Is the Pentagon Cloud Secure Enough to Hold Nuclear Secrets?

The US Defense Department’s Joint Enterprise Defense Infrastructure (JEDI) cloud will be designed to host the government’s most sensitive classified data, including critical nuclear weapon design information and other nuclear secrets.

The Pentagon is expected to bid out the controversial JEDI cloud contract soon and new contracting documents indicate the winning company must be able to obtain the full range of top secret government security clearances, including Department of Energy “Q” and “L” clearances necessary to view restricted nuclear data.

In response to questions from Nextgov, Defense Department spokeswoman Heather Babb confirmed “JEDI cloud services will be offered at all classification levels.” Babb said military and defense customers “will determine which applications and data migrate to the cloud.”

Amazon Web Services, considered a front-runner to win the JEDI contract, is already able to host some Defense Department classified data in a $600 million cloud it developed several years ago for the CIA. JEDI, however, represents a massive jump in size and scale. The contract could be worth as much as $10 billion over 10 years, with Defense officials describing it as a “global fabric” available to warfighters in almost any environment, from F-35s to war zones. 

Because government customers could use the cloud for almost anything, it must be built to host almost everything, explianed Steven Aftergood, head of the Federation of American Scientists' Project on Government Secrecy.

“It sounds to me like the government is covering all their bases,” Aftergood said. “Everything we’ve got might be part of this system, therefore you need to be potentially cleared for everything. And ‘everything’ includes information on weapons systems, operations, intelligence and nuclear weapons.”

Aftergood said the Defense Department’s requirement for individual “Q” clearances for personnel at the contractor that wins JEDI suggests the cloud may be able to “host information pertaining to nuclear weapons or classified information pertaining to the deployment and utilisation of nuclear weapons.”

Q clearances originated in the Atomic Energy Act of 1946. They are typically granted to contractors or scientists involved in the management or maintenance of the nuclear weapons complex and national laboratories. 

Q clearances would be a rarity among employees at the tech companies bidding on JEDI, though Aftergood said investigative requirements can be shortened through “reciprocity” arrangements if contracted personnel have attained similar clearances. Amazon, Google, Microsoft, IBM, Oracle and General Dynamics have indicated interest in JEDI.

The Pentagon has said it plans to award the JEDI contract in September and to begin migrating Pentagon systems early next year. Bloomberg, however, has reported that several companies have vowed to protest the contract and potentially take the Pentagon to court over its decision to award JEDI to a single cloud provider.

NextGov

You Might Also Read: 

Google Chairman Unaware Of Pentagon AI Project:

Amazon’s Data Centers Are Located in US Spy Country:

 

« Barclays Bank Want To Stop Cybercrime
An Iranian Hacker Confesses »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Leviathan Security Group

Leviathan Security Group

Leviathan provides a broad set of information security services ranging from low-level technical engineering to strategic business consulting.

Tubitak

Tubitak

Tubitak is the scientific and technological research council of Turkey. Areas of research include information technology and security.

4iQ

4iQ

4iQ fuses surface, social, deep and dark web sources to research and assess risks to people, infrastructure, intellectual property and reputation.

Seculert

Seculert

The Seculert Attack Detection & Analytics Platform combines machine-learning based analytics and threat intelligence to automatically detect cyber attacks inside the network.

UMBRA

UMBRA

UMBRA is solely concerned with protecting governments against Nation State attacks. We are not a consumer or enterprise company.

ARCON

ARCON

ARCON offers a proprietary unified governance framework, which addresses risk across various technology platforms.

Nucleus Security

Nucleus Security

Nucleus is a leading Vulnerability Management platform for Large Enterprises, MSPs/MSSPs, and Application Security Teams that want more from their vulnerability management tools.

AaDya

AaDya

AaDya provide smart, simple, affordable and effective cybersecurity software solutions for small and medium businesses.

Gula Tech Adventures

Gula Tech Adventures

Gula Tech Adventures invests in companies and nonprofits that help close the gap in needed technology and workforce to defend the country in cyberspace.

Crowe

Crowe

Crowe is a public accounting, consulting, and technology firm that combines deep industry and specialized expertise with innovation.

Solvere One

Solvere One

Solvere One is a managed service provider (MSP) focused on corporate consulting and partnership.

Halborn

Halborn

Elite blockchain cybersecurity. Award-winning ethical blockchain hackers to secure your stack end-to-end. Far beyond smart contracts.

Rampart AI

Rampart AI

Tackling DevSecOps Issues In Application Security. Rampart has revolutionized the shift left security approach, applying zero-trust to application development.

Applied Connective Technologies

Applied Connective Technologies

Applied Connective is one team for all your technology needs, from IT to phones, cyber security to physical security, audio/video and the infrastructure to support it.

Securitybricks

Securitybricks

Securitybricks specialize in cloud security and compliance. Our mission is to automate regulatory compliance backed by human validation.

CR Group

CR Group

CR Group is a Swedish-owned, cyber-security company oriented towards the European market. We offer solutions for vital societal functions that are both easy-to-buy and easy-to-use.