Is the Pentagon Cloud Secure Enough to Hold Nuclear Secrets?

Uploaded on 2018-05-24 in NEWS-Cybersecurity News, GOVERNMENT-Defence, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The US Defense Department’s Joint Enterprise Defense Infrastructure (JEDI) cloud will be designed to host the government’s most sensitive classified data, including critical nuclear weapon design information and other nuclear secrets.

The Pentagon is expected to bid out the controversial JEDI cloud contract soon and new contracting documents indicate the winning company must be able to obtain the full range of top secret government security clearances, including Department of Energy “Q” and “L” clearances necessary to view restricted nuclear data.

In response to questions from Nextgov, Defense Department spokeswoman Heather Babb confirmed “JEDI cloud services will be offered at all classification levels.” Babb said military and defense customers “will determine which applications and data migrate to the cloud.”

Amazon Web Services, considered a front-runner to win the JEDI contract, is already able to host some Defense Department classified data in a $600 million cloud it developed several years ago for the CIA. JEDI, however, represents a massive jump in size and scale. The contract could be worth as much as $10 billion over 10 years, with Defense officials describing it as a “global fabric” available to warfighters in almost any environment, from F-35s to war zones. 

Because government customers could use the cloud for almost anything, it must be built to host almost everything, explianed Steven Aftergood, head of the Federation of American Scientists' Project on Government Secrecy.

“It sounds to me like the government is covering all their bases,” Aftergood said. “Everything we’ve got might be part of this system, therefore you need to be potentially cleared for everything. And ‘everything’ includes information on weapons systems, operations, intelligence and nuclear weapons.”

Aftergood said the Defense Department’s requirement for individual “Q” clearances for personnel at the contractor that wins JEDI suggests the cloud may be able to “host information pertaining to nuclear weapons or classified information pertaining to the deployment and utilisation of nuclear weapons.”

Q clearances originated in the Atomic Energy Act of 1946. They are typically granted to contractors or scientists involved in the management or maintenance of the nuclear weapons complex and national laboratories. 

Q clearances would be a rarity among employees at the tech companies bidding on JEDI, though Aftergood said investigative requirements can be shortened through “reciprocity” arrangements if contracted personnel have attained similar clearances. Amazon, Google, Microsoft, IBM, Oracle and General Dynamics have indicated interest in JEDI.

The Pentagon has said it plans to award the JEDI contract in September and to begin migrating Pentagon systems early next year. Bloomberg, however, has reported that several companies have vowed to protest the contract and potentially take the Pentagon to court over its decision to award JEDI to a single cloud provider.

NextGov

You Might Also Read: 

Google Chairman Unaware Of Pentagon AI Project:

Amazon’s Data Centers Are Located in US Spy Country:

 

« Barclays Bank Want To Stop Cybercrime
An Iranian Hacker Confesses »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

BH Consulting

BH Consulting

BH Consulting we are a vendor independent consulting firm providing market leading range of information security services focused on data protection and cybersecurity.

Morgan Lewis Law

Morgan Lewis Law

Morgan Lewis is an international law firm with offices in North America, Europe, Asia, and the Middle East. Practice areas include Privacy and Cybersecurity.

Assured Data Protection

Assured Data Protection

Assured Data Protection specialises in data protection and disaster recovery services for large SME and enterprise organisations.

ForgeRock

ForgeRock

ForgeRock, the leader in digital identity, delivers comprehensive Identity and Access Management solutions for consumers, employees and things to simply and safely access the connected world.

Computer & Communications Industry Association (CCIA)

Computer & Communications Industry Association (CCIA)

CCIA supports efforts to facilitate and streamline information sharing on cyber threats between the private sector and the Federal Government.

Datacom Systems

Datacom Systems

Datacom Systems is a leading manufacturer of network visibility solutions.

ThreatQuotient

ThreatQuotient

ThreatQuotient delivers an open and extensible threat intelligence platform to provide defenders the context, customization and collaboration needed for increased security effectiveness.

National Cyber Security Agency (NACSA) - Malaysia

National Cyber Security Agency (NACSA) - Malaysia

NACSA is the leading government agency in Malaysia responsible for the development and implementation of national cyber security management policie and strategies.

Qualcomm Technologies

Qualcomm Technologies

Qualcomm invents breakthrough technologies that transform how the world connects, computes and communicates.

Isovalent

Isovalent

Isovalent deliver the most advanced Kubernetes networking & security capabilities to the most demanding of enterprise users.

CIBR Warriors

CIBR Warriors

CIBR Warriors are a leading cyber security and networking staffing company that provides workforce solutions with businesses nationwide in the USA.

Def-Logix

Def-Logix

Def-Logix was founded in 2008 to help solve cyber threats being experienced by government agencies of the United States.

Department of Homeland Security (DHS) - USA

Department of Homeland Security (DHS) - USA

The Department of Homeland Security has a vital mission: to secure the nation from the many threats we face. Our duties are wide-ranging, but our goal is clear - keeping America safe.

SecurEyes

SecurEyes

SecurEyes is a leading cybersecurity firm that provides specialised services, including cybersecurity assessments, managed services, and governance risk and compliance services.

Lakera

Lakera

Lakera empowers developers and organizations to build GenAI applications without worrying about AI security risks.

XeneX

XeneX

XeneX Cloud Security Services address enterprise-class security challenges by enabling DevOps and Security teams to access a shared source of truth.