The CIA is ready to update its cloud technology, and several reports this week showed that the agency has started a multi-billion dollar procurement process. A CIA spokesman was tense when asked to confirm.
This could be because an agency that is accustomed to working in secret simply wants to avoid the attention that the Pentagon's JEDI cloud procurement process has drawn and quietly dedicate itself to its work. If you're dealing with major cloud providers like Amazon, Microsoft, IBM and Oracle and the contract is worth billions of euros, fireworks will usually follow.
We know that the CIA's plan is part of a process called Commercial Cloud Enterprise (C2E). In a presentation by the Directorate for Digital Innovation, a department of the CIA, in March 2019 (pdf), the department presented its vision for C2E. It would be broad and would include infrastructure, platform and software cloud services that support a wide range of users with a variety of security releases and a global presence. The price tag: "tens of billions."
The procurement process would run in two phases. In the first phase, they pursued several providers to provide “basic cloud services”. In phase 2, the department distributed platform and software services on this phase 1 basis.
“The primary goal of the C2E program is to purchase cloud computing services directly from commercial cloud service providers that are proven to be innovative to a large customer base and have outstanding operational performance in delivering cloud services,” said the department in the presentation.
It's worth noting that it's been almost a year since this presentation and things have changed. In fact, the Bloomberg government reported this week that the RFP has discontinued the platform and software services component. According to Nextgov, the draft RFP was released this week, with a final call for proposals in the spring and a decision in September.
The intelligence community also outlined its broader cloud strategy for the foreseeable future in a document (pdf) published in June last year by the director of the National Intelligence Service (DNI) entitled "The Strategic Plan to Advance Cloud Computing in Intelligence Community "outlines a plan for a future of US telecommunications in the cloud and concludes that when data is exploded, a future in the cloud is essential to manage all of this:
The amount and speed of information is exploding, challenging our ability to quickly collect, analyze, and draw conclusions from different data sets. Additional workers do not close the gap. We have to use cutting edge technology. The future IC cloud environment presented here will effectively act as a force multiplier to improve our effectiveness and address the challenges of the mission.
The CIA was an early supporter of the cloud when it decided to build Amazon's $ 600 million private cloud in 2013. That was a big win for Amazon at that time and the broader transition to cloud services because it wasn't as mainstream back then as it is today. In an article from 2014, the Atlantic called it a “radical departure from the community of risk-averse secret services”.
Cloud technology has certainly evolved in the seven years that the CIA last conducted this exercise, and it makes sense to update such an old system that is a really old story from a technical point of view. The CIA likely sees the same cloud value proposition as the private sector in terms of flexibility, agility, and resource elasticity, and wants intelligence agencies to take the same advantage from this approach. It will certainly help to store, process and understand more and more data and to use machine learning.
We now know everything about the Pentagon's JEDI cloud contract sourcing history. In a two-year period after the Pentagon chose the cute Star Wars-influenced name for the $ 10 billion project, procurement was a dramatic all-rounder. Even now, months after Microsoft was declared the winner, Amazon protested the decision and questioned this award.
This is not the way technology technology is publicly procured. It is largely outside the public spotlight, which is covered by the state trade press, but is largely ignored by mainstream journals. Perhaps this explains why the CIA, which needs a cloud update, has decided to make its plans a little more discreet.