The Defense Department’s slow migration to MilCloud 2.0 could pose unnecessary security risks, one lawmaker warned.
The slow migration to MilCloud 2.0 by Defense agencies and field activities is a “delayed realization of enhanced security, which is paramount in the light of most recent Colonial pipeline and SolarWinds cybersecurity attacks,” Rep. Stephanie Bice (R-Okla.) said during a June 29 hearing of the House Armed Services Committee’s Subcommittee on Cyber, Innovative Technologies, and Information Systems.
MilCloud 2.0 serves as a key component of DOD’s cloud strategy, offering commercial services and tools on-premise for DOD networks. Migration was originally scheduled to finish in 2020.
John Sherman, DOD’s acting CIO, testified that MilCloud 2.0 was a “powerful capability” but not a panacea.
“We are going to ensure that it’s being used where it can be used and ensure that the DAFAs [defense agencies and field activities] that need the [on-premise] capability that it provides are going to use it,” Sherman said, adding that the capability was not yet accredited at Impact Level 6 to secure classified data.
Sherman stressed that about a quarter of the Fourth Estate’s cloud migrations have been to MilCloud 2.0 with the rest to other cloud capabilities from Amazon, Microsoft and the Defense Information Systems Agency, which houses the Cloud Computing Program Office charged with executing DOD’s cloud plans.
“It’s a powerful arrow on our quiver,” Sherman said of MilCloud 2.0, “but not the only one and so that’s the approach I’m taking on this.”
But Bice pressed, saying things aren’t moving fast enough since the effort launched in 2018.
“One of the concerns I have,” she said, is “the time it is taking to actually get these services migrated to either cloud-based solutions or others that can protect our assets. We talked about MilCloud 2.0 being implemented in 2018, and here we are three years later with only a small percentage that have been migrated.”
This article was first posted to FCW, a sibling site to GCN.
