NSA Re-awards $10B Cloud Computing Contract To AWS

The U.S. National Security Agency has re-awarded a $10 billion cloud computing contract to Amazon Web Services after it was forced to review the contract. From a report: Code-named WildandStormy, the contract was initially awarded to AWS in August. Because the deal concerns national security, the full details are not known but it's believed to be part of the NSA's attempt to modernize its primary classified data repository. The repository itself is thought to be a data fusion environment into which the agency aggregates much of the intelligence information it collects. The stumbling block to AWS being awarded the contract came in October when the Government Accountability Office called on the NSA to reevaluate the proposals submitted by AWS and Microsoft Corp. after Microsoft challenged the awarding of the contract to AWS. The GAO said at the time that it "found certain aspects of the agency's evaluation to be unreasonable and, in light thereof, recommended that NSA reevaluate the proposals consistent with the decision and make a new source selection determination." In December, it was revealed that the GAO had ruled that the NSA improperly assessed technical proposals from Microsoft "in a way that was inconsistent with the terms of the solicitation." The GAO also recommended that the NSA reevaluate the proposal and potentially make a new source selection. The NSA did reevaluate the proposals and decided to re-award the contract to AWS anyway.

It's hard to "win" a GAO protest

[PeeAitchPee]

The best you can hope for is that either the agency itself or a GAO lawyer interprets the FAR (Federal Acquisition Regulations) clauses in such a way that they conclude the agency screwed something up during the procurement process. Because all agencies have their own lawyers that review all contracts before they are awarded, this rarely happens. Even when it does, the protester doesn't automatically win -- the GAO just advises the agency to re-evaluate the award. NSA did that here, and still made the same decision. So really, the protester (Microsoft) spent a ton of legal fees just to get the ball kicked back into play, and still lost. The GAO protest system has been in place for over 100 years and is one of the main mechanisms the US government has to ensure a fair procurement process.

Re:

[civik]

More likely, Trump demanded the contract to be awarded to Microsoft because his petty spat with Bezos and the WaPo. They had to backfill the justification to support his demands.

Re:

[Virtucon]

He's living rent-free in your small mind. I love it.

Re:

[kunwon1]

I recall when this happened, he was rage-tweeting about Bezos fairly often. This is what most well-informed people were assuming at the time as well. The truth may come out eventually, if the turd ever gets flushed

Re:It's hard to "win" a GAO protest

[jellomizer]

The bidding process in general is really messed up.
While I get the intent of it making sure businesses can get a fair footing, vs. Just being a political favor. Their implementation doesn't really solve anything, and just creates more waste.

The thing is every company is different and they have their unique set of advantages and disadvantages. Those who create the Requirements to be bid on, are often worded to favor a company over an other one, even if it isn't necessarily a real requirement for what is needed.
Back a while back, I use to work as a consultant, who made my money in part from state government bids. The agency was happy with my work, so they wanted to keep me working for them, so they in essence took my resume and made it the requirements for the next bid. So when the bid was placed, there was a high chance that I was the only person who would fit the requirements 100%. While in theory there could be someone else that could match my skills, in reality I would always get the contract again, because it was tailored to me.

Re:

[PeeAitchPee]

It's not perfect, but it's way better at balancing the need for a fair, transparent procurement process with the needs to the agency to be able to get what they require while allowing competition than pretty much any other system out there.

GAO never questions whether or not an agency got their technical requirements right, or if what they're asking for is what they "really" need, because there's usually no way to prove it -- only whether or not an agency followed the process and award criteria that they set

Re:

[oh_my_080980980]

RTFA:

"Among the key factors for GAO’s decision was its view that it was unreasonable for the NSA to view the role of the Defense Information Systems Agency (DISA) as an approving authority gateway for top secret and unclassified services that would be provided under WildandStormy as a weakness for Microsoft."

According to GAO’s opinion, NSA in its decision objected to DISA’s role as an authorizing agency, because it had concerns that services on Microsoft’s cloud environment may

Re:

[PeeAitchPee]

I read it. GAO is not telling the NSA that requirements were incorrect; rather, that their evaluation was unreasonable and unfairly benefitting the winning vendor based on NSA's own criteria in their RFP. There's a huge difference, especially when lawyers are involved.

Re:

[fropenn]

Bidding for suppliers is absolutely disastrous for most organizations, particularly how it is managed in most places where the lowest price (and barely meeting specs) wins bids. Unfortunately often the lowest priced bid results in higher overall costs. For example, if bid out tires for your SUVs and the low-bid tires have tread separation 10 times more often than the higher-bid tires, your overall cost is much higher when you have to deal with lawsuits, customer complaints, etc.

Management principles devel

Re:

[brunes69]

The problem with these cloud-computing contracts is the amount of lock-in they come with.

Unlike traditional IT procurement, the NSA is buying *A SERVICE*, not software, and applications built on that service are not portable.

I don't have any idea how long the $10B is supposed to buy them, lets say it is for 5 years. After those 5 years are over - it is highly unlikely the applications will be able to be moved to Azure, or any other cloud - because unless that is an explicit architectural requirement (which

Re: It's hard to "win" a GAO protest

[nullchar]

Cloud lock-in is the worst. But "cloud neutral" is also a waste of time if you only ever use one cloud. And for some things, you must rely on vendor specifics (virtual networking, etc). Cloud is no-win unless you go all in.

Guess the datacenter in Utah wasn't big enough?

Re: It's hard to "win" a GAO protest

[brunes69]

What you say is debatable for private enterprise, but it should be a non option for government. The entire purpose of complex procurement contracts and things like the GAO are to avoid vendor lock in with taxpayer dollars.

Re:

[oh_my_080980980]

What? You state the GAO protest system is in place to ensure a fair procurement process but when someone uses it you bash them for using it???

That's called cuckoo.

Re:

[PeeAitchPee]

Who did I bash? I said a GAO protest is a longshot. Any "interested party" is legally allowed to file a protest -- that's the law. If Microsoft wants to burn hundreds of thousands of dollars in legal fees on a longshot where the absolute best case scenario is that NSA has to re-evaluate proposals, that's their business and their legal right. They've certainly got the cash to pay for it.

Code Name Trump (ssh, it's a secret.)

[geekmux]

"Code-named WildandStormy, the contract was initially awarded to AWS in August. Because the deal concerns national security, the full details are not known..."

Yes, and the fact that Ms. Daniels was elevated to a matter of national security of course has nothing to do with the Wild and Stormy time they had coming up with that name...

Damn Chinese/Russians!

[fbobraga]

Red Danger! Commies! /irony

Re:

[account_deleted]

Comment removed based on user account deletion