DoD faces new series of legislative provisions showing misgivings about JEDI contract

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Federal Drive’s daily audio interviews on Apple Podcasts or PodcastOne.

Two influential Congressional committees weighed in this week with separate legislative provisions that aim to influence the Defense Department’s adoption of cloud computing. Among them are making cloud service spending more transparent, and conducting what lawmakers believe are necessary “enabling” steps before diving into the world of commercial cloud.

The provisions – one each in the House’s annual Defense appropriations bill and the Senate’s Defense policy bill – were the latest sign that some lawmakers are uncomfortable with DoD’s current approach to its upcoming JEDI contract. That is despite any shared enthusiasm for Pentagon officials’ adoption of cloud technologies.

The Senate bill, approved by the chamber’s armed services committee last month by a vote of 25-2 and released publicly this week, includes language requiring DoD to lay more technological groundwork within its own networks. The agency is preparing to transition key IT systems from government-operated infrastructure to off-site cloud hosts.

Senators expressed concern that DoD’s Cloud Executive Steering Group, the body that’s leading the JEDI procurement, has been so preoccopied with planning the contract itself that it’s neglected the “enabling activities” and “preconditions” the department will need to address if it’s going to successfully support its IT systems once they’re in the cloud.

“The committee emphasizes the importance … of modernizing networks by adopting advanced commercial capabilities,” lawmakers wrote in a report accompanying the bill. “Network modernization is essential for cybersecurity, supporting service-level agreements for cloud services, ensuring efficient cloud access, and consolidating networks.”

Specifically, the legislation would demand that DoD draw up a plan to “rapidly acquire advanced commercial network capabilities, including software-defined networking, on-demand bandwidth and aggregated cloud access gateways, through commercial service providers.”

The plan would have to be delivered to Congress within three months of the bill’s enactment, assuming the Senate language survives the final House negotiation process.

The Senate report also suggests that lawmakers believe department officials have underestimated the difficulty of the task of migrating its legacy systems to modern, commercially-provided cloud environments. The bill would order the department to conduct a separate analysis of all the applications it hopes to eventually move to JEDI, along with the level of effort involved in rationalizing and modifying those applications so that they can be supported in the cloud.

“Workload and migration analysis are critical to understanding feasibility and costs associated with the use of commercial cloud services,” the committee wrote. “Workload analysis will reveal that some workloads performed by the DOD’s systems and applications face significant barriers to migration due to technical, intellectual property, and data rights issues whose scope and implications are not yet understood.”

The Senate bill would also crack down on further spending on applications and systems that aren’t cloud-ready. It would bar approvals for any new systems – or modernization work on existing ones – unless DoD can certify that those systems “can or would be cloud-hosted.”

Finally, as part of DoD’s upcoming JEDI procurement, the SASC version of the NDAA would demand that the department abide by provisions of the Federal Acquisition Regulation (FAR) which insist that the government award its indefinite-delivery/indefinite quantity contracts to multiple vendors whenever possible.

In a report to Congress last month, Defense officials said they would publish a formal justification for their decision to award the JEDI contract to only one company, but the department has not done so thus far.

Meanwhile, the House Appropriations Committee – the same panel which demanded the report DoD produced last month – insisted on more transparency from the department.

Its version of the Defense appropriations bill, also released this week, would restrict DoD from moving any applications or data to JEDI until it supplies another detailed report explaining how the new single-award contract fits in with the rest of the department’s cloud activities.

The moratorium would stay in place from whenever the appropriations bill is enacted until 90 days after the Pentagon supplies Congress with more details on its overall cloud spending.

Specifically, it would demand that the department deliver a plan to set up a new budgeting system that accounts for all the funds the military services and Defense agencies will use to migrate their data and systems to any cloud environment, including JEDI.

And, it would require a more detailed strategy from DoD to implement enterprise-wide cloud computing programs like JEDI and the forthcoming Defense Enterprise Office Solutions contract.

The framework would have to include “the strategy to sustain competition and innovation throughout the period of performance of each contract, including defining opportunities for multiple cloud service providers and insertion of new technologies” along with “an assessment of potential threats and security vulnerabilities of the proposed cloud computing strategy, and plans to mitigate such risks.”