The DoD "JEDI" Project is a Bad Idea
The Pentagon's plan to award a contract worth an estimated 10 Billion dollars over the next decade to Amazon or Microsoft should be of grave concern to anyone who cares about our nation's security. The contact is set to be awarded by the end of August, 2019.
Cyber is the next generation battlefield, it will be central to the outcome of the next conflict. Once this contract is implemented we won't even be managing our most critical asset, our information and the compute that powers it. The flow and control of information is the new measure of military capability, and we do not possess the overwhelming dominance we do in the kinetic warfare dimension. We are "one of the many" in the cyber world, with only a slight advantage relative to those who would do us harm.
In the 4th century AD, the Roman Empire had a problem. The resources required to guard their far reaching territory stretched their existing legions, and the legions themselves became more expensive to train, outfit, and maintain. A series of Emperors saw it as easier to hire Germanic tribes to plug gaps than to outfit and maintain the type of loyal, Roman led army that had protected them for a thousand years. It started slowly at first, but before long, Rome had outsourced much of their military capability. The Germanic tribes were fierce fighters, and quickly learned Roman tactics and adopted elements of Roman culture. Before long, the balance of power shifted, and the Germanic leaders wielded as much power as the Emperor himself. In 476, Germanic Chief Odoacer deposed the Emperor Romulus Augustulus and made himself king, effectively bringing an end to the Western Roman Empire.
Outsourcing to the tech giants is the equivalent of the Romans outsourcing protection to the Germanic tribes. It may sound like a convenient idea, but as time passes we'll regret the decision.
Why does the idea of outsourcing our computing resource to either of these two big tech companies concern me?
- Migrating a massive network like the DoD's to the cloud is like going in the roach motel, once you go in, you don't come out. We'll be stuck, and extracting us in the event we aren't satisfied will be a massive undertaking.
- The corporations are effectively monopolies. They act, look, and operate exactly like the organizations that President Theodore Roosevelt worked so hard to break up for good reason - their concentration of power is not healthy for our nation or our people. This deal provides these monopolies with funding, resources, and power that will make them stronger than many nations in terms of influence.
- Both are worth over a trillion dollars, making them two of the most valuable companies in the world. They don't need to get larger. https://www.wraltechwire.com/2019/07/11/as-tech-stocks-soar-amazon-cracks-1-trillion-in-value-joining-neighbor-microsoft/?
- I deal with Microsoft often, and I compete against Amazon in the cloud. I know what these companies are capable of, and it's not in our interests to trust them. They aren't patriotic and they don't have the nation's best interests at heart. They care about profit and the do what they can get away with regardless of the impact.
- Both have a history of outages (unforced errors). I'm concerned that they won't be able to handle an aggressive attack by a peer competitor with equal technological capabilities. https://www.readitquik.com/articles/cloud-3/top-7-aws-outages-that-wreaked-havoc/
- Both have a history of Tax dodging and meddling in government affairs
Both corporations are multi-national operations with substantial presence in countries that are potential enemies, employing foreign nationals in areas of high responsibility and authority. Who is to say a high level executive with loyalty elsewhere couldn't override security protocols to access the network? He would already have access to adjacent resources, and that's over half of the battle for an experienced hacker.
We know that Amazon has a cozy relationship with China, and shares cloud technology with them. https://www.wsj.com/articles/amazon-to-sell-its-china-cloud-computing-business-1510628802
By outsourcing our critical classified networks, we will lose core competencies and skills to manage secure networks in DoD. The NMCI program to outsource the unclassified network decimated the technical skill of Marine network specialists. Techs coming out of the Corps used to have solid experience. Now they think basic user creation and administration is network engineering. It most definitely is not. We have already lost substantial technical expertise in our ranks due to outsourcing.
I'm not opposed to leveraging civilian expertise on a contract basis, or to outsource some functionality to American based companies, but to put all our eggs in the safe keeping of Amazon or Microsoft seems short sighted. Nevertheless, this contract will be awarded, and time will tell what the resulting effects to our national security will be. It is my sincere desire that my analysis is not correct.