Republican lawmakers want answers from Jeff Bezos on Amazon Web Services security before the $10 billion defense cloud contract is awarded
- A trio of Republican Congressman on the House Oversight Committee have sent an open letter to Amazon CEO Jeff Bezos.
- In it, they expressed concernes about the Capital One breach and the underlying security of Amazon's cloud, Amazon Web Services.
- AWS is widely considered to be the frontrunner to win a winner-take-all contract to provide cloud services for the defense department and the letter implies this breach may harm Amazon's chances.
Three Republican Congressman on the House Oversight Committee have some questions for Amazon CEO Jeff Bezos about the security of Amazon's cloud, Amazon Web Services.
They sent a letter to Amazon on Thursday expressing concerns about the Capital One breach and the underlying security of AWS.
Amazon, with its market leading cloud, is widely considered to be the frontrunner for a winner-take-all contract to provide cloud services for the defense department. This contract, known as the Joint Enterprise Defense Infrastructure (JEDI), is worth up to $10 billion over 10 years.
The lawmakers who sent the letter are Jim Jordan (R-OH); Michael Cloud (R-TX) and Mark Meadows (R-NC), and it was sent in response to Capital One's major hack, and AWS's role in that hack.
A former AWS employee, Paige Thompson, has been arrested and accused of being behind the attack. Capital One famously uses AWS. That hack affected the personal information of over 100 million people, including some Social Security and bank-account numbers.
AWS has acknowledged in other news reports that Thompson was a former employee and that Capital One is one of its customers. But Capital One has said that Amazon was not at fault, and the criminal complaint seems to back that up. The complaint says that the hacker discovered and used a "misconfiguration" of a computer security device known as a firewall.
A misconfiguration is a common mistake made with software and it doesn't indicate any inherent security vulnerabilty in the software or the underlying hardware. That underlying infrastructure is the part that Amazon provides. Capital One even credited the cloud for helping it find and analyze the hack quickly, in 10 days.
"AWS services or infrastructure were not compromised in any way," a person familiar with the matter told Business Insider.
Still, lawmakers say that they want to investigate because the government is on the brink of trusting AWS with some of the nation's most sensitive data.
"Because AWS will provide the trusted Internet connection and cloud support for the 2020 Census and could potentially run the Department of Defense's Joint Enterprise Defense Infrastructure cloud computing system, the Committee may carefully examine the consequences of this breach," the letter said.
Amazon should be equipped to respond. It has already achieved an armload of federally mandated security certifications and is the cloud of choice for a number of federal agencies.
But the fact that these lawmakers have brought up the JEDI contact is interesting. JEDI competitors have been lobbying President Trump to try and stop the award from going to Amazon, the biggest cloud competitor out there. Such pressure means that Microsoft has become a real contendor for the contract, even though Amazon is said to have more of the cloud features that department departments want in a cloud provider.
On Thursday, Trump's Secretary of Defense put the award of this contract on pause so his office could personally review it.
Washington's anomosity towards Amazon these days seems to be one of the few things that both parties agree on. Trump has routinely fueded with Amazon CEO Jeff Bezos, who also owns the Washington Post. And the FTC has begun asking questions about Amazon.
Meanwhile Democrat presidential hopefuls have been slamming Amazon for paying no federal taxes with some, like Elizabeth Warren, even calling for Amazon to be broken up.