Is the Pentagon Cloud Secure Enough to Hold Nuclear Secrets?

The US Defense Department’s Joint Enterprise Defense Infrastructure (JEDI) cloud will be designed to host the government’s most sensitive classified data, including critical nuclear weapon design information and other nuclear secrets.

The Pentagon is expected to bid out the controversial JEDI cloud contract soon and new contracting documents indicate the winning company must be able to obtain the full range of top secret government security clearances, including Department of Energy “Q” and “L” clearances necessary to view restricted nuclear data.

In response to questions from Nextgov, Defense Department spokeswoman Heather Babb confirmed “JEDI cloud services will be offered at all classification levels.” Babb said military and defense customers “will determine which applications and data migrate to the cloud.”

Amazon Web Services, considered a front-runner to win the JEDI contract, is already able to host some Defense Department classified data in a $600 million cloud it developed several years ago for the CIA. JEDI, however, represents a massive jump in size and scale. The contract could be worth as much as $10 billion over 10 years, with Defense officials describing it as a “global fabric” available to warfighters in almost any environment, from F-35s to war zones. 

Because government customers could use the cloud for almost anything, it must be built to host almost everything, explianed Steven Aftergood, head of the Federation of American Scientists' Project on Government Secrecy.

“It sounds to me like the government is covering all their bases,” Aftergood said. “Everything we’ve got might be part of this system, therefore you need to be potentially cleared for everything. And ‘everything’ includes information on weapons systems, operations, intelligence and nuclear weapons.”

Aftergood said the Defense Department’s requirement for individual “Q” clearances for personnel at the contractor that wins JEDI suggests the cloud may be able to “host information pertaining to nuclear weapons or classified information pertaining to the deployment and utilisation of nuclear weapons.”

Q clearances originated in the Atomic Energy Act of 1946. They are typically granted to contractors or scientists involved in the management or maintenance of the nuclear weapons complex and national laboratories. 

Q clearances would be a rarity among employees at the tech companies bidding on JEDI, though Aftergood said investigative requirements can be shortened through “reciprocity” arrangements if contracted personnel have attained similar clearances. Amazon, Google, Microsoft, IBM, Oracle and General Dynamics have indicated interest in JEDI.

The Pentagon has said it plans to award the JEDI contract in September and to begin migrating Pentagon systems early next year. Bloomberg, however, has reported that several companies have vowed to protest the contract and potentially take the Pentagon to court over its decision to award JEDI to a single cloud provider.

NextGov

You Might Also Read: 

Google Chairman Unaware Of Pentagon AI Project:

Amazon’s Data Centers Are Located in US Spy Country:

 

« Barclays Bank Want To Stop Cybercrime
An Iranian Hacker Confesses »

Directory of Suppliers

VMworld

VMworld

VMworld is a global conference for virtualization and cloud computing, including associated security issues.

Intrinsic-ID

Intrinsic-ID

Intrinsic-ID's authentication technology creates unique IDs and keys to authenticate chips, data, devices and systems.

BMC Software

BMC Software

BMC provide solutions for IT service management, Cloud management, IT workload automation, IT operations, and mainframe system management.

Cyber Security Europe

Cyber Security Europe

Cyber Security Europe covers all facets of cyber security and risk mitigation, from perimeter firewalls to the latest threat intelligence solutions.

Research Institute in Science of Cyber Security (RISCS)

Research Institute in Science of Cyber Security (RISCS)

RISCS is focused on giving organisations more evidence, to allow them to make better decisions, aiding to the development of cybersecurity as a science.

LexisNexis Risk Solutions

LexisNexis Risk Solutions

LexisNexis Risk Solutions provides technology solutions for Anti-Money Laundering, Fraud Mitigation, Anti-Bribery and Corruption, Identity Management, Tracing and Investigation.

Momentum

Momentum

The Cyber Security team at Momentum offers a professional and specialist recruitment service across Cyber & IT Security.

Leviathan Security Group

Leviathan Security Group

Leviathan provides a broad set of information security services ranging from low-level technical engineering to strategic business consulting.

AcceptLocal

AcceptLocal

AcceptLocal is a payments industry consultancy with expertise in payment processing, payment security, anti-money laundering and fraud prevention.

Mitchell Sandham

Mitchell Sandham

Mitchell Sandham is an, independent insurance and financial services brokerage. Business products include Cyber/Privacy Liability insurance.

International Federation of Robotics (IFR)

International Federation of Robotics (IFR)

The International Federation of Robotics connects the world of robotics around the globe. Our members come from the robotics industry, industry associations and research & development institutes.

AppSec Labs

AppSec Labs

AppSec Labs specialise in application security. Our mission is to raise awareness in the software development world to the importance of integrating software security across the development lifecycle.

Beta Systems

Beta Systems

The Identity Access Management solutions of Beta Systems comply with the vision of a strong provisioning foundation combined with state-of-the-art governance and analytics applications.

Cologix

Cologix

Cologix provides reliable, secure, scalable data center and interconnection solutions from 24 prime interconnection locations across 9 strategic North American edge markets.

Titan IC Systems

Titan IC Systems

Titan IC is a leader in the development of hardware accelerated processors for cyber Security Analytics Acceleration (SAA) and content processing.