The Pentagon recently announced that it would build a secure cloud to house contractor data, so that small firms wouldn’t be required to house the data themselves. This would help alleviate the Pentagon’s concerns about the theft of sensitive defense data from contractor systems. Rather than requiring the contractors to ramp up security – which the Pentagon concluded would likely fall short of expectations – the data will now be housed in a secure Department of Defense (DoD) cloud.

how will DoD develop cloud storage for smaller contractors?

The DoD is running “pathfinder projects” as a way to develop the cloud storage for the smaller contractors and subcontractors that might not otherwise have the resources to meet the Pentagon’s cybersecurity requirements. This initiative was announced at a recent Defense Innovation Board meeting.

According to Ellen Lord, undersecretary for acquisition and sustainment, the DoD is working to become more accessible to smaller – and potentially innovative – companies. To this end, the DoD will provide those firms with “government-furnished equipment” to secure their respective software ecosystems and access this new DoD cloud initiative.

“We will set up hardened containers in an enclave, in a government cloud or a cloud hosted for us, and we will provide these hardened containers that if industry goes in and uses them, develops their software using our stack, then they will automatically get an authority to operate — really a time-crunch issue for us when we’re trying to deploy a capability quickly,” said Lord. “We have pathfinder projects right now doing that. That’s going to become more and more important for us.”

DoD Wants small, innovative companies to be able to compete

The DoD’s research and development budget for 2020 already includes $15 million for the Defense Industrial Base (DIB) Secure Cloud Managed Services Pilot. The key in this is that it is meant for those small and medium sized companies, and this will help level the playing field for those firms, and allow them not to be overshadowed by the larger players in the sector when it comes to securing Pentagon data. Many of these smaller firms have been seen by the DoD to lack sufficient cybesecurity capabilities to protect controlled unclassified information from a determined adversary.

This is where the Secure Cloud Managed Services Pilot could solve the problem, allowing smaller sized firms to focus on innovation – rather than having to focus too much time and energy on meeting Pentagon standards for storing and handling department data.

“The Managed Services Pilot will make a DevOps and data storage environment available to contractors working on critical systems,” said Stephanie Chenault, CTO of Corvus Consulting.

“This pilot presents numerous advantages for both the consumer and vendor,” Chenault, who has designed and developed many C4ISR systems, told ClearanceJobs. “First, and foremost, [this provides a] shared confidence that programs will be behind a Government Furnished Equipment (GFE) enclave that meets the highest DoD standards.

“Second, there’s an economic scaling factor whereby the government can leverage its purchasing power to extend the secured, cloud enclave to small companies where this type of hosting requirement might present a barrier to entry,” she added. “Finally, the pilot could lead to even greater industry participation; spurring on innovation within the cloud, removing hardware and hosting concerns, and freeing up resources to work on mission-related demands.”

Lord also made it clear, too, that the large defense contractors don’t need this service as those firms can already afford to create hardened environments.

“What I’m concerned about is the small companies where our innovation comes from,” added Lord. “We sit down and talk to them about cybersecurity, and sometimes we hear — no kidding, ‘My nephew does my cybersecurity.’ That gets us a little bit worried. And we know that we will either put these small companies out of business, or we will drive them away from the Department of Defense if we give them very, very onerous regulations to meet.”

Related News

Peter Suciu is a freelance writer who covers business technology and cyber security. He currently lives in Michigan and can be reached at petersuciu@gmail.com.