One of the reasons for the success of the Japanese attack on Pearl Harbor back in 1941 was that everything was in one place. Battleships lined up in a row, aircraft parked neatly side by side.
One of the lessons of Pearl Harbor was to spread out the nation’s critical defense assets so they wouldn’t be vulnerable to a single devastating attack.
What about national security assets? Should they be put in just one place?
The federal government is about to do just that with the data of millions of Pentagon employees — which the Department of Defense proposes to store in just one private contractor’s “cloud.”
It looks as if it’s going to be Amazon.com’s Cloud, too.
REAL Cloud LLC — an Amazon subsidiary — already won the contract (worth a reported $65 million) to migrate the data of 3.4 million DoD users to the cloud. Other tech companies such as Microsoft and Oracle who are hoping to compete for contracts to store the data worry that this suggests the fix is in. That the decision-makers at the Pentagon — some of whom are career bureaucrats and Obama-era holdovers inclined to support Amazon because its CEO Jeff Bezos is a major donor to the Democratic Party — have already decided to award the cloud storage contract to Amazon.
They point to a meeting between Amazon’s billionaire honcho and Secretary of Defense James Mattis in Seattle — soon after which Amazon got the contract for migrating the Pentagon’s data.
Van Name, spokesman for the DoD’s Defense Digital Service, claims that “it’s about the best proposal” and that no “favorites” are being played.
But even if that’s true, the Pentagon’s insistence on a “winner takes all” approach for the cloud storage contract opens the door to the possibility that all the Pentagon’s data could be compromised in the event of a security breach.
Given the Sony hack, the hack of the Democratic National Committee’s servers and the possibility that the Russians have apparently been hacking pretty much everything — these concerns seem pretty conservative.
A good analogy here is the recent Equifax security breach.
Hackers accessed the credit data of millions of people stored on the Equifax servers, but the data stored on Experian and Trans-Union servers wasn’t compromised. As bad as the Equifax security breach was, it would have been exponentially worse had Equifax been the only credit reporting agency — and everyone’s credit data been compromised.
Whether it’s Amazon or another contractor, if all the Pentagon’s data is stored on just one cloud, a winner-take-all security threat exists. And that’s a worse threat, arguably, than the Equifax breach since in this case it would potentially involve classified data — presenting a national security threat.
If Amazon’s security measures are even slightly less than adequate, everyone loses — not just some.
There is also concern about the monopolistic and anti-competitive nature of the “winner-takes-all” bidding.
Whether it’s Amazon or another company, if it’s just one company then there’s no competition — and no incentive (once the contract is awarded) to provide the best possible service — and security.
Roger Wauldron of the Coalition for Government Procurement told Bloomberg News that “going to a single vendor closes that market to just that vendor for a decade,” referring to the duration of the cloud storage deal up for bidding.
If, on the other hand, the Pentagon’s data isn’t stored in one company’s cloud, but spread among several, there is an incentive for the other cloud services to stay on their toes and make sure none of their rivals are doing a better job than they are.
Another concern about Amazon is that its business model is all about cutting costs — a good thing when, as a buyer, you’re looking for a rock-bottom price for a new gadget (and free shipping) but not necessarily such a good thing when security is a major concern.
The president recently tweeted about this issue when he accused Amazon of using the Postal Service as its “delivery boy” — offloading the cost of shipping the things people buy on Amazon onto the backs of taxpayers while putting the profits in Amazon’s pockets. The president claims that the post office loses $1.50 on each package it delivers for Amazon — and that if the post office were to charge rates sufficient to offset the costs of shipping, Amazon’s costs would increase by $2.6 billion.
Will Amazon use similar cost-cutting strategies for its cloud storage services? What are the guarantees that it won’t?
In any event, it’s an eyebrow raiser at the least that the company that appears to be on the fast track to get the contract for storing the Pentagon’s sensitive data is the company headed by a guy locked in a dispute with the president — and by implication, the policies of this president. A data breach at the Pentagon would be politically embarrassing for the president — as well as a national security breach.
Given this fact, Amazon might not be the best company to handle the government’s sensitive data. At least, it ought not to be the only company.