recommended reading

Amazon Sues Over CIA Cloud Deal


This story has been updated to include comment from IBM.

Amazon is suing the government over a $150 million contract for a massive intelligence community computer cloud that the CIA first awarded to the Web giant but later yanked after an auditor said the intelligence agency gave Amazon an unfair advantage.

Amazon filed its suit in the U.S. Court of Federal Claims on July 24. The complaint is sealed because Amazon said it contained proprietary information.

“We believe strongly that the CIA got it right the first time," an Amazon Web Services spokeswoman said in an email. "Providing true cloud computing services to the intelligence community requires a transformative approach with superior technology."

Amazon Web Services is Amazon's cloud computing division. 

"We believe that the CIA selected AWS based on AWS’ technically superior, best value solution, which will allow the agency to rapidly innovate while delivering the confidence and security assurance needed for mission-critical systems," the spokeswoman continued. "We look forward to a fast resolution so the agency can move forward with this important contract."

Federal Computer Week first reported on the lawsuit on July 24.

IBM also competed for the cloud contact and challenged the award to the Government Accountability Office, which recommended CIA rebid the contract by August 6.

IBM intervened in the Court of Federal Claims suit July 25, noting that it stands a good chance of winning the rebid contract and that “Plaintiff [Amazon Web Services] now seeks to enjoin the agency from executing its corrective action.”

The Court of Federal Claims is typically the final stop for government contracting disputes that can’t be resolved by the GAO. GAO decisions aren’t binding but agencies often follow them. 

IBM said in a statement: "Now more than ever, the United States Government needs the safety and security of IBM's decades of experience in managing sensitive data."

CIA gave Amazon a leg up on the initial cloud contract because it agreed during post-award negotiations to weaken a requirement that all software in the cloud be verifiably free from computer viruses that might let unauthorized people see intelligence data, GAO found.

Amazon asked that it only be required to vouch for software it had built itself, not for third party and open source software it planned to include in the system. If IBM had known in advance that requirement might be loosened, that could have substantially changed both the company’s bid and its competitiveness, the auditor said.

The planned CIA cloud will be built on government property with a high level of security, according to the GAO decision. It will include both infrastructure-as-a-service and software-as-a-service components. That means intelligence agencies will be able to use the cloud as a storage space for their own operating systems and also rely on operating systems provided by the vendor.

Computer clouds typically offer cheaper storage space than traditional government data centers and allow agencies to perform more complex computing operations with larger amounts of data.

(Image via RoboLab/

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.


When you download a report, your information may be shared with the underwriters of that document.