Is the Pentagon Cloud Secure Enough to Hold Nuclear Secrets?

The US Defense Department’s Joint Enterprise Defense Infrastructure (JEDI) cloud will be designed to host the government’s most sensitive classified data, including critical nuclear weapon design information and other nuclear secrets.

The Pentagon is expected to bid out the controversial JEDI cloud contract soon and new contracting documents indicate the winning company must be able to obtain the full range of top secret government security clearances, including Department of Energy “Q” and “L” clearances necessary to view restricted nuclear data.

In response to questions from Nextgov, Defense Department spokeswoman Heather Babb confirmed “JEDI cloud services will be offered at all classification levels.” Babb said military and defense customers “will determine which applications and data migrate to the cloud.”

Amazon Web Services, considered a front-runner to win the JEDI contract, is already able to host some Defense Department classified data in a $600 million cloud it developed several years ago for the CIA. JEDI, however, represents a massive jump in size and scale. The contract could be worth as much as $10 billion over 10 years, with Defense officials describing it as a “global fabric” available to warfighters in almost any environment, from F-35s to war zones. 

Because government customers could use the cloud for almost anything, it must be built to host almost everything, explianed Steven Aftergood, head of the Federation of American Scientists' Project on Government Secrecy.

“It sounds to me like the government is covering all their bases,” Aftergood said. “Everything we’ve got might be part of this system, therefore you need to be potentially cleared for everything. And ‘everything’ includes information on weapons systems, operations, intelligence and nuclear weapons.”

Aftergood said the Defense Department’s requirement for individual “Q” clearances for personnel at the contractor that wins JEDI suggests the cloud may be able to “host information pertaining to nuclear weapons or classified information pertaining to the deployment and utilisation of nuclear weapons.”

Q clearances originated in the Atomic Energy Act of 1946. They are typically granted to contractors or scientists involved in the management or maintenance of the nuclear weapons complex and national laboratories. 

Q clearances would be a rarity among employees at the tech companies bidding on JEDI, though Aftergood said investigative requirements can be shortened through “reciprocity” arrangements if contracted personnel have attained similar clearances. Amazon, Google, Microsoft, IBM, Oracle and General Dynamics have indicated interest in JEDI.

The Pentagon has said it plans to award the JEDI contract in September and to begin migrating Pentagon systems early next year. Bloomberg, however, has reported that several companies have vowed to protest the contract and potentially take the Pentagon to court over its decision to award JEDI to a single cloud provider.

NextGov

You Might Also Read: 

Google Chairman Unaware Of Pentagon AI Project:

Amazon’s Data Centers Are Located in US Spy Country:

 

« Barclays Bank Want To Stop Cybercrime
An Iranian Hacker Confesses »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

WEBINAR: How To Build And Implement An Effective Endpoint Detection And Response Strategy

WEBINAR: How To Build And Implement An Effective Endpoint Detection And Response Strategy

Join this webinar to learn how the cloud threat landscape is evolving and organizations are deploying more advanced and capable security controls at scale.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CloudDNA

CloudDNA

cloudDNA is the only dedicated Citrix NetScaler consultancy in EMEA. We can help your migration to NetScaler secure networking solutions.

DNV

DNV

DNV are the independent expert in assurance and risk management. We deliver world-renowned testing, certification and technical advisory services.

Center for Strategic Cyberspace & International Studies (CSCIS)

Center for Strategic Cyberspace & International Studies (CSCIS)

CSCIS seeks to advance global cyberspace security and prosperity by providing strategic insights for cyberspace and policy solutions to decision makers.

Zettaset

Zettaset

Zettaset’s XCrypt Data Encryption Platform delivers proven protection for Object, Relational/SQL, NoSQL, and Hadoop data stores…in the cloud and on-premises.

Linksoft Integrated Services

Linksoft Integrated Services

Linksoft provides consulting and customized solutions and services to help our clients make informed decisions for their Cyber Security and Managed Services needs.

Nuspire

Nuspire

Nuspire provide services to protect your network with best-in-class managed detection and response, allowing you to stay focused on managing your business.

Cynamics

Cynamics

Cynamics is the only network monitoring solution built specifically for Smart City, Public Safety and Critical Infrastructure networks.

EuraTechnologies

EuraTechnologies

EuraTechnologies, the French incubator and accelerator, is a centre of excellence and innovation for startups and entrepreneurs with a focus on Digital, Data, Cybersecurity and IoT.

Techleap.nl

Techleap.nl

Techleap.nl is a non-profit publicly funded organisation helping to quantify and accelerate the tech ecosystem of the Netherlands.

Finosec

Finosec

Finosec's mission is to change the way information security and cybersecurity are managed in banking.

Key Cyber Solutions

Key Cyber Solutions

Key Cyber is an IT consulting firm that specializes in agile software development services, program management and infrastructure services, cyber security and cloud and managed services.

Securolytics

Securolytics

Securolytics offers the simplest, most complete and affordable IoT security for all organizations. Securolytics quickly identifies unmanaged devices to reduce security and compliance risks.

Open Quantum Safe (OQS)

Open Quantum Safe (OQS)

The Open Quantum Safe (OQS) project is an open-source project that aims to support the development and prototyping of quantum-resistant cryptography.

Althammer & Kill

Althammer & Kill

Althammer & Kill offers pragmatic solution concepts for data protection and digitization. We advise in the field of data protection, information security and compliance.

Detego Global

Detego Global

Detego Global are the creators of the Detego® Unified Digital Forensics Platform, a suite of modular tools used globally by military, law enforcement and intelligence agencies, and enterprises.

Cycurion

Cycurion

Cycurion is a global leading provider of Network Communications and Information Technology Security Solutions.