Is the Pentagon Cloud Secure Enough to Hold Nuclear Secrets?

The US Defense Department’s Joint Enterprise Defense Infrastructure (JEDI) cloud will be designed to host the government’s most sensitive classified data, including critical nuclear weapon design information and other nuclear secrets.

The Pentagon is expected to bid out the controversial JEDI cloud contract soon and new contracting documents indicate the winning company must be able to obtain the full range of top secret government security clearances, including Department of Energy “Q” and “L” clearances necessary to view restricted nuclear data.

In response to questions from Nextgov, Defense Department spokeswoman Heather Babb confirmed “JEDI cloud services will be offered at all classification levels.” Babb said military and defense customers “will determine which applications and data migrate to the cloud.”

Amazon Web Services, considered a front-runner to win the JEDI contract, is already able to host some Defense Department classified data in a $600 million cloud it developed several years ago for the CIA. JEDI, however, represents a massive jump in size and scale. The contract could be worth as much as $10 billion over 10 years, with Defense officials describing it as a “global fabric” available to warfighters in almost any environment, from F-35s to war zones. 

Because government customers could use the cloud for almost anything, it must be built to host almost everything, explianed Steven Aftergood, head of the Federation of American Scientists' Project on Government Secrecy.

“It sounds to me like the government is covering all their bases,” Aftergood said. “Everything we’ve got might be part of this system, therefore you need to be potentially cleared for everything. And ‘everything’ includes information on weapons systems, operations, intelligence and nuclear weapons.”

Aftergood said the Defense Department’s requirement for individual “Q” clearances for personnel at the contractor that wins JEDI suggests the cloud may be able to “host information pertaining to nuclear weapons or classified information pertaining to the deployment and utilisation of nuclear weapons.”

Q clearances originated in the Atomic Energy Act of 1946. They are typically granted to contractors or scientists involved in the management or maintenance of the nuclear weapons complex and national laboratories. 

Q clearances would be a rarity among employees at the tech companies bidding on JEDI, though Aftergood said investigative requirements can be shortened through “reciprocity” arrangements if contracted personnel have attained similar clearances. Amazon, Google, Microsoft, IBM, Oracle and General Dynamics have indicated interest in JEDI.

The Pentagon has said it plans to award the JEDI contract in September and to begin migrating Pentagon systems early next year. Bloomberg, however, has reported that several companies have vowed to protest the contract and potentially take the Pentagon to court over its decision to award JEDI to a single cloud provider.

NextGov

You Might Also Read: 

Google Chairman Unaware Of Pentagon AI Project:

Amazon’s Data Centers Are Located in US Spy Country:

 

« Barclays Bank Want To Stop Cybercrime
An Iranian Hacker Confesses »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Prolinx

Prolinx

Prolinx provide secure Data Centre hosting services and other fully managed security services for networks and information systems.

eScan AV

eScan AV

eScan develops Information Security solutions that provide protection against current and evolving cyber threats.

CyberDefcon

CyberDefcon

CyberDefcon is an independent organization dedicated to the pursuit of making the internet a safer place.

Muninn

Muninn

At Muninn (aka Wehowsky), we specialize in mitigating potential risks within your network, providing one of the leading network detection and response (NDR) solutions on the market.

GuardiCore

GuardiCore

GuardiCore is an innovator in internal data center security and breach detection and is transforming security inside data centers and clouds.

Meiya Pico Information Co

Meiya Pico Information Co

Meiya Pico is the leading digital forensics and information security products and service provider in China.

Bavarian IT Security Cluster

Bavarian IT Security Cluster

The Bavarian IT Security Cluster works to build regional IT security competencies and increase the competitiveness and market opportunities of its member companies.

AlAnsari Technical Solutions (ATS)

AlAnsari Technical Solutions (ATS)

ATS is a Kuwait based company specialised in delivering hardware/software, Virtualisation, IP Telephony / Unified Communication, Networking and professional IT services and solutions.

Netrix

Netrix

Netrix is a Mexican company specialized in IT Security, with more than 18 years of experience in Managed Services, Professional Services and Turnkey Solutions related to Security.

IT Jobs Watch

IT Jobs Watch

IT Jobs Watch provides a concise and accurate map of the prevailing IT job market conditions in the UK.

Lansweeper

Lansweeper

Lansweeper is an IT Asset Management platform provider helping businesses better understand, manage and protect their IT devices and network.

ELLIO Technology

ELLIO Technology

ELLIO Technology is a cybersecurity company that reduces alert overload, improves incident response, and helps security teams target serious attackers who pose a real threat.

CyberSanctus

CyberSanctus

CyberSanctus provide clients with a variety of pentest plans from the entry level starter plan, which is tailored for personal websites, to enterprise level pentests, tailored for large scale business

CloudDefense.AI

CloudDefense.AI

CloudDefense.AI is an industry-leading multi-layered Cloud Native Application and Protection Platform (CNAPP) that safeguards your cloud infrastructure and cloud-native apps,

Dial A Geek

Dial A Geek

Dial A Geek are a Bristol-based B Corp that provides Managed IT Services to companies of 20+ users. We help businesses with a smart use of tech, including compliance and cybersecurity solutions.

VPNBlade

VPNBlade

VPNBlade is your go-to resource for expert reviews and advice on VPN services.