Rep. Stephanie Bice (R-Okla.) called it a "delayed realization of enhanced security" amid recent high-profile cybersecurity attacks.
Lawmakers are worried that delays to the Defense Department's plan to migrate legacy systems to cloud-based solutions could hamper national security.
At a House hearing on June 29, Rep. Stephanie Bice (R-Okla.) drilled in on the pace of cloud migrations.
Defense agencies and field activities' slow migration to MilCloud 2.0 is a "delayed realization of enhanced security, which is paramount in the light of most recent Colonial pipeline and SolarWinds cybersecurity attacks," Bice said during a Subcommittee on Cyber, Innovative Technologies, and Information Systems hearing on DOD's IT budget for 2022.
MilCloud 2.0 serves as a key component of DOD’s cloud strategy, offering commercial services and tools on-premise for DOD networks. General Dynamics' IT is the prime on the nearly $500 million contract first awarded in 2017. But earlier this year, GDIT added Amazon Web Services to provide off-premise cloud hosting services, according to Washington Technology, an FCW sibling publication. Migration was originally scheduled to finish in 2020.
John Sherman, DOD's acting CIO, testified that MilCloud 2.0 was a "powerful capability" but not a panacea.
"We are going to ensure that it's being used where it can be used and ensure that the DAFAs [defense agencies and field activities] that need the [on-premise] capability that it provides are going to use it," Sherman said, adding that the capability was not yet accredited at Impact Level 6 to secure classified data.
Sherman stressed that about a quarter of the Fourth Estate's cloud migrations have been to MilCloud 2.0 with the rest to other cloud capabilities from Amazon, Microsoft and the Defense Information Systems Agency, which houses the Cloud Computing Program Office charged with executing DOD's cloud plans.
"It's a powerful arrow on our quiver," Sherman said of MilCloud 2.0, "but not the only one and so that's the approach I'm taking on this."
But Bice pressed, saying things aren't moving fast enough since the effort launched in 2018.
"One of the concerns I have," she said, is "the time it is taking to actually get these services migrated to either cloud-based solutions or others that can protect our assets. We talked about MilCloud 2.0 being implemented in 2018, and here we are three years later with only a small percentage that have been migrated."