Keeping up with quantum: The Pentagon’s JEDI contract

Image via ZDNet

Gabriella Skoff

The U.S. Department of Defense (DoD) approach to the technology industry (namely, playing competing tech providers off against one other in order to procure the highest quality technology) has recently focused in on cloud technology. Early this year, the DoD announced plans to open bidding for a $10 billion contract for the single-award procurement of a new cloud strategy called the Joint Enterprise Defense Infrastructure program, or JEDI. This decision has received bountiful industry criticism. Arguments have focused largely on whether the contract’s single-award system and its precise requirements allow for competition between cloud technology providers or if it has been created to favor certain companies. But a potentially tragic flaw that few are hitting on is the fallibility of a cloud storage program being widely used for defense purposes in the context of other rapidly developing emerging technologies, namely quantum computing.

The decision to transition DoD IT infrastructure to a cloud-based system has indeed been made with emerging technologies in mind. Ellen Lord, Defense Undersecretary for acquisition and sustainment, acknowledged that technologies “such as artificial intelligence and machine learning are fundamentally changing the character of war”, and that the use of these technologies “at scale and at a tempo relevant to warfighters requires significant computing and data storage in a common environment”. The updated cloud technology would store the government’s top defense secrets and enable military personnel working in remote locations to access critical information. These improvements are vital updates to the current defense IT infrastructure that will help the U.S. military to maintain a technological advantage, as per the Obama-era Third Offset Strategy.

However, between all the unfolding “races” to technological supremacy this IT transformation is set to accommodate, the predicted capabilities of quantum computing seem to have been critically overlooked.

It is well known that quantum computing will transform the security of cyberspace within the coming decades, but an approach to countering this threat is not noted anywhere in the JEDI contract. There are certainly companies and researchers working on quantum-secure cryptography through applications such as quantum key distribution, and even some research into the creation of a quantum blockchain—potential solutions to the quantum computing security threat. Surprisingly, however, these are not areas toward which the DoD seems to be looking.

Further concern stems from a lack of clarity around how much the DoD will come to rely on the single-source provider across all defense systems—will this be the first step towards an ultimate systems consolidation, centralizing cloud storage across the U.S. defense sector? If this is to be the case, it is even more critical that the utmost caution be taken now to ensure that the new system will be as secure as possible in the future.

Tech companies have been outspoken on this front, claiming that the use of multi-cloud technology would help to prevent security breaches and major outages. As IBM’s General Manager of the company’s federal business said: “No major commercial enterprise in the world would risk a single cloud solution, and neither should the Pentagon”.

The US DoD should be looking not one step ahead in its IT solutions, but five, even ten steps ahead. With the rapid pace at which technologies are being developed, there is a real need for foresight in this space. As Thomas Keelan of the Hudson Institute argues, in this cloud technology venture, the DoD is both missing a holistic approach to emerging technologies as well as limiting its own “crypto-agility”. The replacement of old systems is cumbersome and logistically challenging. But failing to roll out a new, quantum-secure system across such a large organization before the age of quantum computing dawns on us is both inefficient and leaves systems vulnerable to the threat of quantum capabilities. Capabilities which may very well not fall into the hands of the U.S. DoD first.