HP Holds Navy Network “Hostage” for $3.3 Billion

Noah Shachtman
Noah Shachtman Former Brookings Expert, Executive Editor - The Daily Beast

August 31, 2010

Someday, somehow, the U.S. Navy would like to run its networks — maybe even own its computers again. After 10 years and nearly $10 billion, many sailors are tired of leasing their PCs, and relying on a private contractor to operate most of their data systems. Troops are sick of getting stuck with inboxes that hold 150 times less than a Gmail account, and local networks that go down for days while Microsoft Office 2007 gets installed … in 2010. But the Navy just can’t quit its tangled relationship with Hewlett-Packard. The admirals and the firm recently signed another $3.3 billion no-bid contract that begins Oct. 1st. It’s a final, five-year deal, both sides promise, to let the Navy gently wean itself from its reliance on HP. But that’s what they said the last time, and the time before that.

It’s become a Washington cliché that the military and the intelligence community rely too much on outside contractors. Everyone from President Obama to Defense Secretary Robert Gates has promised to cut back on Pentagon outsourcing. But the Navy’s ongoing inability to separate itself from Hewlett-Packard – after years of trying – shows how difficult that withdrawal is going to be.

Just to make sure its core networks keep running – to make sure marines and sailors can keep e-mailing each other on Oct. 1st — the Navy is paying Hewlett Packard $1.788 billion. (Insiders say Booz Allen Hamilton, another outside contractor, handled the negotiations with Hewlett-Packard for the military; Booz Allen the firm only “clarif[ied] technical matters within the contract language.”)

The service will spend another $1.6 billion to buy from HP the equipment troops have worked on for years, and to license the network diagrams and configuration documents, so that the Navy can begin to plan for a future in which they’re not utterly reliant on HP for their most basic communications. In essence, the Navy is paying to look at the blueprints to the network it has been using for a decade.

“HP is holding the Navy hostage, and there isn’t a peep about it,” one Department of the Navy civilian tells Danger Room. “We basically had two recourses: pay, or send in the Marines.”

The initial idea behind the project, called the Navy Marine Corps Intranet, was to combine a hodgepodge of 15,000 different systems into a single, manageable network. A single IT company, Electronic Data Systems, would own all the gear – from the routers to the servers to the mice – and operate it all for the Navy. That way, the sailors wouldn’t need to count on the military’s Paleolithic purchasing system for their tech. And they’d get the benefit of a proven sysadmin who was smarter, faster, more efficient and more flexible than any lumbering government bureaucracy. Original cost: $4.1 billion for five years.

Since then, NMCI has grown to become the second largest network in the world, trailing only the internet itself. More than 700,000 sailors, marines and civilians on nearly 400,000 computers in 620 locations throughout the United States, Japan and Cuba are connected. NMCI’s 4,100 servers handle more than 2.3 petabytes of data. And, in some ways, the project has to be counted as a success: All those old networks have been merged into one, and that one centrally-controlled network is far easier to operate and secure than the tangled messes you find in most military commands.

But the flexibility the Navy hoped for? Well, let’s just say NMCI operates with all the agility and responsiveness you’d expect from a centrally-managed, self-policing monopoly.

“When our computers are not being crippled by updates, and as long as we don’t have to call the help desk for anything (i.e. we don’t have any computer problems) then NMCI has somewhat stabilized,” another Navy civilian e-mails Danger Room.

Worse, HP — which acquired Electronic Data Systems and its Navy contract in 2008 — still operates under performance metrics set a decade ago. A typical workstation on the network costs the Navy $2,490.72 per year. That includes an e-mail inbox with a 50-MB capacity (Gmail’s: 7,500 MB), and 700 MB of network storage (compared to Evernote’s unlimited, free plan). Anything above that is extra.

A year’s use of a “high-end graphics” workstation sets the Navy back $4,085.64. Extra applications on a laptop or desktop computer can run anywhere from $1,006.68 to $4,026.72 annually. A classified Ethernet port — $9,300 to $28,800 per year, depending on where it’s located.

What’s more, HP isn’t required to take security measures like hard disk encryption, threat heuristics, and network access control that are common today, but were exotic in 2000. “Anti-spam services” runs the Navy $2.7 million per year under the contract. Cleaning up a “data spillage” – classified information that got placed an unclassified network – costs $11,800 per incident. In 2008, the Navy paid about $5 million to wipe the data from 432 compromised computers. That’s “almost 10 times the cost of simply destroying the affected machines and replacing them with new ones,” the Washington Times reported.

HP executive director Randy Dove calls the project the “most secure, flexible and functional network within the Department of Defense.” Dove’s company claims 87.5 percent of NMCI users surveyed said they’re happy with the service. But among sailors and marines, NMCI’s many alternate acronyms tell a different story: “No More Contracted Infosystems,” “Non Mission-Capable Internet,” “Never Mind Crash Imminent.” Sailors and marines complained of long network down times, waits of hours and days for technical support — and even longer for pauses for BlackBerries and other gear.

The NMCI contract wasn’t supposed to last a whole decade, originally. But the job of consolidating networks and keeping up with the Navy’s wartime data needs kept getting bigger and more complex. And once the Navy started counting on an outside contractor to keep its information flowing, the harder it became to part ways – despite the complaints from the troops and from independent auditors.

Current program manager Capt. Captain Scott Weller insists that “the Navy always had full command and control over NMCI.” But Navy officials like retired Adm. John Gauss provides a different perspective. “We gave up far too much control under NMCI,” he admits.

Yet the NMCI contract was revamped over and over again, each time for more time and more money. “After investing about 6 years and $3.7 billion on NMCI, the Navy has yet to meet the program’s two strategic goals — to provide information superiority and to foster innovation,” the Government Accountability Office concluded in 2006 (.pdf). A few months earlier, the Navy decided to extend the contract through 2010.

In 2008, Navy officials declared their intention to finally assume day-to-day control of their networks. Then they quickly reconsidered. Military leaders wondered whether they had the expertise to manage such a complex IT project. Contractors working on the Navy’s behalf shared those concerns. The Navy might be able to build an aircraft carrier, say. But those ships take a decade or more to build. Something as fast moving as IT? That requires a different metabolism, a different workforce and a different set of skills.

Then there was the question of intellectual property. HP owned all of NMCI’s designs. Without that information, the Navy couldn’t really begin to plan for the Navy’s Next Generation Enterprise Network, or NGEN. (The new network had to be based on the old one, after all.) Which meant the military needed yet another agreement with Hewlett-Packard if they ever hoped to separate from the company. “Without access to the infrastructure and technical data associated with NMCI, we can’t hold an open competition,” Capt. Tim Holland, NGEN program manager, told an interviewer.

A Department of the Navy civilian is more blunt: “On Oct. 1st, NMCI becomes NGEN – provided we meet HP’s list of terrorist demands.”