Introduction

The Department of Defense (DOD) is endeavoring to catch up to commercial best practices by accelerating its transition to enterprise cloud computing. Cloud computing carries multiple benefits for the DOD including lower costs, better security, and increased speed and access. In order to make this transition, the DOD has released a solicitation for companies to submit proposals for enterprise cloud computing services under a program named Joint Enterprise Defense Infrastructure (JEDI). The DOD hopes to make an award in August. Citing the complexity of this initial effort as justification, the department has chosen to structure the contract award as single-source, meaning that after the competition is complete, it intends to award the contract to a single vendor.

Several companies, concerned about not winning this potentially lucrative contract, have challenged this approach, protesting to the Government Accountability Office (GAO), mounting court cases, and appealing to Members of Congress—and even to President Donald Trump—in an effort to force the Pentagon to change its contracting strategy. To date, the GAO and the courts have rejected these arguments. The Pentagon’s plan to make only one award, sometimes referred to as “winner-take-all,” is legal, justifiable, and appropriate. Congress and the Trump Administration should cease efforts that delay this valuable effort—and instead work to support the Pentagon in this endeavor. Further delay jeopardizes the Pentagon’s transition to 21st-century best-computing practices.

Background

Due to the wide array of domains in which modern warfare is fought—land, sea, air, space, and cyberspace—it is extremely important that warfighters have access to any and all information with which they may better succeed. The Pentagon is overdue in overhauling its current information infrastructure and replacing it with the safer, faster, and more centralized cloud computing architecture.

According to the National Institute of Standards and Technology, cloud computing is “a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”REF Cloud computing is a part of almost everyone’s life; anyone who uploads a picture to Facebook or uses Gmail is using cloud computing. Cloud computing is mainstream; 90 percent of organizations today use some sort of cloud computing.REF

Unfortunately, the Department of Defense is behind in cloud computing. The Pentagon describes its current computing environment as having “multiple, disjointed and stove-piped information systems” composed of over 500 separate computing clouds.REF The plethora of clouds and data centers has created balkanization within the department. According to the Pentagon, the vast number of servers creates “numerous seams, incongruent baselines and additional layers of complexity for managing data and services at an enterprise level.” This dispersion of data impedes warfighters through the lack of ability to analyze and interpret data on an enterprise scale. Consolidating cloud services would provide centralization to the department, thereby expanding the effectiveness of warfighters.

Announcing the push to move to enterprise cloud computing in November 2017, then–Deputy Secretary of Defense Patrick Shanahan laid out the Pentagon’s vision for an accelerated effort to acquire a modern enterprise cloud computing services solution capable of classified processing. According to the Deputy Secretary, the adoption and implementation of such a system is “critical to maintaining our military’s technological advantage.”REF

In addition to its advantages on the battlefield, this envisioned cloud would greatly support the 2018 National Defense Strategy’s goal to “reform the Department for greater performance and affordability.” The JEDI program would advance DOD business performance by creating a highly elastic and secure computing environment.REF

Because of the scope of such a project and its value to industry, the JEDI system has, according to the Congressional Research Service, been the subject of “significant industry and congressional attention.”REF

The JEDI Contract

After considerable research and industry outreach, the DOD released the formal Request for Proposal (RFP) for JEDI on July 27, 2018, outlining its requirements for the desired services and specifications of performance.REF The DOD chose to use an indefinite delivery/indefinite quantity (ID/IQ) contract mechanism, signifying that it will require an undefined amount of services over a fixed period of time. It is the appropriate contracting mechanism for cloud computing services.

Under acquisition regulations governing ID/IQ contracts, contracting officers are encouraged to the “maximum extent practical, give preference to making multiple awards.” However, exceptions are permissible, for reasons that include the scope and complexity of the requirement.REF Significantly, the JEDI RFP stated that DOD intended, after the competition among bids had taken place, to award a contract to a single vendor.

In the case of JEDI, the DOD viewed the program as extremely complex, warranting the use of a single-award strategy, and on that basis waived the Federal Acquisition Regulation (FAR) requirement that ID/IQ contracts have multiple awards. The FAR also requires that ID/IQ contracts going to a single vendor are awarded only on a firm fixed-price basis. The Under Secretary of Defense for Acquisition and Sustainment, the Honorable Ellen Lord, subsequently approved the required waiver, both justifying the single-award strategy based on the complexity of the requirement and verifying that only firm fixed-price task orders will be used.REF

The Pentagon’s Chief Information Officer, Dana Deasy, the former Chief Information Officer for JP Morgan Chase, has explained why the DOD is utilizing a single-award contract. Deasy states that awarding a single contract was “in the Pentagon’s best interest and would give it a better chance of success to build a cloud system capable of serving the entire department.” Deasy added, “[W]e’ve never built an enterprise cloud, so starting with a number of firms while at the same time trying to build out an enterprise capability just simply did not make sense.”REF

In this case, the Pentagon’s reasoning is sound. At its earliest stage, the Pentagon should focus on successfully transitioning to one vendor’s enterprise cloud service. Transitioning to a cloud computing environment is already difficult without the added need to transition to multiple clouds. Applications must be adapted to the new environment, security responsibilities transitioned, and new pricing models developed. Dealing with multiple cloud computing environments would unnecessarily complicate the DOD’s early transition. Major corporations, including Fortune Top Five companies, have not endeavored to make use of multiple-enterprise cloud domains, especially early in their transitions.REF

Industry Push-Back

Several commercial firms, however, have expressed vocal disagreement with the Pentagon’s single-award strategy. There are only a few U.S. companies with the capability to provide these enterprise cloud services at scale. They include Amazon Web Services (AWS), IBM, Microsoft, Oracle, and Google. Both Oracle and IBM filed protests with the GAO. These firms alleged that the single-award strategy is illegal and would lock out others from competing for an extended period of time. They argued the Pentagon should pursue a multiple-award strategy. These protests were either dismissed or denied.

Oracle also filed a court case alleging that the acquisition process was unfairly skewed toward AWS. Oracle alleged that certain individuals in the DOD exerted illegal influence on the process. On July 12, 2019, the U.S. Court of Federal Claims ruled against Oracle.REF

Congressional and Administration Involvement

Congress has taken an active interest in the JEDI contract, in some cases prompted by active industry outreach. In the 2019 National Defense Authorization Act (NDAA), Congress required the Pentagon to submit a report on the DOD’s cloud adoption activities and limited its expenditure of funds to 15 percent until the report was submitted. In response, the requested report was submitted. The law also required the Pentagon to ensure the Federal Acquisition Regulations were followed. The 2019 defense appropriations bill prevented the expenditure of any JEDI funding until various additional cloud computing reports were submitted.

Congressional interest continues in the bills for fiscal year (FY) 2020. The Senate version of the NDAA requires the DOD to develop and issue policy and instructions concerning the migration to the cloud. The House Appropriations Committee’s version of the 2020 defense appropriations bill, if adopted, would prohibit the use of funds for JEDI until the Pentagon submits a report describing how it will transition to a “multi-cloud, multi-vendor” cloud environment.REF

At this point, congressional intervention in the JEDI solicitation is unhelpful and has distinctly slowed progress. The Pentagon, in its cloud computing strategy, states that in the future the DOD cloud computing environment will consist of multiple vendors.REF But at this initial stage of transition to enterprise cloud computing, to reduce complexity and accelerate efforts, it is appropriate for the DOD to seek a single, competitively awarded enterprise cloud services provider.

By virtue of their investments and experience, in 2019, some cloud computing companies are better situated to compete for this contract than others. Normal market forces should be allowed to operate freely in order to get the Pentagon what it needs in the manner it needs it—as opposed to Congress intervening to interfere with the marketplace. Companies that do not win the JEDI contract will have the opportunity to compete for future JEDI contracts, as well as other DOD cloud computing requirements.

Finally, President Trump, on July 18, 2019, after noting he had been contacted by Microsoft, IBM, and Oracle, as well as several Congressmen, signaled that he would ask someone to “look into” the JEDI contract controversy.REF

The President and the White House should also not intervene in the JEDI contract. The program is necessary and has been appropriately structured. Despite the fact there will be a single winner and multiple losers, the competition has been constructed fairly and appropriately.

Summary

The JEDI effort is well conceived and structured. The process is set up to deliver a competitively awarded cloud computing environment with a single vendor, which is appropriate given the level of complexity involved in transitioning to the cloud—and the DOD’s stage in the transition process. The Pentagon has said it hopes to award a contract by the end of August 2019. The DOD itself has stated it will initiate other enterprise cloud computing efforts and use additional vendors in the future. The court and the GAO have both found the JEDI contract process and program sound.

Recommendations

The DOD’s entrance into enterprise cloud computing is overdue. The JEDI contract will be a trailblazer, pulling the Pentagon into 21st-century computing. It has already been delayed based on objections from industry and Congress. Further delay frustrates efforts to incorporate this best practice into America’s military.

Congress should:

• Allow the JEDI contract to proceed unhindered, with appropriate oversight, but not interference, and
• Reject efforts to include language prohibiting the DOD from spending money on JEDI in the FY 2020 defense appropriations bill.

The White House and the President should:

• Deny requests to interfere with the JEDI contract award process.

The Department of Defense should:

• Award the JEDI contract at the earliest possible time, and
• Keep Congress updated on the status of migration to enterprise cloud services.

Congress must resist efforts by industry to intervene in a contract that has been appropriately constructed and competed fairly. Working together, the Pentagon, Congress, and the Administration can make the JEDI program a success and a model for other agencies to follow.

Thomas W. Spoehr is Director of the Center for National Defense in the Kathryn and Shelby Cullom Davis Institute for National Security and Foreign Policy at The Heritage Foundation. While in uniform and assigned to the Pentagon, Lieutenant General Spoehr helped lead the Army’s transition to cloud computing. Emma Watkins is Research Assistant for the Center for National Defense.