Oracle vs. Pentagon & Amazon: JEDI Trial Starts

WASHINGTON: This morning, Federal Claims Court judge Eric Bruggink heard oral arguments in a case that’s come under intense scrutiny from Congress — and which will shape Defense Department networks from the Pentagon to the foxhole.

Yes, the immediate legal battle is Oracle’s lawsuit, which claims the Defense Department unfairly shortcut competition for its 10-year, $10 billion JEDI contract. The Pentagon’s plan is to hire a single contractor — Amazon Web Services is heavily favored, while Oracle’s bid was already rejected — to consolidate many, but not all, of the department’s 500-plus cloud-computing contracts into a single Joint Enterprise Defense Infrastructure.

But despite the studiously bland name and geekily contrived acronym, JEDI isn’t just back-office IT. The Pentagon plans for JEDI servers not just in the US, but in warzones abroad, on ships and Humvees, and even in frontline foot troops’ backpacks. It will be the digital backbone for how the US military plans to wage a new kind of multi-domain conflict, in which sharing vast amounts of intelligence data is key to victory in both cyberspace and the physical world.

Both sides acknowledge the stakes are bigger than just proper contracting procedures. “Information technology must now be viewed as a weapons system,” Oracle executive vice president Kenneth Glueck wrote in an op-ed this morning. “JEDI’s flaws start by choosing convenience over capability” — that is, by de facto defaulting to Amazon Web Services, whose prominent position in the Intelligence Community and elsewhere makes it the easy button for the Pentagon, when it would arguably be better to have different clouds tailored to different functions. “JEDI, as structured, will harm our military readiness because there is no one solution for cloud IT any more than there is one single platform for air superiority,” he argued.

But the Defense Department already has too many cloud contracts, and even at its most expansive, JEDI will only replace some of them, the Pentagon insists, so splitting JEDI up among multiple vendors defeats the point. And if the judge rejects the single-vendor approach and requires a more cumbersome multi-cloud contract, or even if he just restarts JEDI to give Oracle a second chance, this argument continues, it will cost the US military time it can’t afford.

“Delaying implementation of JEDI cloud will negatively impact our efforts to plan, fight, and win,” argued the three-star chief information officer for the Joint Staff, Lt. Gen. Bradford Shwedo, in a June court filing defending the single-vendor plan. “Our current compartmentalized management of data is untenable to assist our warfighters at the speed of relevance.”

“If you’re looking at cloud at scale” — that is, a single comprehensive cloud rather than lots of fragmented ones — “it’s going to be a cradle for big data and artificial intelligence,” which require vast volumes of information, said Harry Wingo, a Navy SEAL turned cybersecurity professor at the National Defense University. (NDU is run by the Pentagon but Wingo emphasized he speaks only for himself, not for any agency). “So how far back are we set on actually being able to get something to the warfighter? Are we talking months? Are we talking longer?”

“We don’t have time,” Wingo told me. “We don’t have time.” With cyber espionage, social media disinformation, and other gray zone maneuvers happening all the time, he said, we don’t just need the JEDI cloud for some hypothetical future conflict: We need it now.

“We’re in a shadow war,” Wingo said. “This is a warfighting platform — and our competitors don’t have to go through the same hoops that we have to. We have to get about this with the appropriate urgency.”

Hurry Up & Wait

Ironically, the Pentagon’s very efforts to speed up JEDI may have led to delays. Instead of emerging from the conventional, cumbersome, but painstakingly even-handed acquisition process, JEDI began as the brainchild of the Defense Digital Service, whose then-director Chris Lynch loved naming projects after Star Wars.

DDS is a handpicked geek elite who spend a few months or years in the Pentagon, infusing outside innovation and shocking the system, before going back to the private sector. But breaking down the traditional, rigid barriers between government bureaucracy and Silicon Valley came with a price: One DDS employee who advocated strongly for a single-vendor approach to JEDI, Deap Ubhi, had worked for Amazon before his Pentagon tour and went back there after.

An internal Pentagon investigation clear Ubhi and several other officials of undue interference in the JEDI decision. The independent Government Accountability Office agreed, saying the Defense Department had legitimate reasons for preferring a single vendor, and denied Oracle’s protest last November.

But then new evidence emerged that Ubhi might have not recused himself properly after all, putting the court case on hold while the Pentagon re-investigated. While that second internal probe still found no conflict of interest, the department’s semi-independent Inspector General continues to investigate — reportedly with some assistance from the FBI. The revelations undermined confidence in JEDI and gave Oracle ammunition when it argued the competition had been rigged in favor of Amazon Web Services.

“No matter, what the optics are bad,” one industry expert told me. “The fix has been in for AWS the whole time, and you’ve got one of the key players signing up to work with AWS before the assessment period was finished.”

Johnson – 2019-06-24 RHJ to DOD Re OIG Investigation – JEDI by BreakingDefense on Scribd

No less a legislator than the chairman of the Homeland Security & Governmental Affairs Committee, Sen. Roy Johnson, raised the conflict of interest issue in a June 24th letter to the Acting Secretary of Defense, Mark Esper. “Apparently, at least two DoD employees who played a role in the JEDI procurement process had connections to a company bidding on the contract,” Johnson wrote. “Given the significant amount of taxpayer dollars… I respectfully request DOD to delay awarding this contact to any company until DoD OIG [Office of the Inspector General] completes its investigation.”

Meanwhile, a prominent JEDI critic on the House Appropriations Committee, Rep. Steve Womack, wrote to President Trump himself. “Oracle and IBM were recently eliminated from consideration based on what I believe to be arbitrary reasons to limit competition,” Womack wrote. “Without competition a vendor will not have any reason to include the latest, most capable, and most secure technology.” The congressman had already gotten language into the House draft of annual defense funding bill that requires the Pentagon to explain how it would ultimately move to a multi-cloud approach before it can spend any money on a single JEDI cloud.

Womack Letter to President … by on Scribd

Now, Oracle is not advocating multiple vendors out of pure public-interested altruism. While the company has long held a powerful position in both government and business databases — indeed, it’s been repeatedly accused of locking customers in and then jacking up their fees — it’s widely considered a latecomer to large-scale cloud computing, still playing catch-up to the three top tier providers.

“The three big, general-purpose clouds are Amazon, [Microsoft] Azure and Google,” Pentagon chief data officer Michael Conlin said bluntly back in January. “Market share creates revenue, revenue creates R&D, R&D creates new services, and the pace of innovation in the big three is substantially above the pace of innovation in all of the others.”

(While Google declined to bid on JEDI, Microsoft’s Azure is still in the running alongside Amazon).

“Oracle is not in the same class as Microsoft and AWS when it comes to providing commercial … cloud services on a broad scale,” government lawyers wrote in a recent brief to the court. “Even if Oracle were reinstated into the competition, its chances of being awarded the JEDI contract would be slim.”

So if the Pentagon goes with a single vendor for JEDI, the odds are against it being Oracle. If it’s force to go with multiple vendors, however, the odds are good Oracle can win a place.

Amazon, of course, is plenty self-interested as well. It has led the way on large-scale cloud computing, both for business and for government, and it is completely confident that it can handle something as big and complicated as JEDI on its own. It has no incentive to share the labor or the reward with any other vendor.

“There’s a lot of good of stuff about AWS, but why go to a sole source solution? Walking into a monopoly — that’s not smart,” our industry source said.

What about the argument that a single vendor is the only way to simplify the Pentagon’s struggles to manage its current myriad of competing clouds? “This idea that we have to have a single provider — bullshit!,” the industry source said. “Get off your ass and figure out how to handle a couple of providers, unless you’re too inept to do it any other way.”

But that’s the kind of technical judgment on which federal judges, like the GAO, generally defer to the executive branch. If the Pentagon’s own experts say a multi-vendor approach is too hard, most judges would be reluctant to overrule them.

Even if JEDI goes ahead with a single vendor, moreover, the Department of Defense will have multiple clouds run by multiple contractors. True, the official Pentagon cloud strategy defines JEDI as the “general purpose cloud” which most Defense Department organizations should default to in the future, rather than making their own contract. But that same strategy also envisions a whole array of “Fit For Purpose” clouds — most prominently, the Defense Information Systems Agency’s MilCloud 2.0 — for functions that just don’t fit well with the general-issue JEDI.

In fact, there’s at least one ongoing cloud competition that’s nearly as large as JEDI — with the potential to grow bigger: the $8 billion Defense Enterprise Office Solution (DEOS). That kind of office/business software is something Oracle is historically very good at.

So while the stakes in the JEDI case are high, whichever way Judge Bruggink rules, the battle to build the Pentagon’s clouds is far from over.