NSA cloud contract in trouble after Microsoft’s successful bid protest

A National Security Agency cloud computing acquisition is in limbo after losing bidder Microsoft successfully challenged one of the source selection criteria. T...

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Federal Drive’s daily audio interviews on Apple Podcasts or PodcastOne.

A National Security Agency cloud computing acquisition is in limbo after losing bidder Microsoft successfully challenged one of the source selection criteria. The case shows how carefully agencies need to tread, especially when price is not the main criterion. Smith Pachter McWhorter procurement attorney Joe Petrillo reviewed the case on Federal Drive with Tom Temin.

Interview transcript:

Tom Temin: And Joe, well what happened here? This was a another hot competition between two companies that are always hotly competing, and that is Microsoft and Amazon.

Joseph Petrillo: Yes, absolutely. To set the table, this is a procurement by the National Security Agency for cloud computing services, both classified and unclassified. It’s a big contract. It’s a five year contract with an option for five additional years worth hundreds of millions, if not billions of dollars. And it was a best value procurement with a non-price factor, as you mentioned, more important than price. And of the non-price factors, the technical and management factors were significantly more important than the other non-price factors. When the evaluation was over, Amazon Web Services nudged out Microsoft, they were evaluated as superior in both the technical and management factors. But Microsoft had a better price. The evaluated price was 422 million for Microsoft, and 482 million for Amazon Web Services. The procurement, by the way, the program was called Wild and Stormy by the National Security Agency. So they have a sort of vivid way of naming these things.

Tom Temin: Sounds like windy had stormy eyes or stormy had windy eyes. I forget that old song but it reminds me that old 60s tune there.

Joseph Petrillo: Well, maybe that’s what they were thinking. But in any event, this became a wild and stormy procurement. When protested, there were a number of issues that Microsoft raised. One of them didn’t work. There was a difference between the two in which Amazon Web Services had proposed a dedicated approach to meeting NSA needs. Microsoft, however, was meeting the computing needs of NSA through a system that worked for several users. So it was a multi-tenant, basically, system.

Tom Temin: Multi-federal tenant or just multi-tenant?

Joseph Petrillo: That’s not clear from the decision

Tom Temin: Got it.

Joseph Petrillo: But the issue is whether Amazon’s approach of dedicating it, that was considered a significant discriminator between the proposals. And Microsoft said, but there wasn’t anything in the evaluation criteria that said we were going to value that. GAO decided that that was not a good protest issue. And it said that the distinction or the difference between multi-tenant and dedicated services came under the heading of planning, executing and maintenance of all cloud service offerings. So this sort of fairly general umbrella in GAO’S view is broad enough to embrace for a specific discernment between a dedicated system and one that services many users.

Tom Temin: We are speaking with Smith Pachter McWhorter procurement attorney Joseph Petrillo. And that’s kind of surprising that Microsoft would even bid a multi-tenant solution to something like the NSA, knowing how they are the most rigorous agency I think of all of even the intelligence community when it comes to security. And so multi-tenancy has always been an issue for every federal agency. So Microsoft was not sustained on that ground. What about the other ground?

Joseph Petrillo: They fared better in attacking a significant weakness that NSA had assigned to his proposal. One of the issues in the procurement was that NSA wanted to try to achieve technical parity with commercial offerings. So it was concerned that when a new offering became available, it would be certified for both classified and unclassified use by its users as quickly as possible so that they can take advantage of improvements that were available in the commercial marketplace. Now, as you know, there are several different ways of certifying cloud computing services. There’s the FedRAMP system, which is managed jointly by Homeland Security and GSA. DISA does the same thing for most DoD agencies, and NSA has its own process. And all of these processes distinguish between various levels of security, and some of them get quite granular in doing that. The way that NSA had read Microsoft’s proposal, they considered that DISA would have to approve both classified and unclassified new service offerings before those offerings were sent to NSA for approval. And that got them upset. They wanted it to be in the queue earlier than that. Microsoft said, No, that’s not what we said at all. And GAO read the proposal and agreed with my Microsoft, they felt that NSA had simply misread the proposal and made assumptions about there being a contract between Microsoft and DISA that might stand in the way of approval.

Tom Temin: Alright, so Microsoft was turned down on one protest ground, sustained on the other. What did the GAO then decide?

Joseph Petrillo: Well, there was one other protest ground that Microsoft won on. And that was a latency issue. It looked like in the evaluation, Amazon Web Services had a quicker communications system with the cloud computing service. It’s called latency time. And it depends on two factors. One is the physical distance between the data center and NSA. And since everyone’s using fiber optics, that factor relies solely on the distance and the physical distance because the signals travel at the same distance through fiber optic cable.

Tom Temin: That’s right. In some cases, even the speed of light is too slow in these computing applications.

Joseph Petrillo: Exactly. And the other issue is how much additional time is added by the contractors network equipment, because there’s some delay there. Amazon apparently had done its estimate of latency time using only the physical distance. Microsoft, it used the physical distance, and included the lag caused by its network equipment. NSA apparently did not discern that difference in the estimation, and unfairly decided that Amazon had a quicker system. GAO said no, that’s not the case, This is not an apples to apples comparison. And so you’ve based an important factor here on the misreading of the proposal. Again, there were a bunch of other issues, But Microsoft did not prevail on any of those. The upshot of this all is protest was sustained on those two issues, They’re significant enough to require a reevaluation of proposals and a new award decision.

Tom Temin: And when that happens, are the bidders allowed to revise their bids? So that, for example, the latency of all of the components between the data center and the agency are taken into consideration, and so on.

Joseph Petrillo: Well, GAO did not require a reopening of discussions, which would include revision of bids. So that may not be what’s happening. It’s up to NSA to decide how to implement this. They may have valid reasons for wanting to reopen and reevaluate the proposals. One of the issues, interestingly enough, that wasn’t successful, although GAO did note, NSA should take it into account was there was a question about how the evaluated prices were developed, and how they were evaluated. They consisted of three sample task orders, and then prices for five different benchmarks. Those were all totaled, although it seemed that the benchmark prices, which were very small in comparison to the task order prices, in actual performance, those benchmark prices would constitute much more of the total price. Somehow the evaluation system didn’t take that into account. And NSA might want to fix that, but that would probably require a new round of proposals.

Tom Temin: Alright, so at this point, then the NSA is it, with respect to what happens next.

Joseph Petrillo: That’s right.

Tom Temin: Joe Petrillo is a procurement attorney with Smith Pachter McWhorter. Thanks so much for that analysis.

Joseph Petrillo: It’s my pleasure.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

Related Stories