The Department of Defence has gone to market for a cloud provider to deliver an infrastructure-as-a-service (IaaS) platform that will underpin its planned secret-level cloud environment.
Defence issued an expression of interest for the first tranche of the program on Wednesday after revealing plans to establish multi-vendor secret cloud services hosted in Australia last month.
The program stems from a growing need for security, policy and intelligence agencies, as well as emergency services, to “collaborate effectively and efficiently at the secret security classification”.
A further two tranches focused on a future expansion of the IaaS platform, as well as additional platform-as-a-service and software-as-a-service services, are planned for later in the year.
Defence currently has access to public cloud services at the official and protected security classifications, but relies on multiple secret networks to collaborate at the secret security level.
However, according to the department, these “siloed information systems and the use of disparate networks” have reached a point where they are hampering collaboration and coordination efforts.
The secret IaaS platform is also expected to be made available to Department of Home Affairs and the Department of Foreign Affairs, and potentially other agencies in the future.
“The establishment of an Australian government pathway to secret cloud capabilities will enhance interagency collaboration, support critical decision making and uplift national infrastructure,” Defence said.
Tranche one of the three-tranche program is focused on “rapidly establish[ing] a foundational secret IaaS cloud service” for two use cases: enterprise hosting, and large and high-volume data.
In the case of large and high-volume data, the platform will be used to ingest large payloads like sensory, imagery and audio data files, as well as other sensitive information for decision makers.
Defence said it only wishes to engage cloud service providers for tranche one, not system integrators or cloud implementation companies, but acknowledges that subcontracting might need to occur.
Cloud providers need to have existing services that is accredited as a “certified strategic service” under the government’s hosting certification framework, or have an application in progress.
Seven cloud providers have been accredited as certified strategic by the Digital Transformation Agency to date: Amazon Web Services, AUCloud, Kyndryl, Microsoft, Oracle, Sliced Tech and Vault Cloud.
Defence expects the platform be “ready for accreditation at the secret level for the Defence environment within six months of contract signing”, which is slated for the end of the year or early 2023.
It said the platform may be delivered as an MVP, noting that its broader ecosystem of “governance, management, orchestration and connectivity of secret cloud services may not be fully in place”.
The reason for the haste – which is unusual for a federal government department – is unclear, though there is some suggestion Defence was prompted after Microsoft walked away from negotiations with the Office of National Intelligence over the provision of top-secret cloud services.
