Digital Liberty joined a coalition letter supporting a review of the $10 billion JEDI contract to build and maintain cloud service for the DOD. The full text of the letter is posted below:
Dear Acting Inspector General Fine,
On October 22, 2018, Reps. Steve Womack (R-Ark.) and Tom Cole (R-Okla.) sent a letter to you requesting an investigation into allegations surrounding the development of requirements and the request for proposal (RFP) for the Department of Defense’s (DOD) Joint Enterprise Defense Initiative (JEDI) cloud program. The undersigned organizations, acting on behalf of our millions of members and supporters across the country, write in support of this request.
On July 26, 2018, DOD released its final RFP (Solicitation No. HQ0034-18-R-0077) for the JEDI cloud contract to modernize DOD’s information technology (IT) systems into a cloud services solution. With an estimated value of $10 billion over 10 years, the winning contractor will be expected to deliver an enterprise-level commercial cloud solution, including infrastructure-as-a-service and platform-as-a-service, to all defense agencies and military branches. However, the final RFP contains several “gating” provisions, including a requirement for the cloud service provider to meet Defense Information Systems Agency Impact Level 6, which could predetermine an award to the sole contractor that currently meets that impact level.
A contract of this magnitude should not be awarded as a sole source contract. In November 2017, IT Alliance for Public Sector’s Senior Vice President Trey Hodgkins informed DOD that its cloud should consist of “multiple interoperable offerings” to provide competition and the “best value for both the warfighter and taxpayer.” The use of multiple cloud solutions follows industry-wide best practices utilized by most Fortune 500 companies. Mr. Hodgkins noted that by using multiple providers, the cybersecurity and functionality of the JEDI system would increase, while costs would decrease through increased competition and flexibility for DOD to quickly adapt to new technologies.
The contract requirements for the RFP appear to be tailor-made for one specific cloud computing vendor. DOD has made little effort to break the contract into multiple vendor items that could reduce cost and provide increased cybersecurity and functionality. A sole source contract for JEDI will place the security of the nation’s warfighting IT capabilities into the hands of a single vendor.
We strongly urge you to conduct a thorough investigation of the JEDI contract as requested by Reps. Womack and Cole.