The C2E industry day was well attended. All seats were filled in the auditorium, the chairs on the side were all occupied, and standing room only in the back. The purpose of the C2E industry day was to discuss the the new C2E cloud effort. The CIA's Directorate of Digital Innovation led the March 22 industry day and briefing for vendors.

The topic of the recent industry day was the first phase of the new C2E effort, the acquisition of foundational cloud services from multiple providers.  The second phase, which was not discussed at this industry day, will acquire through multiple vehicles specialized Platform-as-a-Service (PaaS), Software-as-a-Service (SaaS), and multiple cloud management capabilities to augment those acquired in Phase 1. With the estimated value of C2E in the tens of billions, this is one of the largest cloud efforts in the federal government scope currently.

C2E vs C2S

The anticipated scope of the Phase 1 contracts substantially differentiates this C2E effort from current C2S cloud. The contract objectives are written with the future of the entire ODNI in mind, and are designed to assist in the transformation of the IC.

The intelligence community CIO announced a multivendor plan last year, as part of the second "epoch" of the Intelligence Community Information Technology Enterprise or ICITE program. The C2E industry day speakers emphasized that the C2E contract will be a multivendor effort. With the ODNI six years into their first commercial cloud contract with AWS, they are approaching a maturity level with cloud services that no other part of the federal government can match. The ODNI agencies, as a group, represent the strongest technology leadership within the entire federal government scope. The focus on a multi cloud solution for C2E is a strong message to other parts of the federal government that a multi-vendor solution is the way forward.

Background

In 2013, the CIA awarded the Commercial Cloud Services (C2S) contract to provide cloud computing services acquired from a large-scale commercial vendor, at up to and including the Top Secret (TS)/Sensitive Compartmented Information (SCI) security level, to the Intelligence Community (IC).  C2S and IC-GovCloud provided two options for cloud computing support under the Intelligence Community Information Technology Enterprise (IC ITE) initiative. Since that time, cloud computing has proven transformational for the IC – increasing the speed at which new applications can be developed to support mission and improving the functionality and security of those applications.  In response to mission demand since 2013, the IC’s portfolio of commercial cloud services has expanded by adding new services from the commercial domain, increasing compute and storage capacity, and acquiring services from multiple commercial vendors.

In 2018, the IC Chief Information Officer confirmed the objective of cloud diversity under Epoch 2 of IC ITE and confirmed CIA as the Executive Agent to acquire enterprise commercial cloud services on behalf of the IC.   Commercial Cloud Enterprise (C2E) is the name of the program to expand and enhance the capabilities delivered under C2S.  C2E will proceed in two phases.   The first phase will acquire foundational cloud services, as defined in the scope section below, from multiple vendors.   The second phase will acquire through multiple vehicles specialized Platform-as-a-Service (PaaS), Software-as-a-Service (SaaS), and multiple cloud management capabilities to augment those acquired in Phase 1. The desired support for security levels in C2E is for all security levels including UNCLASSIFIED, SECRET,  and TS/SCI with intelligence overlays.

 Phase 1

The anticipated scope of the Phase 1 contracts substantially differentiates this C2E effort from current C2S cloud. The C2E effort requires worldwide support– both terrestrial and satellite/space – with both on- and off-government premises options. This is an expansion of the scope of the current C2S US only offering. All security levels including UNCLASSIFIED, SECRET,  and TS/SCI with intelligence overlays are required, along with support for all types of cloud services (including Infrastructure-as-a-Service (IaaS), PaaS, and SaaS) and associated professional support services.

Phase 1 Objectives

The principal C2E Program objective is to acquire cloud computing services directly from commercial cloud service providers with established records for innovation and operational excellence in cloud service delivery for a large customer base.  In support of this program objective, the IC’s foundational objectives for the Phase 1 contracts are as follows:

Cloud Service Innovation 

The Provider has documented past performance of implementing new cloud services in its commercial offering that will permit significant advances in support of the intelligence mission when implemented in C2E.   

Technical Parity  

When new cloud services are introduced in the Provider’s commercial environment, the same services become rapidly available in the C2E environment at all security levels as prioritized by the Government.

Interoperability / Portability

The Provider has the technical capabilities and management processes to effectively and efficiently facilitate application and data interoperability and portability, as prioritized, between IC cloud environments, including between cloud offerings from different providers.

Operational Excellence  

The Provider will deliver operational excellence in cloud computing by such elements as scaling quickly to satisfy user computing demands, proactively exceeding IC security requirements, assuring high system availability and data reliability, and providing best-in-class user support.

Service Pricing Parity

The Provider provides a range of service pricing structures to cost-effectively support different use cases and revises C2E pricing regularly to maintain parity with the Provider’s commercial environment pricing. 

Superior Contract Management

The Provider demonstrates the expertise and commitment required to manage a complex effort at the speed of mission that is critically important to the IC and national security. 

Objective Analysis

The C2E notes listed 17 additional contract objectives, summarized below:

Service delivery objectives for operating capability (IOC) cloud service offerings that meet security requirements in all C2E security fabrics in the UNCLASSIFIED fabric are 30 days, in the SECRET fabric are 180 days, and TS/SCI with overlays fabric is 270 days.

C2E capability objectives include an extension of enterprise cloud services to the tactical edge locations, and a comprehensive range of services that minimize the loss of cloud capability support at the tactical edge if network communications is lost.  

Tactical capability objectives shall enable to the maximum extent possible the broad range of cloud services that include IaaS, PaaS and support edge AI/ML use cases, while providing cloud service offerings that can be configured to process data at all security levels including UNCLASSIFIED, SECRET, and TS/SCI with intelligence overlays.

Continuous cloud service innovation with a wide variety of offerings in advanced cloud technologies including, but not limited to,AI/ML, distributed computing, mobile device platform support, high-performance compute, and cloud service automation.

Maintain technical parity by instantiating new services - identified by the Government as having IC Mission Priority - within 90 days of commercial availability.  New services will be available across all C2E security fabrics. 

Provide a marketplace capability to facilitate the use and billing of Bring-Your-Own-License (BYOL) PaaS and SaaS offerings, including those that may be acquired in Phase 2 of C2E.

Provide C2E service pricing options comparable to the provider’s commercial offering and adjust C2E prices accordingly within one month of changes in the prices of commercial offerings.

Provide industry-leading Service Level Agreements (SLAs) for cloud service availability, scalability and data reliability that includes significant penalties for failure to meet the established thresholds.

Provide the capability to transition off of the provider’s cloud infrastructure as required by mission needs and when the contract expires.

Provide cloud security offerings that proactively ensure protection of the physical infrastructure and information security, and limit and/or mitigate against threats, internally and externally, to the C2E environment.

The Future is Now

To take advantage of the capabilities stated in the C2E objectives, the IC will need to transform the way it does…almost everything.

A modern data management strategy is going to be an essential part of the transformation. No longer can essential data sit locked into storage silos; the data needs mobility to take advantage of the multi cloud environment. Today, the data of the ODNI resides on classified silos or enclaves, with the security of the data assured by the fact it never leaves the enclave. This approach isn’t going to fit into the ODNI of the future. Each piece of data needs to “Self Protect” in regard to security level and classification. I’ll be expanding on this on a future post.

A Tool for Transformation

To use the C2E contract as a tool for transformation, the IC should establish a Cloud Center of Excellence (CCoE), staffed with members from each agency in the ODNI organization. The use of a CCoE lowers the implementation and migration risk across the organization, and serves as a conduit for sharing the best practices for a broader impact of cloud transformation throughout the ODNI agencies. It is recommend that the IC staff the CCoE gradually with a dedicated team that has the following core responsibilities:

• Defining central policies and strategy

• Providing support and knowledge transfer to business units/agencies

• Providing a central point of access control and security standards

• Creating and managing common use-case architectures (blueprints)

Further Reading and More Information

These are lots of great C2S resources available on Google and here are just a few.

• Fortune on CIA loving AWS Cloud

  •  http://fortune.com/2015/06/29/intelligence-community-loves-its-new-amazon-cloud/

• Will Amazon’s IC Marketplace Disrupt IT Acquisition

  • http://www.nextgov.com/cloud-computing/2016/06/will-amazons-ic-marketplace-disrupt-it-acquisition/129244/

• Jeff Barr’s Blog

  • https://aws.amazon.com/blogs/aws/new-aws-marketplace-for-the-u-s-intelligence-community

• CIA Bringing Amazon’s Marketplace to the Intelligence Community

  • http://www.nextgov.com/cloud-computing/2015/02/cia-bringing-amazons-marketplace-intelligence-community/104937/

• AWS Marketplace now in AWS GovCloud (US) 

  • http://intelligencecommunitynews.com/aws-marketplace-is-now-available-in-the-aws-govcloud-us-region/