The Pentagon's plan
to award a contract worth an estimated 10 Billion dollars over the next decade
to Amazon or Microsoft should be of grave concern to anyone who cares about our
nation's security. The contact is set to be awarded by the end of August, 2019.
Cyber is the next
generation battlefield, it will be central to the outcome of the next conflict.
Once this contract is implemented we won't even be managing our most critical
asset, our information and the compute that powers it. The flow and control of
information is the new measure of military capability, and we do not possess
the overwhelming dominance we do in the kinetic warfare dimension. We are "one of the many" in the
cyber world, with only a slight advantage relative to those who would do us
harm.
In the 4th century
AD, the Roman Empire had a problem. The resources required to guard their far
reaching territory stretched their existing legions, and the legions themselves
became more expensive to train, outfit, and maintain. A series of Emperors saw
it as easier to hire Germanic tribes to plug gaps than to outfit and maintain
the type of loyal, Roman led army that had protected them for a thousand years.
It started slowly at first, but before long, Rome had outsourced much of their
military capability. The Germanic tribes were fierce fighters, and quickly
learned Roman tactics and adopted elements of Roman culture. Before long, the
balance of power shifted, and the Germanic leaders wielded as much power as the
Emperor himself. In 476, Germanic Chief
Odoacer deposed the
Emperor Romulus
Augustulus and made himself king, effectively bringing an end to the
Western Roman Empire.
Outsourcing to the
tech giants is the equivalent of the Romans outsourcing protection to the
Germanic tribes. It may sound like a convenient idea, but as time passes we'll
regret the decision.
Why does the idea of outsourcing our computing resource to either of these two big tech companies concern me?
- Migrating a massive network like the DoD's to the cloud is like going in the roach motel, once you go in, you don't come out. We'll be stuck, and extracting us in the event we aren't satisfied will be a massive undertaking.
- The corporations are effectively monopolies. They act, look, and operate exactly like the organizations that President Theodore Roosevelt worked so hard to break up for good reason - their concentration of power is not healthy for our nation or our people. This deal provides these monopolies with funding, resources, and power that will make them stronger than many nations in terms of influence.
- Both are worth over a trillion dollars, making them two of the most valuable companies in the world. They don't need to get larger. https://www.wraltechwire.com/2019/07/11/as-tech-stocks-soar-amazon-cracks-1-trillion-in-value-joining-neighbor-microsoft/?
- I deal with Microsoft often, and I compete against Amazon in the cloud. I know what these companies are capable of, and it's not in our interests to trust them. They aren't patriotic and they don't have the nation's best interests at heart. They care about profit and the do what they can get away with regardless of the impact.
- Both have a history of outages (unforced errors). I'm concerned that they won't be able to handle an aggressive attack by a peer competitor with equal technological capabilities. https://www.readitquik.com/articles/cloud-3/top-7-aws-outages-that-wreaked-havoc/
- Both have a history of Tax dodging and meddling in government affairs
Both corporations
are multi-national operations with substantial presence in countries that are
potential enemies, employing foreign nationals in areas of high responsibility
and authority. Who is to say a high level executive with loyalty elsewhere couldn't override
security protocols to access the network? He would already have access to
adjacent resources, and that's over half of the battle for an experienced
hacker.
We know that Amazon
has a cozy relationship with China, and shares cloud technology with them. https://www.wsj.com/articles/amazon-to-sell-its-china-cloud-computing-business-1510628802
By outsourcing our
critical classified networks, we will lose core competencies and skills to
manage secure networks in DoD. The NMCI program to outsource the unclassified
network decimated the technical skill of Marine network specialists. Techs
coming out of the Corps used to have solid experience. Now they think basic
user creation and administration is network engineering. It most definitely is
not. We have already lost substantial technical expertise in our ranks due to
outsourcing.
I'm not opposed to
leveraging civilian expertise on a contract basis, or to outsource some
functionality to American based companies, but to put all our eggs in the safe
keeping of Amazon or Microsoft seems short sighted. Nevertheless, this contract
will be awarded, and time will tell what the resulting effects to our national
security will be. It is my sincere desire that my analysis is not correct.
No comments:
Post a Comment