Return to the JEDI: The truth behind the JEDI War Cloud contract battle may now be coming out.

By Paul Cornish

The Joint Enterprise Defense Infrastucture, otherwise known as JEDI or, more melodramatically as ‘War Cloud’ is described by the US Department of Defense (DoD) as ‘an initiative that will revolutionize how we fight and win wars’. With the ‘ability to rapidly access, manipulate, and analyze data at the homefront and tactical edge’, combat troops will ‘better execute a mission that is increasingly dependent on the exploitation of information.’ The JEDI initiative is of obvious interest to the US armed forces and their allies (and adversaries) and to all those who follow strategic innovation – could this be the next ‘revolution in military affairs’? It’s also of very great interest to those keen to bid for the 10-year contract, to those in Congress responsible for the supervision of US defence spending and to those who follow the relationship between the White House and the DoD.

The well-respected conservative German newspaper, Welt, ran a piece on 29 April 2019 covering what has become an epic struggle between Amazon and its founder Jeff Bezos on one side, with Amazon’s arch-rival Oracle and its founder Larry Ellison, the National Enquirer and the Kingdom of Saudi Arabia on the other, over the structure and openness (or otherwise) of the JEDI tender, due to be awarded in July 2019. The original German article is here and an English translation here. The article is largely based on an extended piece written by Jeff Bezos’ cyber security consultant of 25 years, Gavin De Becker. The lengthy Weltarticle claims, among other things, that law enforcement is now involved in multiple enquiries against private investigators and lobbyists for suspected computer hacking.

For decades the so-called military industrial complex in the US was dominated by a small number of large players for the provision of cutting-edge technology for security and defence. That exclusive club was joined by Amazon Web Services (AWS) in 2014 when the CIA and other US intelligence agencies moved their cloud computing to AWS. AWS also began hosting DoD classified documents after a main rival, Microsoft, finally withdrew their protests. That was arguably the first skirmish between the old giants and the new. All-out war was declared when the DoD announced a $10 billion procurement competition for the new War Cloud.

AWS is in the club but not of it.  The older, more conservative defence and technology contractors like IBM and Oracle, are not happy. Oracle is the second largest provider of software to the DoD, with contracts worth billions of dollars. The largest tech companies are spending millions of dollars, $64m in 2018 to be precise, on lobbying Federal Government. It would not be too much of a stretch to imagine that some part of this lobbying effort was intended to stop Amazon from winning the JEDI contract, not least because both IBM and Oracle unsuccessfully protested the JEDI contract even before bids were invited. Although perceived by its rivals to be a mere upstart in the defence environment, Amazon’s argument is that as a single provider they could offer better security, cost efficiency and operational effectiveness than their competitors, that the scale of their existing cloud computing capacity would make them best placed to deliver what DoD needs and that they already have experience in providing a secret cloud for the US intelligence community. But this titanic struggle isn’t solely commercial – it’s also deeply personal.

Amazon’s founder Jeff Bezos supported Hillary Clinton in the 2016 Presidential campaign and Donald Trump has been open in his feud with Bezos as a result. In contrast, Trump was (and is) supported by Oracle founder Larry Ellison and Trump duly appointed Oracle Co-CEO, Safra Catz to his transition team in late 2016. Catz reportedly lobbied Trump directly over the JEDI process at a dinner last year.  Oracle has also been very active in Saudi Arabia, says the Welt article, recently opening an innovation hubin the Kingdom. On the other hand, the Washington Post, which Bezos also owns, is not much liked in the Kingdom or indeed by Trump. The plot – whatever it is – thickens by the day.

There are some stretches of logic in the Welt piece and in the general rumour mill, with connections being drawn that might be no more than circumstantial. Oracle does indeed have a well-established position in Saudi Arabia and is indeed fighting Amazon. Jeff Bezos owns the Washington Post which employed the journalist Jamal Khashoggi, murdered in the Saudi consulate in Istanbul. Turkey’s President Erdogan is no friend of the Saudi royal family. The National Enquirer not only published scandalous photos of Bezos that are claimed to have ended his marriage, it also produced a glossy endorsement of Saudi Arabia when Crown Prince Mohammed bin Salman visited the US. And as De Becker records in his Daily Beast article, some experts have ‘concluded with high confidence’ that the Saudis had access to Bezos’s phone, by which means they acquired ‘private information’. Furthermore, it has also been claimed by ‘experts in the intelligence community’ and ‘leading cybersecurity experts’ that the Saudis have the ability to ‘collect vast amounts of inaccessible data from smartphones in the air without leaving a trace’ and that hacking was a key element in the surveillance efforts that led to the murder of Khashoggi. While each of these things might or might not be true, they are not necessarily all connected.

As gleaned from the publicly available sources mentioned here, the various claims and denials make for an opaque but no less compelling saga full of rumour, intrigue, rivalry and subterfuge – almost worthy of a Cold War spy novel. This brief article takes no position in this unfolding tale, other than to observe that the real and important news in the story – and the development that means we might actually get to the bottom of what has been going on in this new style of cross-border conflict between the state and the corporate/tech sector – could be the (as yet unconfirmed) multiple enquiries in which law enforcement are said to be engaged. According to Weltin 2018 a private investigative firm, RosettiStarr distributed a 100-plus-page dossier raising the spectre of improper activity on the part of senior DoD officials and Amazon executives involved in the JEDI bidding process. In the words of the Welt article, RosettiStarr ‘is said’ to have worked with a German based firm, Paladin Associates run by an American Louis Wonderly, using an operative based in their South African office, Paul Kirk, who in turn allegedly contracted some hackers. It should be said that Wonderly has denied involvement with RosettiStarr. According to the Welt article ‘a former high-ranking US Defense Department official that was concerned with JEDI told the authors that the German Federal Police are now investigating Paladin in Munich and its managing director, Wonderly, for suspected hacker attacks on E-mail accounts of JEDI-concerned Pentagon officials. Even the private mail account of the then Defense Secretary James Mattis was targeted by electronic espionage. “There is growing evidence that Rosetti Starr and Paladin hacked from South Africa and Eastern Europe for its clients,” said the senior source to WELT AM SONNTAG.’

Information from the hacking attacks was reportedly distributed by John Weiler, described in the Welt article as ‘an Oracle security lobbyist well-known in the US security industry’. Weiler’s tenacious interrogation of the JEDI process had already resulted in a ‘cease and desist’ letter from the DoD, addressed to Weiler and the IT-Acquisition Advisory Council, which he leads. Undaunted, Weiler recently appeared as the guest of Manveen Rana on the BBC Radio 4 Today programme criticising the DoD for its decision to place highly classified information in a cloud run by just one provider and, as reported on the BBC website, implicitly criticising the DoD and by implication the Secretary of State for Defense for potentially putting troops in harm’s way: ‘We have our nuclear codes, where our troops are going to be from one day to the next. If the cloud’s security is breached, then our enemies could use our information against us. They could be waiting for us.’

The Welt quotes a Pentagon insider claiming that this has now escalated to Weiler ‘also being investigated for conspiracy to hack.’ The article (in English translation) then points out that ‘Neither the Pentagon itself nor the FBI or Federal Police confirmed this information. For reasons of principle. “The FBI never confirms or denies investigations,” said a spokeswoman.’

If the German police and the FBI are indeed investigating Louis Wonderly, John Weiler and Paul Kirk for illegal hacking then the chances of the full JEDI story coming out have been transformed. Why should this story of corporate rivalry be of such interest? It is important because it touches on many areas of national and international security policy, and all at a very high level: global geopolitics; the impact of new technology on security strategy; the capability of US armed forces to operate to best effect in the digital age; the inner workings of the Trump Administration, and so on. But its greatest significance is because in matters of security and defence the relationships between the security/tech sector and national governments need to be charted more carefully, and more transparently. Whatever the truth of the JEDI saga might be, it matters, politically and strategically, that this convoluted tale should be unravelled and revealed.

Paul Cornish is an independent analyst and author, and a founding member of The Alphen Group

Twitter: @pncornish | LinkedIn: pncornish