The Pentagon’s award late last week of its 10-year Joint Enterprise Defense Initiative (JEDI) contract for general purpose cloud computing to Microsoft took center stage on Capitol Hill today at a Senate Armed Services Committee hearing to consider the nomination of Dana Deasy as the Defense Department’s (DoD) CIO.
Deasy has been serving as DoD CIO since May 2018, but thanks to congressional action in the interim to make the position confirmable by Congress, the Senate committee met today to consider his formal nomination to the post.
While senators on both sides of the aisle spent the majority of their time focused on the JEDI contract award, Deasy took the opportunity to list major successes he’s had since assuming the CIO position nearly a year and a half ago.
“We developed the first Cloud Strategy to move the Department towards an enterprise warfighting cloud,” he explained. “We wrote an AI Strategy that outlines five pillars critical to accelerating DoD’s adoption and integration of AI. We stood up the Joint Artificial Intelligence Center as the focal point to accelerate and scale the fielding of AI across the Department”
He continued, “We have developed a comprehensive cybersecurity program that addresses our greatest cyber risks, and creates accountability to ensure that improvements are made. Additionally, we have several IT reform efforts underway, with the goal of finding cost savings that can be leveraged to effectively support the Department’s mission.”
And he emphasized that under his leadership the DoD has “attained … [the] highest-ever score on the Federal IT Acquisition Reform Act (FITARA).”
JEDI Award Under the Microscope
Sen. Jack Reed, D-R.I., the committee’s ranking member, immediately jumped on the JEDI deal, and questioned whether the award to Microsoft took place because of political pressure from President Trump, given the President’s sometimes antagonistic relationship with Jeff Bezos, CEO of Amazon, whose Amazon Web Services unit was also competing for the contract.
But Deasy pushed back on that notion, and explained that the CIO’s team sought out 50 government and civilian cloud experts, divided them into teams, and had them advise DoD on how to award the contract. He said that separate teams had no idea what other teams were working on, and that the identities of team members were kept secret.
He further emphasized, “In my discussions that I’ve had with the Deputy Secretary of Defense and the Secretary of Defense, at no time throughout this process have I ever shared any proprietary source information with them, nor have I ever divulged when we got to the conclusion who the awardee was.”
Sen. Angus King, I-Maine, pressed Deasy in blunt fashion on whether President Trump had pressured former Defense Secretary James Mattis to “screw Amazon” by giving the JEDI contract to Microsoft. Deasy once again said that the contract was “not influenced” by outside forces, “including the White House.” King then referred back to the expert groups that Deasy discussed with Reed and queried, “The final decision by those panels was to award the contract to Microsoft?,” to which Deasy responded, “Yes, it was.”
JEDI’s Impact on DoD
Further along the line of JEDI contract questioning, Sen. Mazie Hirono, D-Hawaii, asked Deasy about possible vulnerabilities or other issues with having a single provider house all classification levels of data. In response, Deasy stressed that DoD has consulted with the intelligence community on the matter and is implementing extensive cybersecurity safeguards – including penetration testing – to ensure the security of classified data.
Sen. Mike Rounds, R-S.D., asked Deasy about implementation and prioritization of cloud at DoD, rather than JEDI contract particulars. “Cloud is the foundation of which everything else rides on top of,” Deasy responded. “If we don’t get a right enterprise cloud in place our ability to do advanced machine learning, artificial intelligence, next-generation command and control communications, and secure the Department in a different way will be very challenging.”
Sen. Rounds also asked Deasy about the current cloud environment at DoD. “We are not short on the number of clouds and the types of clouds we have,” Deasy replied, and explained that the agency’s current cloud environment is full of systems that were built in a disparate and siloed manner over the last few years. That scattering of cloud infrastructure, he said, can crimp the success of warfighters in the field.
Deasy said the current environment “screamed out at him” that DoD was doing the right thing to bring in a larger cloud provider.
Securing DoD From Careless Contractors
On the non-cloud front, Sen. Joe Manchin, D-W.V. – a member of the Armed Services Committee’s cybersecurity subcommittee – asked Deasy what he was doing to ensure that Federal contractors working for DoD are keeping information secure to prevent cyber espionage. Specifically, he discussed the Senate’s desire to establish harsh financial penalties for contractors who aren’t undertaking adequate security measures.
Deasy said he hasn’t spent much time looking at the potential for fines, but did say, “We need to have changes, we need to make an intervention here.”
The CIO said concerns about data breaches don’t lie with tier-one defense contractors, but rather with contractors lower down on the supply chain. “We have to move away from the self-assessment approach that our suppliers are doing today, and instead have to move to an independent assessment approach,” he said.
Sen. Manchin asked if there was support for that course and if it would happen in the near term, and Deasy confirmed that there is work ongoing to move to an independent assessment approach. The senator asked for further information on whether DoD is planning to hold tier-one suppliers accountable for the actions of their downstream suppliers, and Deasy said he would get an answer back to Sen. Manchin shortly.
At the conclusion of the hearing, Sen. Reed called Deasy, as well as the two other nominees at today’s hearing – Lisa Hershman as chief management officer, and Robert Sander as general counsel of the Navy – “the right people for the job.”
Based on comments from committee members today, it appears that the nominations will receive the endorsement of the committee and move on to consideration by the full Senate.