloud product, I’ll be curious to see how it holds up to the three top dogs in the bidding process, and what pieces it might win. For that matter, I wonder what pieces GCS will win too. Do you have any idea of what their specialties are, and where they might outperform MFST and Amazon?

  3. Great post Brett! You do have a little bit of formatting issues around the images you might want to touch up quickly.

    But you did a great job breaking down something that seems to be a very technical topic. Hopefully it won’t take as long to finalize a unified cloud structure as JEDI was 4 years ago and I would expect the DoD to be on the cutting edge for this technology.

  4. I can’t begin to fathom to complexity behind the bids these companies need to make for these military contracts. Whereas other military contracts, such as physical weapons are more straightforward, the complexity of these military cloud products seems to be incredibly complex. The section of your blog that covers having multiple clouds to help protect against security issues is fascinating. I am constantly hearing about third-party cyber attacks on the western world and I’ve always wondered what infrastructure is in place to combat this. Learning about programs like JEDI and their approach to using a multiple cloud system is fascinating. Thank you for sharing!

  5. Awesome blog, I had never dug into what JEDI or JWCC really entailed so I really appreciate the context you gave. I’m extremely curious on the classification levels that the companies will be able to adhere to, the government has strict rules of what can co-mingle and whether different classification levels can work out of the same facility. I have not looked, but I wonder what type of guidelines they’ve created for CSP that want to host classified information on their servers; whether a certain data center can only host classified data, or if it can co-mingle among classification levels, or if there are no restrictions and an unclassified cloud can co-exist with a classified cloud. — I’ve been personally trying to work this into my company, but we haven’t received guidelines from the government of how cloud and classified data can work together.

  6. I’d like to see the Federal Government take a multi vendor approach here. I think utilize the best of the four companies can help create solutions that best benefit the military. Putting all their eggs in one basket to me doesn’t necessarily bode well on a federal contract. It might mean personal have to understand more than one system but I think the benefits long term put the United States in a better position

  7. Thanks for following up on the JEDI program. I haven’t followed it since Bezos went crying to Congress. I am most concerned with the DoDs ability to coordinate these vendors in an efficient manner to produce a unified cloud solution across four of them. I can easily see Congressional oversight committees cross examining flag officers as to why it is taking so long and costing so much money to realize the JWCC network.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: