The CIA's Cloud Contract Is Worth Billions

After six years in a classified commercial cloud built by Amazon Web Services, the CIA wants more commercial cloud capabilities from potentially multiple companies. 

The agency is in the early stages of planning a contract for commercial cloud computing services that will be worth “tens of billions” of dollars, according to contracting documents presented to select tech companies by the CIA in late March and first reported by Nextgov.

Dubbed the Commercial Cloud Enterprise, or C2E, the two-phase initiative will “expand and enhance” the commercial cloud capabilities it first contracted for with Amazon Web Services in 2013.

That contract, called C2S and valued at up to $600 million over 10 years, provided commercial cloud capabilities such as data storage, computing and analytics to the CIA and its 16 sister agencies within the intelligence community. 

“Since that time, cloud computing has proven transformational for the IC–increasing the speed at which new applications can be developed to support mission and improving the functionality and security of those applications,” the CIA contracting documents state.

Whereas C2S has been managed by a single company, the CIA expects to “acquire foundational cloud services” from multiple vendors in phase one of C2E, which is good news for companies like IBM, Microsoft, Google and others expected to compete for the contract.

The initiative’s second phase also opens up competition with a stated goal to “acquire through multiple vehicles” cloud management capabilities and specialised platform- and software-as-a-service offerings.  To be considered for the contract, cloud service providers must have a commercial presence and must meet rigid government requirements to host secret and top secret classified information. AWS is currently the only commercial cloud provider cleared to host all levels of classified data.

AWS established a foothold in the national security space through C2S. Over the years, it has introduced new services and earned plaudits from the CIA’s top tech officials for being more secure than the agency’s own data repositories. Most recently, Andrew Hallman, deputy director for innovation at the CIA, praised the department’s previous cloud efforts and said its future plans will focus on fusing various cloud architectures together.

“The important thing is to look at what the future of cloud looks like, hybrid cloud architectures, multi-cloud architectures, and that, for us, the very important thing is making really wise decisions about how those architectures work together.”

Meanwhile, cloud computing’s import across government continues to expand, with federal agencies collectively expected to spend $2 billion on the technology in the coming year. AWS has been favored to win the largest cloud contract up for grabs, the Pentagon’s multibillion Joint Enterprise Defense Infrastructure contract.

According to a proposed acquisition timeline accompanying the contracting documents, the CIA intends to engage industry regarding contract requirements through next year. The timeline proposes the C2E contract be bid out in May 2020 with an award “no later than July 2021.”

DefenseOne:             Image: Nick Youngson

You Might Also Read: 

The US Pentagon Is  Speeding-Up Its Cloud Strategy:

Where On Earth Is Cloud Data Actually Stored?:

 

 

« A Cyber Attack On Japan Could Bring The USA To War
Ethical Hacker Guilty Of Malware Attacks »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Asavie

Asavie

Asavie provide solutions for Enterprise Mobility Management and secure IoT Connectivity.

Association of Information Security Professionals (AISP)

Association of Information Security Professionals (AISP)

The Association of Information Security Professionals (AISP) represents the interests of information security professionals in Singapore.

Clavister

Clavister

Clavister is a network security vendor delivering a full range of network security solutions for both physical and virtualized environments.

Cellopoint

Cellopoint

Cellopoint is a leading manufacturer of information security and email lifecycle management (ELM) products.

Key Cyber Solutions

Key Cyber Solutions

Key Cyber is an IT consulting firm that specializes in agile software development services, program management and infrastructure services, cyber security and cloud and managed services.

TAV Technologies

TAV Technologies

TAV Technologies is a provider of technology services to the aviation industry in areas including airport infrastructure systems, digital transformation and cybersecurity.

GAVS Technologies

GAVS Technologies

GAVS is a global IT services provider with focus on AI-led Managed Services and Digital Transformation.

ALSCO

ALSCO

ALSCO is dedicated to bringing first class IT services, technical support, and solutions to goverment, companies and organizations worldwide.

Purple Team

Purple Team

Purple Team is an expert cybersecurity and managed security service provider focused on arming your IT infrastructure with both red team and blue team services.

Block Harbor Cybersecurity

Block Harbor Cybersecurity

Block Harbor has worked closely with automakers, suppliers, and regulators since 2014 on vehicle cybersecurity.

NETAND

NETAND

NETAND privileged access and identity management solutions will secure your business from cyber threats.

OutKept

OutKept

OutKept offers the highest quality phishing simulation campaigns, supported by a community of ethical phishers, to build awareness, and maintain alertness.

Scribe Security

Scribe Security

Scribe security provides end-to-end software supply chain security solutions.

InfoSight

InfoSight

InfoSight offers proven Cyber Security, Regulatory Compliance, Risk Management and Infrastructure Solutions to protect your business and your customers from cyber crime and fraud.

Nordic Defender

Nordic Defender

Nordic Defender is the first crowd-powered modern cybersecurity solution provider in the Nordic region.

Xcede

Xcede

Xcede are global technology recruitment specialists. We connect companies with exceptional professionals who empower growth.