DOD CIO reassures Congress: No JEDI pressure
At his Senate confirmation hearing, Defense Department CIO Dana Deasy said the department's $10 billion cloud contract was awarded by a team of experts and was not influenced by the White House or other outside forces.
NOTE: This first appeared on FCW.com.
Senators didn’t waste time getting answers on whether the White House tampered with the Defense Department’s $10 billion cloud procurement during an Oct. 29 Senate Armed Services Committee hearing.
Ranking Member Sen. Sen. Jack Reed (D-R.I.) told Deasy, who must be confirmed for the position he already holds due to a change in the status of the CIO post, that the "importance of the JEDI contract means it needs to be beyond any type of political engagement; it has to be done right down the middle."
DOD announced it awarded Microsoft the 10-year, $10 billion JEDI contract on Oct. 25. Amazon Web Services was seen as a likely frontrunner for the award; there's no indication yet if they plan to seek redress, but many experts say a protest is likely.
After releasing the JEDI solicitation, Deasy said DOD "went out and found approximately 50 government, civilian servants that were experts in cloud computing and we compartmentalized them. And we segregated them into teams. At no time did one team have access to what the other team was working on."
That segregation and double-blind approach safeguarded the team's integrity as well as the ultimate outcome, Deasy indicated.
“Sir, I can tell you that the way we organized the team kept the anonymity of the team, the compartmentalization of the team, that I feel very confident that at no time were team members that actually took the source selection, were influenced with any external, including the White House,” Deasy said.
Deasy was responding to a to a question from Sen. Angus King (I-Maine) who asked the CIO for "categorical insurance" on the matter.
Deasy also explained how the team members had the final say on JEDI, while the defense secretary and deputy secretary were simply informed.
"They actually make the final decision and then they bring that decision to me," Deasy testified. “I have a chance to ask them questions about it. And then all I do is take that final acquisition decision and inform the deputy and inform the secretary of the decision taken."
Senators also questioned the security of JEDI -- a frequent criticism of the platform that will host a mixture of classified and unclassified information.
Deasy said moving data to the tactical edge for warfighter use and access was a critical need.
"One of the uniquenesses of this environment that we've created is what’s called multi-domain data classes," which segregates the data based on classification level "in a way that allows the warfighter to access what they need...in an integrated operable manner."
Deasy also said DOD had technical guidance from the intelligence community to "help architect in our [request for proposal] how we expected our suppliers to ensure that our various classifications of data were secured, segregated and protected."
DOD will continue to build on that relationship following JEDI’s award and have the National Security Agency complete penetration testing of each classification level, the CIO said.
Additionally, Deasy said in written response to policy questions that DOD is developing implementation guidance for DOD components so they can use the tools and data provided by cloud service providers.
"The DOD CIO is reviewing and updating department policy and implementation guidance related to cloud computing," Deasy wrote. "We will use this review to set new standards ensuring the appropriate discovery of data and update procedures for ensuring systems and data are secure in the cloud."