For the second straight year, Congressional appropriators are expressing skepticism about the Defense Department’s planned JEDI Cloud contract and are aiming to use their power of the purse to impose guardrails on the $10 billion project.
The House Appropriations Committee’s version of the 2020 Defense spending bill would prohibit DoD from spending any money to migrate apps or data to Joint Enterprise Defense Infrastructure (JEDI) until it meets several conditions.
First, the Pentagon would need to submit a report to Congress detailing how it plans to implement the “multi-cloud” strategy it said would pursue when it published an updated cloud strategy in January. The DoD CIO’s office would also have to deliver a list of the specific non-JEDI contracting opportunities it’s contemplating for cloud services over the next two years. Plus, the office must continue to provide updates once-per-quarter on how it is keeping a promise to roll out a multi-cloud architecture.
Just like last year, committee members’ primary concerns with JEDI had to do with DoD’s insistence that the contract be awarded to a single vendor.
“The committee continues to be concerned with this approach given the rapid pace of innovation in the industry and that this approach may lock the Department of Defense into a single provider for potentially as long as ten years,” they wrote in a report accompanying the spending bill. “The committee notes that the Central Intelligence Agency, on behalf of the intelligence community, is now pursuing a multi-vendor, multi-cloud approach in its new Commercial Cloud Enterprise procurement … the committee encourages the Department of Defense to adopt lessons learned from the CIA’s experience implementing cloud computing over the past five years. Further, the committee believes that the Department of Defense is deviating from established OMB policy and industry best practices, and may be failing to implement a strategy that lowers costs and fully supports data innovation for the warfighter.”
The proposed restrictions would need to be passed by the full House and Senate and signed by the president before they took effect. And considering the budget timeline, it remains unclear what their practical impact would be on the JEDI project.
The earliest they could take effect would be Oct. 1, the start of the new fiscal year, and DoD has indicated it intends to make an award in the long-protested contract by mid-July.
More concerns for JEDI
But the House language is only the latest in a series of legislative measures that have expressed serious misgivings about the Pentagon’s approach to JEDI. In two separate appropriations bills last year, lawmakers insisted on reports detailing both DoD’s rationale for the single-award approach and an explanation for how JEDI would fit in with the rest of the department’s cloud activities.
The department’s 2019 authorization bill also included several JEDI-related provisions, including one that insisted DoD better-analyze its existing workloads to determine how many of its systems are ready to move to JEDI.
The contract is also the subject of a bid protest lawsuit before the Court of Federal Claims. The plaintiff, Oracle, has challenged the procurement on several fronts, alleging, for instance, that the single-award decision was improper and that DoD knowingly constructed “gate criteria” that prevented all but two companies from winning the contract.
In its latest update to the legal challenge, Oracle also alleged that two former DoD officials who now work for Amazon Web Services raised critical conflict of interest concerns, because, the company claims, they both worked on the JEDI procurement while they had job offers from Amazon in hand.
In April, DoD concluded an internal investigation into the alleged conflicts and said that they did not impact the integrity of the procurement, but that it was referring some of its findings to the inspector general because of unspecified ethics violations.
At a hearing of the House Oversight and Reform Committee last week, Glenn Fine, the acting inspector general, acknowledged that his office had received the referral without acknowledging whether or not it had opened a criminal or administrative investigation.
“We have it. We’re reviewing it. I don’t really want to talk about an ongoing matter and characterize it, but I will represent that,” he said. “We absolutely will brief the committee when we are completed.”
On April 10, the Pentagon notified IBM and Oracle that they had failed to meet the gate criteria it established for JEDI, leaving only Amazon and Microsoft in the running. Since then, Oracle has been lobbying Congress to intervene in the contract: it sent letters to the House Appropriations Committee and a half dozen others.
“JEDI’s arbitrary – and dated – gating criteria deprives DoD the opportunity to secure the most innovative technology at the best price,” wrote Kenneth Glueck, Oracle’s executive vice president. “Next generation cloud vendors are innovating rapidly around performance, security, artificial intelligence, agility and many other attributes of modern cloud. Ironically, by focusing on a measurement and “gate” now almost 18 months old, DoD virtually assures itself to only evaluate legacy cloud alternatives, depriving the warfighter of the newest generation of cloud technology.”