The CIA is storing sensitive data on an Amazon cloud?

I did not know about many of those. I also didn't know that the DEA is considered an intelligence agency. Thanks for the information.

DEA is a recently recognized addition. I wrote a paper in 1993 that included the IC--FBI was the only voice from DoJ, and there were 13 recognized agencies instead of 17. Other changes--DoE's representation was just a representative on the Atomic Energy Commission, no real agency; Treasury's agency was the Office of Intelligence Support that gathered information from the Treasury's law enforcement bureaus, which, except for IRS, are no longer in Treasury (ATF to DoJ, Secret Service to DHS...), today they get information primarily from the SEC and FinCEN; and the Geospacial Intelligence Agency replaced NIMA, I'm guessing there was a transfer of authorities.

SFC John Gates - I'm trying to clarify what you were conveying in your post. Military networks such as soc.mil are built by defense companies such as General Dynamics as contractors, not by the military itself. DISA manages the project and has technical experts to scope it and lead it, but the majority of the ground level work is done by private companies. Also, the computers that run those networks are built by private companies, using software built by private companies, over internet cables built by private companies, displayed on monitors built by private companies, and typed on by keyboards built by private companies. The government is in the business of governing, not so much in the business of building products by themselves.

LTC Yinon Weiss wrote: "I'm not familiar with any products or services that the government has built on its own at a mass scale."

Sir, put on all of your gear. Look down. Most of what you see is built, retro-fited, or modified by your friends at ARL/AMC. Most of our specialized computer systems either are entirely custom or have customized software or applications.

We try to use commercial solutions as much as possible and it is not just a charitable desire to put money into the US Economy. It is a huge time savings and cost savings if there is something that already exists and is close. But in a way, that has kind of been warped. the example you give about missle systems...let's say they are built by Northrop Grumman, but really, the DoD is their only customer for that system (even foreign sales are managed through DoD). How would you then classify that as "commercial?" It's not. That is part of the problem we are having that leads to astronomical pricing models...but that's a different discussion.

CPT (Join to see) - The DoD may certainly manage projects, but if I look at my gear, I see civilian companies. My rifle is made by Colt, my optics are made by Trijicon or Nightforce, my boots are made by Rocky, our cameras are made by Canon, our machine guns are made by FN, our HMMWVs were made by AM General, our computers are made by Dell (though they don't actually make it themselves either), our radios are made by Thales, and our software is made by Microsoft. I have no doubt that ARL/AMC makes modifications when needed, but I would stand by what I said that the government has not built any products or services on its own at a mass scale, even if they are the only customer for it.

I would define "commercial" as something built for a profit. Just because the government custom orders a missile from Northrop Grumman doesn't mean the government built it... it just means Northrop Grumman is the producer and the government is the consumer. Maybe it's just a matter of semantics? I don't actually see us disagreeing on anything. My whole point is that a robust capitalistic economy is the greatest source of innovation and productivity that the world has ever known. Being able to harness it has always been to our nation's advantage.

I wish your picture was correct, but it isn't. We (the government) are the "innovators," but in general, we aren't good at it. The reason is the flash to bang is too slow. By the time we solicit requirements from end users (and this is a bit of a farce), draft the request for proposals, solicit bids, vet bids, go through the appeals process with the losers, begin development, test, go back through development, test, field...you're looking at ~5 years. We are building 5 year old requirements today. I would argue you that a commercial product is something that is sold on the open market. If it is literally labeled as "not commercially available" than I don't get how someone could argue it's commercial. If real world market factors could influence it, it would, in my opinion, make it better, but it doesn't and can't. That's why our software looks like it was written in 1995. Beyond software, there are many components that are 100% Army designed, but my be assembled by a company - like your ACUs which you failed to mention. But again, not commercially available and no market influences, no choice in design or input by the company. Consider a visit to Aberdeen Proving Ground; it will be an eye opener.

I hadn't been aware of the unclass version. The Sharepoint and similar servers I'm used to using are all owned and run by the military, and located on military installations. Thanks for the update, although I'm still concerned about releasing internal control over classified data.

Sir,
You may be surprised to find that there are multiple civilian companies that own and operate TS cleared facilities and have done so for years. They provide an asset that the military cannot provide and are not interrupted by deployments, briefings, and additional military training. Like the old skunk works that created some of America's greatest aircraft, companies like Rand/MITRE/CISCO/DELL and others provide key force enablers. One the intelligence side there isBooze Hamilton and others, check out the GSA schedules sometime and you may be surprised how much classified work is actually outsourced.

Good information, MSgt (Join to see). Thank you.

I hope you're right, CW5 (Join to see). I'm a little concerned about our government's ability to secure information that is stored on a site they don't directly control (heck, they don't have a stellar track record with sites they /do/ control), but I guess it isn't much bigger of a risk than vetting and clearing a civilian to handle this data...just on a larger scale. And as 1LT Sandy Annala pointed out, this data isn't truly classified, just sensitive.

All companies that are cleared to operate have to comply with USCYBERCOM directives which are worked in parallel with NSA policies. Each company is subject to Command Cyber Readiness Inspections (CCRI) and required Authority to Operate (ATO) certification. All of this is done by government oversight.

Good point, 1LT Sandy Annala. What had me concerned was the quote stating they are using it for the sharing of "sensitive" data. Although you're right, that doesn't necessarily mean classified, just FOUO.

1LT Sandy Annala respectfully, they do operate a classified version also.

...and probably not even raising to the level of FOUO.