Pentagon puts $10B cloud computing contract on hold after Trump swipe at Amazon

Politico ^ | 08/01/2019 | By JACQUELINE FELDSCHER

[SeekAndFind]

The Pentagon is slamming the brakes on its mega-competition to award a $10 billion cloud computing contract after President Donald Trump suggested the Defense Department might have rigged the contest in favor of Amazon, a frequent target of his criticism.

Defense Secretary Mark Esper, who assumed his post July 23, is now reviewing accusations of unfairness in the fiercely fought competition, the Pentagon announced Thursday, marking the president's latest incursion into the arcane world of Defense Department contracting. Oracle has reportedly waged an aggressive lobbying campaign to push back on the competition, now pitting Amazon against Microsoft, including talking with members of Congress and preparing a graphic that made its way to the president's desk.

"Secretary Esper is committed to ensuring our warfighters have the best capabilities, including Artificial Intelligence, to remain the most lethal force in the world, while safeguarding taxpayer dollars," Elissa Smith, a Pentagon spokesperson, said in a statement Thursday. "Keeping his promise to Members of Congress and the American public, Secretary Esper is looking at the Joint Enterprise Defense Infrastructure (JEDI) program. No decision will be made on the program until he has completed his examination."

The latest scrape once again pits Trump against Amazon, whose founder and CEO Jeff Bezos also owns The Washington Post and has become a growing powerbroker in the D.C. region.

The review is expected to delay the award of the Joint Enterprise Defense Infrastructure, or JEDI, contract, which the Pentagon had hoped to award in August. JEDI would give the Pentagon a single, secure cloud computing system for data ranging from personnel statistics to intelligence information, instead of the more than 500 clouds used by different parts of the military today.

[Responsibility2nd]

Winning.

(Never gets old, does it?)

[Zhang Fei]

Capital One just had a massive data breach involving 100m customer records. Its cloud provider? Amazon Web Services. The perp? A former Amazon Web Services employee.

[taxcontrol]

I work in cyber security and when I tell people that cloud means someone else owns the server and the data center, I get a lot of confused looks. Cloud is inherently less secure than owning your own server and data center because, you have less control over the access.

Can the solution be designed to accommodate that reduced control, yes. In fact, the design has to work even if you have little to no control over the hardware. Thus there is a greater need for monitoring, testing and protection services.

[DarthVader]

I think using cloud is a very bad idea.

[ConservativeMind]

Well, when an internal Amazon administrator for AWS is responsible for the Capital One breach, there SHOULD be a concern.

To be fair, the AWS S3 admin took advantage of apparent router misconfigurations that others could have, as well, but it’s very suspicious he(“she”) was the sole one to do this.

[RushIsMyTeddyBear]

And a trannie.

[RayChuang88]

That was a very likely reason why DoD stopped its award to AWS.

[gibsonguy]

I think using cloud is a very bad idea.”

I agree the military using cloud based storage is a very bad idea.

[Sergio]

Pentagon weenie: Yeah, let’s put it ALL on the cloud. What could go wrong?

[ProtectOurFreedom]

I think using cloud is a very bad idea.

Probably three or four dozen merchants and services you use every day run in the cloud.

[ProtectOurFreedom]

Read to the last line of the excerpt: "...more than 500 clouds used by different parts of the military today."

It all moved to cloud storage a long time ago. Might have been a blend of private cloud and public cloud.

[adorno]

Cloud is inherently less secure than owning your own server and data center because, you have less control over the access.

Even if not 'on the cloud', you can be hacked. If your computer or server connects at all to the internet or other computers, your data is at risk. That was the case before "the cloud" became popular and highly used, and it's still the case now, except that with "the cloud", your data is at higher risk.

[Justa]

“Well, when an internal Amazon administrator for AWS is responsible for the Capital One breach, there SHOULD be a concern.”

Worse. It was an Ex-Amazon AWS admin who breached an AWS customer’s security. Indicates very poor Systems architecture, management and security practices. Disabling all Admin accounts and resetting externally accessible administrative accounts is a 0-day activity when someone leaves a contract.

Even if C1’s data was downloaded when ‘it’ was still employed at AWS it means personal, external storage devices are permitted on the AWS management network. Bad, bad, bad.

[WashingtonSource]

The perp is also a transgender woman — or a man who claims to be a woman.

[salmon76]

It’s a Pollutico article. My guess is that the decision did not have ANYTHING to do with Trump’s tweet, but put on hold for another reason.

[scottinoc]

Nope, it doesn’t, especially now that the obligatory appointments are mostly gone, and we have people in office who Trump truly approves of, and who truly love America. The winning only gets sweeter, and if God wills, it will be sweeter still if God has mercy on America one more time in November 2020.

[Revel]

Yup. None of the above. No cloud.

[grateful]

The ex-employee had been gone from Amazon for 3 years before the hack and no longer had an account/access to AWS systems. The exploit was through Capital One's firewall, their fault for misconfiguring it. External storage devices are not allowed on the AWS management network.

That said, the best way to keep your data secure is in your own network, IF you have the right people to secure it. I've worked as a contractor for the government. The government employees I encountered were not the right people to secure government networks. That might be different elsewhere, but not where I was.

[SuperLuminal]

Awsomeness Alert!