The FBI's Washington, D.C., headquarters building at night. 

Apr 04 2018

On the FBI’s Most Wanted List: Info on Commercial Cloud

The law enforcement agency is mulling adopting commercial cloud technologies and has sought input from industry.

The FBI is on a mission to consolidate its data centers. So, it shouldn’t be too surprising that the bureau is also interested in moving to the commercial cloud.

In mid-February, the FBI released a request for information (RFI) that asked industry for input on commercial cloud technologies, and hinted that the bureau is interested in a secure and large-scale cloud infrastructure. The RFI came amid the FBI’s decision to recompete a massive, $30 billion IT services contract, which expires in October.

The FBI took feedback on the cloud RFI through March 2. A cloud migration isn’t imminent (and likely would take a significant amount of time to complete in any case). However, the FBI’s exploration of commercial cloud suggests that even agencies that have previously been laggards on cloud adoption are now signaling a shift in that direction, as the White House pushes agencies to adopt more commercial cloud and shared services technologies.

SIGN UP: Get more news from the FedTech newsletter in your inbox every two weeks!

What the FBI Is Looking for in a Commercial Cloud Platform

The RFI notes that FBI CIO Gordon Bitko has determined that the cloud will help the agency solve two main challenges: hosting and managing Big Data and enabling IT operational excellence. “Cloud computing will allow the FBI to efficiently manage, operate and run a very large-scale computing infrastructure to deliver the capacity, availability and performance that will permit end users to focus on mission accomplishment,” the RFI states.

The FBI requested info so that it can assess the cloud marketplace and existing industry capabilities; identify and assess the major risks to any acquisition; identify and mitigate any potential barriers to competition; determine industry data and information needs to support proposal preparations; and identify areas that could be set aside for small business.

As would be typical with any cloud deployment, the FBI is seeking service from an established cloud service provider (CSP) with existing, large-scale commercial offerings to deliver Platform and Software as a Service capabilities that can provide on-demand service, broad network access, resource pooling, rapid elasticity and measured service. The CSP needs to offer a catalog of application, data, middleware and operating system options that are “regularly refreshed with innovative and disruptive technologies available in the commercial marketplace,” the RFI states. The CSP also needs to provide middleware functions such as identity management, security management, log analysis and audit capabilities.

Notably, any commercial cloud partner also needs to meet intelligence community security requirements for handling data classified as “Secret,” and needs to assure high availability and provide “significantly more cost-efficient computing than traditional approaches.”

The FBI also hints that its CSP partner must enable the processing of vast quantities of data and support artificial intelligence capabilities. The RFI says the cloud service must support “mission requirements of faster application development and more capability for big data management and cognitive computing” and be capable of “processing petabyte scale data volumes for users.” A petabyte is equivalent to a million gigabytes.

The CSP must also be certified to operate by the Federal Risk and Authorization Management Program (FedRAMP).

In addition to those capabilities, the RFI makes it clear that prospective CSPs should maintain at least two commercial multitenant data centers inside the United States with dedicated, firewalled space for government use that are more than 1,000 miles apart and are able to support about 50,000 users.

The FBI also wants to be able to retain responsibility for system authorization, facilities accreditation and connectivity to FBI networks to the data centers. Additionally, among other requirements, the FBI wants to be able to bring in its own cryptography to the data center environment.

FBI/Wikimedia Commons