Vote today for the 2025 FedScoop 50 awards.

Cast your vote!

With JEDI awarded, DOD turns to modernizing software development

The Department of Defense must decide how to use Microsoft and build secure applications now that the agency’s $10 billion, enterprisewide cloud computing contract has been awarded to the tech giant.

Peter Ranks, a deputy CIO at DOD, told reporters after speaking at a Professional Services Council event that awarding the Joint Enterprise Defense Infrastructure (JEDI) contract was a “prerequisite” to faster software development.

But plenty more cloud acquisitions are coming with all the major providers, he added.

“Cloud providers give you a set of Legos with no instructions, and you can use those Legos to build really bad applications — or you can use them to build really secure applications,” Ranks told reporters. “And we have not done a good job in providing implementation guidance across the department that says, ‘This is how you build secure things.’”

DOD “encountered some resistance” awarding the contract to Microsoft, Ranks said. The acquisition wasn’t supposed to be the hard part of the department’s cloud strategy, but rather connecting to and authenticating clouds, building apps from the elements providers offer, and ensuring proper cybersecurity without slowing down the development process.

To accomplish those goals, DOD will need to modernize the way it builds software at the same time it modernizes its cloud infrastructure.

“We want software capabilities in the hands of warfighters faster,” Ranks said during his Vision Federal Market Forecast keynote. “We want software that can adjust to changing requirements or the changing dynamics of the battlefield more quickly — that is what’s driving our cloud strategy.”

For instance, Ranks’ team is trying to ensure the work the Air Force is doing within the department’s DevSecOps portfolio is available to the rest of the enterprise. DOD must decouple the way it builds software from the way it builds hardware weapons systems — moving from a few, big deliveries to iterative delivery of capabilities, quickly, Ranks said.

That’s easier said than done within a budget cycle where joint requirements must be locked in two years in advance and acquisition language is “biased” toward major milestones, Ranks said. Acquisition staff at the department are currently working on a new software development pathway and rewriting regulations, while test and cyber personnel work with the CIO to streamline accreditation.

No cloud provider currently offers a solution that meets the Pentagon’s requirements at the tactical edge, Ranks said. For instance, an expeditionary team’s cloud-connected tools need to be survivable when communications go down and able to resynchronize when comms return.

DOD has also struggled to deploy the same software, like the Global Command & Control System – Joint, across all combatant commands because the Army, Air Force and Navy’s cloud infrastructures are very different — one of the things the JEDI contract aims to address, Ranks said.

“What we need is a focused effort to make sure that we have a provider that is filling the gaps in that current multi-cloud solution,” he said. “For all the cloud providers we have today, they still haven’t solved those problems of classification, tactical edge and something that is common across the enterprise.”

Ranks added he’d like to limit the number of separate contracts with major cloud providers and a handful of software-as-a-service providers because it limits DOD’s visibility.

That doesn’t mean agencies will be forced to abandon contracts if, say, the Air Force has a structured way to address cloud migration that meets the goals of DOD’s cloud strategy, he said.

“We don’t have a focus on crowbarring people out of their existing cloud providers if they’re already doing the right things,” Ranks told reporters. “It’s really about solving unsolved problems within the infrastructure.”

Politics did not influence JEDI decision, Deasy says

The Department of Defense’s award of the $10 billion Joint Enterprise Defense Infrastructure (JEDI) cloud contract to Microsoft was not politically influenced, CIO Dana Deasy testified Tuesday.

The department designed the acquisition process so that the contracting officers who made the decision on the landmark cloud contract were kept anonymous and insulated from political influences, Deasy said during a Senate Armed Services Committee hearing on his confirmation as DOD CIO.

“After we submitted the [request for proposals] … we went out and found approximately 50 government civilian servants that were experts in cloud computing and we compartmentalized them and we segregated them into teams,” Deasy said. “At no time did one team have access to what the other team was working on.”

Several committee members pressed Deasy on reports that President Donald Trump pushed Pentagon leadership to “screw” Amazon — whose cloud provider, Amazon Web Services, lost the JEDI competition to Microsoft — and whether it influenced the way the contract was awarded. The president also had said publicly in July that he was going to “take a very strong look at” the contract after hearing complaints from some non-AWS bidders. Soon after that, Defense Secretary Mark Esper announced his own review of the acquisition, leading many to question if Trump influenced that decision.

Trump has publicly attacked Amazon on many occasions before and during his presidency. As Sen. Angus King, I-Maine, put it during the hearing, “Mr. Trump’s antipathy to Amazon is well-known.”

But Deasy explained that the way he built the team that evaluated the bids made so politics couldn’t permeate any decision-making. And to the best of his knowledge, he said, no one from the White House has contacted members of the source-selection team. On top of that, “we have kept the identity of every member of the source selection team anonymous throughout this process,” he said. The DOD announced Microsoft as the winner on Oct. 25.

In the case of an acquisition like JEDI, the source-selection team makes “the final decision,” before bringing that to Deasy, who shares the news with the secretary and deputy secretary. “All I do is take that final acquisition decision and inform the deputy and inform the secretary on the decision taken.”

“And the final decision by those panels was to award the contract to Microsoft?” Sen. King asked Deasy.

“Yes, it was,” Deasy said.

Deasy also said he never shared any proprietary information on the bidders or their bids in his meeting with DOD leadership.

Despite Deasy’s comments, there’s still concern that the White House could have indirectly influenced the decision, according to a source close to the committee. The acquisition officials “don’t work in a vacuum. They read the same paper and see the same trend lines.”

Senators also asked Deasy whether JEDI would represent a soft target for U.S. adversaries, since so much information would be stored on a single infrastructure. King asked whether it would a potential “bonanza” for attackers. Deasy reiterated the Pentagon’s assertion that JEDI will actually be more secure than existing infrastructure, and he noted that DOD will still have multiple cloud contracts with multiple vendors even after JEDI is implemented.

Deasy has served as DOD CIO for about a year-and-a-half now. His need for Senate confirmation comes after a new law under the National Defense Authorization Act went into effect Jan. 1. The law also updated the CIO’s responsibilities and added authorities, such as requiring military services to submit IT spending to the DOD CIO for review and setting IT standards the branches must adhere to.

How federal agencies can improve network performance of legacy systems

Agencies that continue to operate legacy systems can achieve greater IT performance and versatility, lower their operating costs and enhance their security controls simply by taking advantage of newer networking capabilities.

This promise comes through a routing architecture called segment routing, which is gaining rapid adoption among large-scale network operators and architects, according to a new report.

segment routing

Read the full report.

“Segment routing is a game changer,” says Craig Hill, distinguished architect at the U.S. Public Sector division of Cisco Systems. “What segment routing has done is dramatically reduce the complexity in the network while adding key feature enhancements.”

“Segment routing provides a more flexible and scalable approach for engineering how information travels to its intended destination. At its essence, segment routing gives network engineers a simpler way to encode and execute routing instructions for information packets. Moreover, it’s ideally suited for the evolving nature of networks,” according to the report, produced by FedScoop and underwritten by Cisco.

The report highlights several key benefits of segment routing including:

But another key advantage to segment routing is that it’s designed to work with legacy systems, according to Hill.

“When segment routing was engineered, we recognized not every network is a green field; it has to integrate with brownfield environments, too — that is, the existing infrastructure,” Hill explained. “There are mechanisms native within segment routing, for example, that can map to a legacy MPLS label distribution protocol (LPD) backbone, allowing new segment routing backbones to coexist with existing MPLS networks.”

Prior to segment routing, multi-protocol label switching (MPLS) packets were forwarded using label switching instead of IP-based routing — which meant the routers forwarded traffic based on the label and on the destination address.

The report details how segment routing removes requirements for multiple protocols and network-wide synchronization, which ultimately means the network can provide the same level of service as modern networks, reducing its complexity of management and operations.

The need for a simpler networking solution became evident to big IT service providers several years ago as global networks were becoming too costly, added Joe Dorman, a solutions architect at Cisco.

“From a product perspective, by pulling a ton of ‘state’ and simplifying the number of protocols in use, segment routing drastically reduces the size and cost of equipment agencies have to use to build large transport systems,” he said. “It also simplifies operations – agency networks can become simpler to use, and run on smaller, cheaper platforms.”

Learn more about simplifying your agency network and read the eight considerations leaders and network designers should know before they get started with segment routing. 

This article was produced by FedScoop and sponsored by Cisco.

If your technology limitations were removed, how would you treat your customers?

The ability to distill digital transformation helps leaders from all disciplines make important resourcing decisions that impact mission, especially for government.

At this year’s Gartner IT Symposium, CIOs and IT leaders gathered to discuss the future of technology, but also how best to serve as communicator and facilitator.

All levels of government are feeling a push to take a “Customer First” approach to transformation, as seen in executive orders like the 21st Century Integrated Digital Experience Act.

Paul Tatum, Salesforce

Paul Tatum, Salesforce

Why all the focus? Improved customer experience helps agencies deliver greater impact across mission areas while lowering operational costs. Recent studies show that when government engagement improves, customer satisfaction and trust increase, and so does employee productivity and well-being.

So how do you help leaders across the organization place constituents, or customers, at the center of everything they do?

In a keynote session Paul Tatum, Senior Vice President for Global Public Sector at Salesforce, spoke to this challenge. “Government IT has to move from just ‘crunching the numbers’ in the back office to focusing on customer-centric services,” he said.

Tatum offered the following six big ideas for technology leaders to help their agencies adopt the new mindset.

1. Create an intentional culture based on customer success
“The most important place to start is understanding where mission and constituent expectations intersect,” said Tatum. “How does your organization want to show up for customers, partners, employees?”

This does not take technology to understand. An intentional culture, based on customer success, needs to be the north star that guides any transformation initiative. Mission and values drive priorities and investment.

2. Build customer-centric business processes
Constituents value engagement that’s easy, effective, and transparent. Business processes require empathic, human-centered design. It’s important to look for places where constituents experience friction.

“You increase satisfaction while reducing costs when citizens get questions answered and find the information they need quickly,” said Tatum. For instance, the IRS recently reported a reduction in costs associated with in-person and live-assistant calls from around $40 to $60 down to an average of $0.22 when digital transactions are used.

3. Design and deliver differentiated experiences
“What is simple delights,” said Tatum. Each unique constituent desires to be valued and informed. Data-driven insights help you refine how you serve, from understanding a case to sending an appointment reminder. Omni-channel engagement creates greater access to services, while personalization makes constituents feel welcome and more able to effectively engage.

4. Empower employees to serve customers
When technology removes silos the true magic happens. To collaborate effectively employees from different disciplines need a single, shared view of a customer, case, and even industry partner. Employees also need differentiated experiences to advance their capabilities to serve. Personalized digital workspaces contain all the apps and tools each employee needs to be productive, learn, and grow.

5. Use data to generate actionable insights and responses
What is the average amount of time on a web form for those who abandon it? Are caseloads balanced across teams? Where are employees getting stuck?

“Be prepared to make data and analytics a part of your everyday digital transformation work,” said Tatum. Insights may be gathered from any user, channel, process, and interaction. Digital data points may be used to inform a fast and iterative delivery process for new functionality to expedite on low-risk improvement.

6. Leverage a unified, agile platform
It’s best to use technology that helps you keep a clear line of site between mission goals and customer expectations. A unified, agile platform brings teams together to serve the customer, not just now, but for years to come.

The fully integrated benefits of CRM, case management; no code and low code development; and out-of-the-box apps extend the value of legacy systems, produce actionable insights, and ease adoption of emerging technologies, like AI and data analytics.

Agencies continuously improve, even reimagine services, when they learn to understand customer needs and expectations in relation to mission goals. Technology should only keep you focused on the customer. It does not complicate or cloud your mission.

Once your team acclimates to using a customer-centric lens for transformation the roadmap becomes clear. And achieving your vision becomes a series of interconnected, but quick sprints that everyone may achieve.

Learn more about Trailblazers in Government and about future-proofing your agency’s digital transformation: “5 questions to ask cloud service providers.

Paul Tatum is the Vice President, Systems Engineer for the Public Sector Unit, Salesforce.  Tatum leads the Public Sector systems engineering team with responsibility for overall technical direction, architecture, and technology evangelism around Salesforce cloud based solutions.

First small business cleared under EIS contract

The first of three small businesses on the government’s flagship telecommunications modernization contract has been cleared to deliver products and services.

As expected, MicroTech is the latest of the nine Enterprise Infrastructure Solutions (EIS) primes to complete business support system testing and receive a three-year authority to operate (ATO) from the General Services Administration.

The service-disabled, veteran-owned software company based in Vienna, Virginia, can now accept task orders on the GSA-operated $50-billion EIS contract, which allows agencies to update their information technology and telecom infrastructure.

At last update, three other companies — Core Technologies, Granite Telecommunications and MetTel — were 92.3% of the way through the process as they prepared their security assessment and authorization packages for review by GSA’s information systems security manager and CIO.

MicroTech joins CenturyLink, AT&T, Verizon Federal, BT Federal, and Harris Corp. in receiving an ATO to do business under EIS.

All agencies were supposed to issue task orders under EIS by Sept. 30, but the deadline was loose. GSA intends to limit the use of extended contracts for agencies that still haven’t made task order awards by March 31, 2020, and 90% of agencies’ telecom inventory must be on EIS by March 31, 2022.

EIS’s predecessor Networx expires March 31, 2023.

VA’s mobile security management is generally pretty good, IG finds

The Department of Veterans Affairs generally does a good job managing department-issued mobile devices, a recent report by the agency’s inspector general has found.

However, as with most topics of cybersecurity, there’s a bit of an asterisk here — specifically when it comes to overseeing and enforcing a “blacklist” of potentially malicious mobile applications. VA’s Office of Information and Technology told the IG that it had decided not to enforce a blacklist on its roughly 50,000 mobile devices because of the work associated with it. This, the IG says, introduces some potential vulnerability.

“Because OIT has not implemented blacklisting, users can download applications that are not authorized on VA mobile devices, such as cloud-based applications,” the report reads. “Cloud-based applications could allow users to transfer locally stored VA data into uncontrolled storage, increasing the risk of lost VA data.”

The VA does offer mobile security training for device users, but it doesn’t confirm whether users have actually participated in this training or not.

The IG report makes a total of three recommendations, including that VA OIT figures out how to enforce app blacklisting, and make sure that mobile device users participate in security training.

The VA agreed with all of the recommendations and stated that it is already working toward them. For example, a principal deputy assistant secretary said, the VA is “working on” installing the “Lookout” app on all its mobile devices — a service that scans mobile apps on the device for malicious behavior.

Protection of VA data, especially data that involves the personally identifiable information (PII) of veterans, is an important topic. An IG report from earlier this month found that sensitive data from a field office in Milwaukee had been erroneously stored on a shared network drive.

While the IG could not find evidence of a breach in that instance, it did state that the mistake had put veteran data at unnecessary risk. “Until VA officials take steps to guard against user negligence, implement technical controls that prevent users from storing sensitive personal information on shared network drives, and issue oversight procedures to adequately monitor shared network drives, veterans’ sensitive personal information remains at risk,” the report stated.

GSA issues RFI to build federal buying guide on human-centered design

The General Services Administration wants to create a federal buying guide for human-centered design services.

The agency issued a request for information Monday soliciting feedback from industry partners to “understand industry capabilities related to providing human-centered design (HCD) and customer experience (CX) services for the Federal Government.”

In a release, GSA defines human-centered design as “the discipline of navigating complex problems and creatively designing effective solutions to meet people’s real needs.” Many federal IT practitioners — particularly those with Silicon Valley experience — champion human-centered design as a critical element in modern technology services. The U.S. Digital Service and GSA’s 18F, in particular, have been vocal about the use of HCD in building citizen-facing services and creating policy.

GSA will use the information not to build a specific contract or vehicle but to create a report that it says will “inform a federal buying guide as well as future procurement actions.” The RFI explains, “The intent of this research is not to market any one specific company but to demonstrate to government agencies how to purchase HCD services utilizing the various contracts GSA manages and to demonstrate existing capabilities and past performance under these contracts.”

“We are looking forward to learning more about the capabilities that industry partners can offer agency programs as they accelerate customer-centered experiences across the federal government,” GSA acting Chief Customer Officer Matt Ford said in a statement.

GSA may publish any comments it receives as part of that buying guide.

Responses are due by Nov. 18.

Federal prisons shopping for EHR system

The agency that operates the nation’s federal prison system is interested in adopting an electronic health record system it can deploy in tricky environments — ones often built with concrete and rebar.

The Federal Bureau of Prisons issued a request for information Wednesday on systems that can assist with clinical decision-making, nursing care center documentation, allied health services, patient accounting and management, and ambulatory care.

An agency within the Department of Justice, BOP handles the primary, mental and dental health needs of about 219,000 inmates — 81 percent of whom are housed at its 97 sites nationwide and the rest in private and community-based prisons or local jails. Specialty and tertiary health needs like psychiatry, hospice and wound management are often referred to local physicians.

“Vendors should also be cognizant that construction materials (such as concrete and rebar) may limit deployment options,” reads the RFI.

The simple warning highlights a potential challenge: Prisons are secure environments with a general population and solitary confinement that require accessibility throughout their various segments.

System providers may be selected for demonstrations, in which they’ll be presented with a series of use cases to see if their solution can hold up in prisons.

For now, BOP wants details on the hardware, software, configurations and vendors involved with systems as it refines the specifications of a potential solicitation covering 36 states and Puerto Rico. Priorities include the ability to import data from an inmate management system, automate the synchronization of information on new inmates, and create unique identifiers for inmates. Whether systems let physicians populate problem lists and how they handle nursing orders and consultation requests are of interest.

The RFI also includes questions on identity and access management, time to patch and pricing.

Providers have until Nov. 22 to respond.

Microsoft wins $10B JEDI contract

It has finally happened. The Department of Defense awarded its $10 billion Joint Enterprise Defense Infrastructure (JEDI) cloud computing contract Friday to Microsoft.

More than two years after the Pentagon started putting together the enterprise commercial cloud program that would become JEDI, and after several delays for departmental reviews and bid protests, Microsoft has edged out Amazon Web Services for the landmark 10-year cloud contract.

“We brought our best efforts to the rigorous JEDI evaluation process and appreciate that DOD has chosen Microsoft,” Toni Townes-Whitley, president of  U.S. regulated industries for Microsoft, said in a statement. “We are proud that we are an integral partner in DOD’s overall mission cloud strategy.”

Despite the $10 billion ceiling on the contract, the minimum guaranteed under it is just $1 million with a base order period of two years. “The department projects that user adoption will drive an estimated $210 million of spending during the two year base period. The DOD will rigorously review contract performance prior to the exercise of any options,” the department said in a release.

“The National Defense Strategy dictates that we must improve the speed and effectiveness with which we develop and deploy modernized technical capabilities to our women and men in uniform,” DOD CIO Dana Deasy said in a statement announcing the award. “The DOD Digital Modernization Strategy was created to support this imperative. This award is an important step in execution of the Digital Modernization Strategy.”

The news comes just days after Defense Secretary Mark Esper recused himself from making any decisions around the JEDI acquisition. He had initiated a review of the contract upon taking leadership of the Pentagon in July.

The department’s inspector general also reviewed the acquisitions strategy and investigated potential conflicts of interest. According to the DOD, “Prior to the award, the department conferred with the DOD Inspector General, which informed the decision to proceed,” it said in a release.

Though Microsoft is victorious today, given the contentious nature of this single-award contract, this saga is not over — more protests are likely to come. A source close to AWS said the company is considering its options regarding a protest. Federal law requires a protest to be filed within 10 calendar days.

And maybe there will be other opportunities for vendors to win DOD’s business. “The Department continues to assess and pursue various cloud contracting opportunities to diversify the capabilities of the DoD Enterprise Cloud Environment,” says the release. “Additional contracting opportunities are anticipated.”

An AWS spokesperson said the company is “surprised” by the decision. “A detailed assessment purely on the comparative offerings clearly lead to a different conclusion,” they said.

Microsoft was also the big winner under the Pentagon’s Defense Enterprise Office Solutions (DEOS) contract awarded this summer. Though it didn’t win the contract itself — General Dynamic IT did — Microsoft’s Office 365 services are the main offering under the $8 billion back-office cloud collaboration program. Perspecta has since protested GDIT’s win, and the General Services Administration, who is leading the acquisition for the DOD, said it is taking corrective actions in light of the company’s complaints.

Rep. Jim Langevin, D-R.I., often vocal on the need for the capabilities JEDI is meant to provide, was quick to give his congratulations to the DOD. “Advanced general-purpose cloud is the industry norm, and it’s past time the Department of Defense had access to these capabilities,” Langevin said. “I congratulate DOD CIO Dana Deasy for seeing the JEDI award through. I look forward to continuing to use my position in Congress to increase access to next generation technologies that support our warfighters.”

Meanwhile, a previous pre-award lawsuit against JEDI in the federal appeals court filed by bidder Oracle continues on. Oracle was one of two other companies, with IBM, that bid on JEDI but failed to make it past early-stage gate criteria. A federal court previously denied the company’s lawsuit against the Department of Defense’s development and handling of JEDI, in which it also took aim at AWS claiming a conflict of interest between the company and DOD. It’s unclear if the award to Microsoft will at all impact Oracle’s protest.

This story is developing. FedScoop will update with new information as it becomes available. 

New NSA cyber directorate prioritizes standards for security of military’s emerging tech

The newly launched NSA Cybersecurity Directorate is working to develop security standards around the Department of Defense‘s use of nascent emerging technologies, particularly for weapons and national security systems.

It’s a continuation of NSA‘s “many, many years” of work developing security standards for the nation’s most critical and sensitive systems, Director Anne Neuberger said Thursday at CyberTalks. Her directorate is “putting a focus on that as there’s a new host of technologies that will reshape the way we need to run security — 5G, Internet of Things, distributed ledger,” as well as cloud computing and quantum-resistant cryptography, she said.

“We picked the technologies we think are the game-changers in terms of use and in terms of a need to address, and we’re working with our key customers — whether with DOD, national security systems, or with [the Department of Homeland Security], critical infrastructure — to say ‘How do you want to use those?’ And then let’s build secure use cases,” she said. “Let’s understand what the technology needs to change to make it useable from a security perspective and work from there.”

The Cybersecurity Directorate, still in its infancy, will work over the next several months to “build the internal processes … to integrate that threat intelligence, security engineering to focus ourselves” on these technologies and how to securely use them, she said.

Neuberger pointed to cloud computing as one area around which her directorate has already received a lot of questions.

“And the question to us is: How do we use it safely?” she said. “And we say, great question. Cloud is really compelling, but it brings together some of the security risks of the old model with some of the unique virtualization and other isolation-need risks of the cloud model, and you need to go in eyes wide open. But we want to do more to actually document that and release it in a way that’s useful for enterprises.”

The big challenge is the wide variety of use cases that exist in an enterprise as large as DOD’s. Neuberger said NSA must think “carefully about what is the level of security assurance needed for the different kinds of uses.”

“If a given service wants to use distributed ledger to track its supply chain, that will be the use case we’ll use to say ‘What’s the appropriate level of security needed, and then how will they actually implement that?'” she said.

Additionally, once the standards are in place, there’s the challenge of making sure people are following them. Neuberger pointed to using incentives as one solution.

“Because in many cases, cybersecurity today is a leadership issue,” she said. “In some cases, like in IoT, we know the standards exist, but they’re largely not implemented, and we all know the risks, so how can we use the force of NSA’s insights, DOD procurement to help those become implemented, to really address some of the risks we see coming but haven’t as a community made enough progress against.”