As the Defense Department’s Joint Enterprise Defense Infrastructure (JEDI) cloud initiative remains mired in protest, the CIA’s Commercial Cloud Enterprise (C2E) acquisition is held up as a model approach.
Yet, DoD continues to try to fix what many call a flawed procurement from the beginning despite an obvious path to the finish line.
“It’s a good thing that C2E is looking for multi-vendors. That is a good omen. I’ve always been a fan of multi-vendor multiple-award type contracts because it puts the agency a little more in the driver’s seat to select what they want, to select who they want and at the best price points. It’s not really playing one vendor off another, but just keeping options open,” said Shawn McCarthy, IDC Government Insights research director, in an interview. “Across all levels of government edge computing is a hot topic. It’s born from smart cities and the manufacturing sector. A great example in a smart city where they collect traffic data using a small footprint artificial intelligence capability at the edge. If they see something happening, they can send commands to traffic lights to change the flow of traffic in near real time. It helps make decisions and it’s increasingly important on all networks because the edge is where the action is.”
DoD, the CIA and so many other agencies speak about getting power to the edge whether it’s for warfighters or farmers or first responders. In fact, one of DoD’s first task orders under JEDI was for services ranging from testing to accrediting to hosting devices for use at the tactical edge.
McCarthy said the edge of the network can be used and controlled the same way as the cloud is for applications and systems, and a multi-vendor approach provides the better way to do that.
The latest salvo to get DoD to rethink its approach comes from the IT Acquisition Advisory Council (IT-AAC) in a memo sent to House and Senate lawmakers, which Federal News Network obtained.
IT-AAC, which includes former DoD and civilian technology officials, has been a long-time and outspoken critic of the JEDI procurement. This latest memo doesn’t necessarily break new ground, but it comes as DoD continues to fight the court battle with Amazon Web Services over its award to Microsoft. DoD recently promised to take corrective action on AWS’ bid protest.
“As DoD CIO was not initially included in the JEDI planning effort by the US Digital Service/Defense Digital Service team, the DoD CIO should not be forced to implement this flawed strategy that is likely to be contented well into 2021, denying the warfighter urgently needed capabilities,” the IT-AAC memo states.
IT-AAC also said DoD can’t get out the perpetual protest cycle easily.
“The recent Court of Federal Claims injunction that stayed JEDI cited errors in DoD’s evaluation of one of six ‘pricing scenarios.’ The pricing scenarios were theoretical use cases included to help DoD evaluate costs, and were only necessary because DoD decided to select a single solution up-front, before knowing how it would be used. Furthermore, DoD noted that it ‘wishes to reconsider its evaluation of the offerors’ online marketplace offerings.’ Yet if DoD pursued a multi-vendor offering, it would not need a marketplace in the first place,” the memo states.
Instead, IT-AAC told lawmakers that DoD should just follow the CIA’s so far successful procurement.
“The result will be a cloud computing framework that preserves competition for price, services, and features while ensuring the IC retains access to the most innovative technologies from multiple vendors. Mission owners will be free to choose the cloud architectures and solutions that best meet their requirements,” IT-AAC states. “This practical, multi-vendor approach will pay off. C2E has been able to rapidly move toward delivering capability to mission owners, going from initial market survey to nearly final proposal in under a year. By harnessing this approach, DoD could make faster progress, moving from concept to award to execution in months rather than years.”
The CIA released its draft C2E solicitation in February, and expects to make an award by the end of fiscal 2020.
“Based on the IC strategic plan, the IC will leverage government and multiple commercial cloud capabilities that are interoperable and support workflows within and across multiple security fabrics,” the CIA wrote in the draft documents. “The goal is to maximize rapid re-use of data and sharing of data in mission systems to support these capabilities.”
One industry source, who requested anonymity in order to talk about the C2E procurement, said there is no question that the CIA is taking a much more rational approach to the procurement than DoD did with JEDI.
“I think what you see is the government recognizing that in six or 12 months the landscape will change and they want access to the best and brightest technology and companies at any given point in time,” the source said. “DoD came in and said we need to nail down one provider and stick with one provider.”
While Pentagon officials have been clear that JEDI was never going to be the only cloud for military services and agencies to use, concerns remain even two years later among vendors about first mover status on a department-wide program that could be worth $10 billion over 10 years.
CIA following industry best practices
Many say DoD is following the CIA’s 2013 playbook for its initial cloud procurement, called C2S and won by AWS. But while that approach worked well seven years ago, the current understanding of cloud is more mature.
“The CIA has learned a lot from prior experience C2S and its operating experience over the last six or seven years,” said Dave Mihelcic, a principal with DMMI LLC and a former Defense Information Systems Agency chief technology officer. “When CIA started C2S, they were leading edge. They were not even sure people would bid on that contract. I don’t fault that decision to go with a single cloud back then. But forward to JEDI, clearly multi-cloud makes sense now.”
Mihelcic said the CIA’s draft RFP recognizes cloud providers excel in different areas and set up the gate criteria that ensures traditional vendors like Microsoft, IBM, AWS, Google and Oracle could fit under as well as others likes Salesforce or SAP.
“The draft RFP talks about having an open season so the CIA can add providers for unclassified services as well as provider initially awarded only for unclassified cloud services,” he said. “They could award a follow on to someone in the classified world too. They are not locking themselves in to service providers.”
The industry source added the CIA also realized it will need help managing the multiple cloud instances so they are asking for cloud broker services.
“The IC’s cloud strategy is echoing what we’ve been seeing in [the] commercial marketplace, call it chapter 2. The first was move to the cloud and begin to convert capital expense to operational expense so you can free up people and data center space,” the source said. “It was very much a monetary reason to make the move. But what the government and the commercial world found out was at the end of the day you can’t move to one cloud. There were far more important things than dollar savings. You’ve got business model and operational improvements by moving to the cloud and you can really accelerate the business model changes through a multi-cloud approach.”
Enough of wasting time, resources
IT-AAC contends that moving forward with JEDI doesn’t make sense for multiple reasons.
“DoD CIO has requested the opportunity to amend its proposal, but the limited scope of its revisions amount to cosmetic change. Such tinkering will continue to stir up controversy – as evidenced by AWS’s opposition to DoD’s proposed changes – without addressing the foundational problems with the current approach to JEDI,” the memo states. “The resulting fight will force DoD to invest ever greater time and energy defending an unworkable competition. It will drag attention further away from where it belongs – delivering capability to the warfighter. In the meantime, defense agencies are rolling out their own cloud strategies that will further a disconnected governance structure, drive up costs and create future interoperability problems that JEDI sought to resolve.”
It seems clear someone at DoD needs to take a step back from JEDI, look around at what’s happening at the Air Force with its Cloud One and Platform One initiatives, and the fact that the Army and Navy are following closely behind. By now Dana Deasy, the DoD CIO, or David Norquist, the DoD deputy secretary, should be able to see that the time for JEDI has passed and the Pentagon should cut its loses and cancel the contract.