1 September 2021

Death of the JEDI: Pentagon Learning from Terminated Cloud Initiative

Meredith Roaten

When the Pentagon announced the cancelation of its highest-profile cloud computing initiative in July, not many were surprised.

The lucrative Joint Enterprise Defense Infrastructure program, better known as JEDI, didn’t make sense from a business perspective, said Alex Rossino, an advisory research analyst at Deltek. “It didn’t make sense on any level, honestly.”

The Pentagon awarded an eye-popping $10 billion contract to Microsoft in 2019, a decision that was swiftly protested by competitor Amazon Web Services and led to prolonged legal wrangling until the contract’s cancelation this summer.

“Honestly, it was cursed from the beginning,” said Willie Hicks, public sector chief technology officer at Dynatrace, a software artificial intelligence company based in Waltham, Massachusetts.

“The department has determined that, due to evolving requirements, increased cloud conversancy, and industry advances, the JEDI cloud contract no longer meets its needs,” the Pentagon said in a press release.

Acting Pentagon Chief Information Officer John Sherman told reporters during a teleconference: “JEDI, conceived with noble intent at a baseline now several years old, was developed at a time when the department’s needs were different and our cloud conversancy less mature.”

Now, the military is shifting gears as it pursues a new cloud construct that will be the backbone of its joint all-domain command and control concept, which is meant to quickly connect sensors and shooters. The new program — known as the Joint Warfighter Cloud Capability, or JWCC — will be a multi-vendor, indefinite-delivery, indefinite-quantity contract effort.

While the Defense Department has lost time and resources pursuing JEDI, experts say the recent change of direction will not excessively delay the military’s information-sharing goals as envisioned with JADC2.

Rossino, who studies IT market trends with an emphasis on defense, said JWCC is a stark departure from the “one-cloud-to-rule-them-all” approach of JEDI.

“The DoD has come to understand that the cloud is really just a certain type of infrastructure, and that the more important thing is what you do on that infrastructure — that’s where the opportunity is,” he said in an interview.

JWCC is a multi-cloud initiative that will be expected to provide capabilities at all three classification levels — unclassified, secret and top secret — and parity with services across all classification levels. It will integrate cross-domain solutions and have global availability, including at the tactical edge, as well as enhanced cybersecurity controls, according to the Pentagon.

Rossino said he views the JWCC as a pathfinder program because the Pentagon is trying to implement emerging standards and integrate new systems with which it has not previously dealt.

“There are a lot of new things here, and so coming to terms with that over the next few years is really going to be the key,” he said.

Hicks noted that security of the cloud environment is a serious concern that a multi-cloud approach could tackle. The commercial cloud computing industry has its reputation on the line for any cybersecurity threats that it could face, he explained.

“If they are seen as being vulnerable people will start to flee from their platform to other platforms, so they’re constantly spending millions and billions of dollars across the industry on cybersecurity,” he said.

The Defense Department’s cloud environment would be the No. 1 target for any adversary, so the commercial industry’s latest innovations are needed for protection, he said.

“It will be imperative for our adversaries to bring that network down because it will give us a tactical advantage,” Hicks said.

Pursuing the JWCC will boost competition and help companies showcase their strengths in service of the Pentagon, said Air Force Lt. Gen. S. Clinton Hinote, deputy chief of staff for strategy, integration and requirements.

“The search for best of breed continues on,” Hinote said at the National Defense Industrial Association’s JADC2 & All Domain Warfare Symposium.

Microsoft and Amazon Web Services are considered likely candidates to win JWCC contracts, but the Pentagon will be reaching out to other cloud service providers to assess their capabilities, Sherman told reporters.

Hinote noted that the new approach will better serve the military’s needs for joint all-domain command and control.

Cloud computing architectures will serve as the “backbone” of the Air Force’s contribution to JADC2 known as the Advanced Battle Management System.

Efforts to connect sensors and shooters are needed as intelligence on adversary behavior has found that competitors are trying to disrupt U.S. systems of war, Hinote said. Empowering warfighters with centralized information will protect critical missions even if communications are disrupted. The military needs a “system of systems, such that they can’t tear it apart,” he said.

Easy access to the cloud is critical for the Pentagon to gain advantage of adversaries in future fights, said NDIA CEO and President retired Air Force Gen. Hawk Carlisle. The cloud enables leaders to exchange data with warfighters up to the tactical edge and boost situational awareness without information overload.

Point-to-point information transfer doesn’t work because decisions will need to be made quickly in the fights of the future, said Carlisle.
“In tomorrow’s battlefield, you have to have that ability to get information at a pace that the cloud right now is really the only way to do it,” he said.

He added that JEDI’s failure spurred JADC2 stakeholders to realize how fast the architecture needs to come together and how extensive the sprawling effort will be as it includes everything from the cloud network to the algorithms and procedures needed to operate the system.

The government, military officials, industry and academia “all understand the importance of having to do this and get it right,” Carlisle said.

While experts agree that the move toward JWCC gives the Pentagon a fresh start, the path to enabling joint all-domain command and control is not guaranteed to be smooth.

While moving on to the Joint Warfighter Cloud Capability is a step in the right direction, there is no denying that “we’ve wasted a lot of time,” he said.

The Defense Department said the cancelation of JEDI shouldn’t derail its JADC2 plans. Russell Goemaere, a Pentagon spokesperson, said the Defense Department expects to award contracts for the Joint Warfighter Cloud Capability in nine to 12 months.

“While the JWCC initiative is necessary to implement JADC2, we do not anticipate that JADC2’s schedule will be delayed by the JWCC acquisition,” he told National Defense in an email. “The department’s current cloud resources are adequate for the current phase of JADC2.”

The Joint Requirements Oversight Council will consider cloud environment requirements to deliver JADC2 interoperability, he said.

Meanwhile, while there are some security concerns associated with cloud architecture, Scott Stapp, chief technology officer at Northrop Grumman, noted that it can also help “hide” sensitive information. Fusing information together into the cloud makes it difficult for hackers to distinguish which data is unique, he said.

One of the biggest barriers to joint all-domain command and control is cultural, he noted. The Pentagon’s acquisition system is designed to build technology that meets requirements belonging to specific categories, but JADC2 will cut across every sector.

“It’s not that we haven’t been thinking about this for a really, really long time — about how you get everything on the net, how do you make everything interoperable,” he said. “The question is, how do you execute it?”

Meanwhile, high costs for compliance with the Pentagon’s Cybersecurity Maturity Model Certification program could create complications and barriers for industry interested in becoming involved with the Joint Warfighter Cloud Capability, Rossino said. CMMC — which has been undergoing an internal review for months — will eventually require all 300,000-plus companies working in the defense industrial base to meet certain levels of cybersecurity to protect against threats from adversaries and continue working with the Defense Department.

“Unless they can control the costs of this, they’re going to lose small and potentially medium-sized businesses that would be able to deliver the kind of game-changing capabilities that the DoD will be interested in the future,” Rossino said.

Experts believe that cloud architecture and other aspects of JADC2 can be built up simultaneously.

Rossino explained that both Amazon Web Services and Microsoft have existing cloud setups throughout the Pentagon already. But problems could arise if the competitors are not able to come up with an architecture that is interoperable.

Creating a comprehensive data standard is key to ensuring it’s easy for multiple vendors to team up, he noted.

“Cloud is going to be a foundation for this,” he said. “It’s a foundational principle, but it cannot be a technical obstacle to what they want to accomplish with having a single joint command-and-control environment.”

For now, the military needs to make the most of the cloud infrastructures already in place, said Travis Methvin, deputy director for business, strategy and resources at the Navy’s program executive office for digital and enterprise services, which oversees the Department of the Navy’s cloud infrastructure. The first step is boosting education and best practices around cloud technology.

For example, implementing zero-trust practices — which requires all users to be continuously validated — during remote work operations eliminated many security concerns for the Navy, he said during a panel discussion on JEDI’s cancelation hosted by MeriTalk.

MilCloud 2.0 and the Defense Enterprise Office Solution are two examples of cloud contracts that the Defense Department already has in place. Leaders should explore what applications can be hosted using these networks to support JADC2, said Jim Matney, General Dynamics Information Technology’s vice president and general manager for the Defense Information Systems Agency and enterprise services sector.

“If we look at what [are] the enterprise cloud capabilities that are out there, we’re able to leverage these ... and come up with a solution where we can achieve that,” he said.

Jane Rathbun, who is dual-hatted as deputy assistant secretary of the Navy for information warfare and enterprise services and chief technology officer under the Navy’s chief information officer, said the sea service will continue to procure cloud contracts on its own until the Joint Warfighter Cloud Capability exists and it makes economic sense.

“Until then, we will work toward enterprise cloud contracting, which I think will make it easier for us to shift to another enterprise cloud, once it’s established,” she said during a panel discussion at the Navy League’s annual Sea-Air-Space conference in National Harbor, Maryland.

Hicks said there is a lot of work to do to integrate existing systems with the cloud architecture to create the system of systems that JADC2 is envisioned to be.

“We’re still in an experimental stage at this moment,” he said. “The slower this goes ... that’s going to eat into what we have to do on the back end.”

No comments: