Is US military cloud safe from Russia? Fears over sensitive data
A technology company bidding for a Pentagon contract to store sensitive data has close partnerships with a firm linked to a sanctioned Russian oligarch, the BBC has learned.
The Jedi project, a huge cyber-cloud which could ultimately store nuclear codes, has already sparked security fears.
Viktor Vekselberg, who is close to the Kremlin, has links to the C5 Group, a cyber-investment firm which has worked closely with the leading bidder, Amazon Web Services (AWS).
Both C5 and AWS say C5 is not involved in the Jedi bid in any way.
All bids for the cloud are sealed. The Pentagon refused to comment, stating that information about companies involved could not be disclosed.
What is the Jedi contract?
In a bid to compete with Russia and China, the Joint Enterprise Defence Infrastructure (Jedi) is one of the most ambitious ventures the Pentagon has launched.
Instead of military data being stored on smaller servers across different departments within the Pentagon, the information will be held in a cloud.
The cloud is a term used to describe a number of remote servers, connected to the internet, which can store vast arrays of information and can be accessed from anywhere in the world.
Top military secrets will be transferred to the Jedi cloud, including classified details about weapons systems, military personnel, intelligence and operations.
It will provide soldiers on the front line with instant access to all of the latest intelligence, making them more effective on the battlefield.
- The risks of cyber-conflict with Russia
- Staying one step ahead of the cyber-spies
- Smart machines v hackers: How cyber-warfare is escalating
US Major General David Krumm, who helped to devise the contract, explained at its launch that having such information at the military’s fingertips would help the US win wars.
He said: “The information has to be available to an army platoon that a friendly unit is just around the block and will not open fire.
“It’s got to be available to a platoon of marines who are about to breach a door that an IED has been found.”
There have been warnings that if the Pentagon’s IT system is not updated urgently, then the US will “lose the future war”.
Huge global technology companies such as Microsoft, Oracle and IBM have submitted bids, with a decision due in April 2019.
Leading voices in the sector – including the other companies vying for the contract – say that Amazon Web Services (AWS) is the clear frontrunner.
Why is the project so controversial?
John Weiler, the director of the IT procurement group IT-AAC based in Washington, told the BBC: “I would not store my most personal data, nor would my fellow colleagues, in a commercial cloud, period, the end.”
He says there are huge risks to storing such classified information on a public, commercially-held cloud run by just one company.
“We have our nuclear codes, where our troops are going to be from one day to the next. If the cloud’s security is breached, then our enemies could use our information against us. They could be waiting for us.”
The Pentagon had to explain to Congress why it was only offering the contract to a single company, with calls for a cloud of this size to be run by multiple service providers to spread the risk of security breaches.
It said having just one cloud provider would better serve troops on the ground and would speed up access to vital information.
AWS also defended the US government’s position, stating: “A single cloud would be more secure than a multi-cloud environment.”
There have also been accusations that the bid has been written with just one company in mind, AWS, something the Pentagon denies, saying that the process has been transparent and impartial.
Questions have also been raised about AWS’ links to the C5 Group.
- Top banks in cyber-attack ‘war game’
- Children’s data exposed on cloud server
- Is cyber-warfare really that scary?
Who are Amazon Web Services and C5 Capital?
Amazon Web Services has grown to be the biggest cloud service provider in the world. A subsidiary of the online shopping company, it controls a third of the cloud computing market.
The C5 Group is a relative newcomer but within a few years it has raised £100m ($125m) to invest in cyber-security.
Despite AWS and C5 working together on a number of cloud computing projects all over the world, both companies have denied having a close relationship.
One of the many cyber-companies in the C5 group, C5 Accelerate claims on its website that it is “developing a Cloud Accelerator Cluster in Europe, the Middle East, Africa, and the United States, alongside Amazon Web Services”.
C5 maintains it has never made a joint contract bid with AWS of any kind in any country and has worked with other cloud service providers like IBM and Microsoft.
However, the vice-president of AWS, Teresa Carlson, and the man behind the C5 Group, Andre Pienaar, have toured the world promoting their companies’ relationship.
They have also joined forces on a project in the Middle East. AWS secured a contract to develop cloud-computing platforms for the Kingdom of Bahrain, and C5 came in to migrate government websites to the cloud.
Who is Andre Pienaar and how is he linked to Russia?
Mr Pienaar, the man behind the C5 group, is a well-connected South African with business ties to a wealth of illustrious names.
The board of one of his flagship companies, C5 Capital, features a roll call of some of the most influential and trusted figures in military and security circles on both sides of the Atlantic.
He also has links to Viktor Vekselberg, who is on the US sanctions list for his close ties to Vladimir Putin.
When the BBC asked Viktor Vekselberg if he knew Mr Pienaar, he said that for two-and-a-half years, Mr Pienaar was a paid portfolio manager for his businesses in South Africa. That role only came to an end earlier this year.
According to this version of events, he must have been working for Mr Vekselberg whilst running C5 and working on projects with Amazon Web Services.
When the BBC put that to Mr Pienaar, he denied having ever worked for Mr Vekselberg’s company, and said he had only advised them on a mining issue.
Shortly afterwards, Viktor Vekselberg’s spokesman came back to amend their earlier statement to match Mr Pienaar’s – which would suggest that they are still in contact.
How is his business, the C5 Group, linked to Russia?
Looking through the labyrinthine structure of companies around C5, the BBC has found an injection of Russian money.
One of C5’s subsidiaries, C5 Razor Bidco, brought in an investment of £16.1m in 2015, just as Vladmir Kuznetsov became a director and major shareholder of the company.
AWS stressed that it does not work with C5 Razor Bidco. However, C5 Razor Bidco is part of the C5 Group and is owned by Andre Pienaar.
Vladimir Kuznetsov is widely reported as being the trusted lieutenant of the sanctioned Russian oligarch Viktor Vekselberg.
He worked for the Russian oligarch from 1999 until earlier this year, when the sanctions against Mr Vekselberg led to mass resignations across the board of his business group, Renova.
Mr Kuznetsov told the BBC he had resigned from the majority of Mr Vekselberg’s companies in 2014, apart from remaining on the board of Renova Management until April 2018.
He denied being his “right-hand man”.
The BBC has also seen a document, published by an organisation called the Family Office Circle Foundation in 2016, which states that Mr Kuznetsov, who was speaking at one of their events, was from “Viktor Vekselberg’s family offices” and was “director of Renova Group”.
Mr Kuznetsov said his investment in C5 Razor Bidco was not influenced by either Mr Vekselberg or the Kremlin and the money came from his own bank account.
C5 said that the oligarch had not directly or indirectly invested in any of the group’s companies.
Mr Vekselberg said Mr Kuznetsov had never run “his family offices” and he had not made any investment in C5’s portfolio through Mr Kuznetsov or by any other means.
Who is Viktor Vekselberg?
His reputation in the US as a “nice oligarch” who spent his money on Fabergé eggs was tainted in April this year when the US government sanctioned him for his close ties to the Kremlin.
Mr Vekselberg has said he will appeal against the sanctions, which have proved costly to some of his multi-million pound businesses.
Former Pentagon official Michael Carpenter, who was the deputy assistant secretary of defence overseeing Russia, told the BBC that he believes Mr Vekselberg “poses a risk to the US”.
“Any oligarch in Russia, when called upon by the Kremlin, to do their bidding will do so, and that is the condition that they keep their wealth.”
Shortly after his name appeared on the US Treasury’s sanctions list, the billionaire was stopped as he tried to board a plane in New York.
Federal agents working for the Robert Mueller inquiry into alleged Russian interference in the 2016 US election questioned him and seized his electronic devices.
He denies any wrongdoing or involvement in President Donald Trump’s campaign.
It emerged earlier this year that Columbus Nova, a company affiliated to his Renova Group empire, paid £500,000 to Michael Cohen, Mr Trump’s lawyer at the time.
The money went to his company, Essential Consultants LLC, the firm he used as part of a “hush agreement” with Stormy Daniels to prevent her publicising her alleged affair with Mr Trump.
Andrey Shtorkh, a spokesman for Mr Vekselberg, told NBC News that neither Mr Vekselberg nor Renova “has ever had any contractual relationship with Mr Cohen or Essential Consultants”.
What is Skolkovo?
When the Skolkovo Innovation Centre was established by the Russian Prime Minister Dmitry Medvedev back in 2009, when he was Russia’s president, it was seen as the country’s answer to Silicon Valley.
Viktor Vekselberg was brought in to run it and has remained at the helm ever since.
It was described as an incubator of the latest technologies which would create thousands of jobs and help reduce Russia’s dependence on oil and gas, and allow it to compete with the West.
However, a few years after its inception, warnings of potential espionage came from both the US military and the FBI, accusations that Skolkovo and Viktor Vekselberg strongly deny.
Both the FBI and the US military have warned that the innovation centre, designed to rival California’s Silicon Valley, could be a front for “industrial espionage”.
Mr Vekselberg said it was with “great regret” that Skolkovo had been the subject of such criticism and that the centre worked closely with the US and many global technology companies as part of an “ecosystem” where “innovation and entrepreneurship can thrive”.