Light trails in clouds in sky | John Lund

FBI May Follow CIA, Pentagon With Colossal Commercial Cloud Contract

March 2, 2018 Chris Cornillie

This analysis was first available to Bloomberg Government subscribers.

The FBI may become the next branch of the U.S. national security apparatus after the CIA and the Pentagon to issue a large-scale commercial cloud services contract, according to a Feb. 16 request for information.

The nation’s top law enforcement agency is seeking industry input on how to use cloud infrastructure, platforms, and software to achieve its goals of boosting performance and deriving insights from big data. Specifically, the Federal Bureau of Investigation will look to an established commercial cloud service provider capable of delivering on its operational and security needs for:

  • On-demand, broad network access with resource pooling and rapid elasticity;
  • A catalog of innovative application, data, middleware, and operating system options available in the commercial marketplace;
  • Middleware tools, including identity management, security management, log analysis, and auditing;
  • Operational excellence in meeting the intelligence community’s security requirements for handling “Secret”-level data;
  • Faster application development and capabilities to support big data management and cognitive computing (i.e., artificial intelligence); and
  • Petabyte-scale data processing. (One petabyte is equal to one quadrillion bytes, or about half of the information contained in all U.S. academic research libraries, according to a Caltech estimate.)

In addition, the RFI outlines several additional requirements that may shape the acquisition. The provider will likely need to maintain at least two data centers that are 1,000 miles apart with dedicated, firewalled space to support 50,000 government users. The FBI will also need the ability to supply its own encryption and to review and approve all personnel the vendor hires to manage these data centers.

FBI’s commercial cloud will be one of several programs to replace the $30 billion Information Technology Supplies and Support Services (ITSSS) blanket purchase agreement, which the bureau reported will sunset in October. Rather than issuing a direct recompete, the FBI may plan to break off chunks of the contract for separate cloud, cybersecurity, and hardware awards and issue a smaller ITSSS 2, perhaps in the range of $10 billion over eight years.

Based on the size of the FBI and of similar commercial cloud deals in the past, Bloomberg Government estimates the contract could be worth $300 million or more.

BGOV’s Take

An analysis of the RFI requirements listed above suggests that the FBI may intend to follow the Central Intelligence Agency’s lead when it comes to acquiring commercial cloud services.

CIA pioneered the use of commercial cloud for defense and intelligence activities in 2013 with its ten-year, $600 million Commercial Cloud Services (C2S) contract with Amazon Web Services LLC. In response to similar data management challenges, CIA enlisted AWS to build an on-premises version of its public cloud solution, offering the intelligence community (IC) innovative capabilities without sacrificing security. The project is widely considered a model for government cloud adoption, with CIA’s Chief Information Officer John Edwards going so far as to say, “it’s the best decision we ever made.”

In October 2017, the Pentagon announced its own multi-billion dollar commercial cloud program, the Joint Enterprise Defense Infrastructure, or JEDI, that is rumored to be modeled on C2S.

“[A] fundamental shift we’re making is to move the entire DOD to the cloud so our data can be shared and leveraged and we can do big-data analytics, we can do artificial intelligence,” said Under Secretary of Defense Ellen Lord in December.

Under C2S, all 17 federal agencies that make up the IC, including the FBI, may use AWS cloud services to store and share information spanning the classification spectrum from “Unclassified” to “Top Secret.” These services are available only to intelligence agencies.

This is a problem for the FBI. Unlike the rest of the IC, the majority of the bureau’s interactions are with civilian law enforcement agencies. According to the RFI, the desired cloud solution would support platforms, software, and data that could be shared among a wide range of agencies, including presumably the Departments of Justice and Homeland Security, at the lower “Secret” classification level. This move could make the FBI, in effect, the broker of an expansive law enforcement cloud, just as the CIA serves as the broker of the intelligence cloud.

The solicitation will no doubt be welcome news for cloud giants, AWS and Microsoft Inc., currently the only commercial providers authorized for “Secret” workloads under the Federal Risk and Authorization Management Program (FedRAMP).

Interested vendors must respond to the RFI by March 2. Bloomberg Government subscribers can use tools to view the FBI’s past IT spending, to track all unclassified cloud spending, and to size up the market for cloud services in fiscal 2018.

If you’re not a client, and would like to see BGOV in action, click here to request a demo.

HHS Awards Disabled Veterans Companies CIO-SP3 SB Contract Slots