There have been court cases, accusations of unlawful contract award and a judge saying that two rival technology heavyweights both failed to meet minimum quality thresholds. But a bitter clash between Vodafone and Fujitsu over who gets a new £184 million contract to run secure networks for Britain's diplomats globally is now over; with Fujitsu signing the "ECHO 2" contract on the dotted line four years after it was first floated by HMG.
The Foreign Office (FCDO) had controversially awarded the deal to replace the existing "ECHO 1" contract to Fujitsu in July 2021. The decision resulted in legal action by incumbent Vodafone, which had inherited the 2010 network -- running across 500+ sites in 180+ countries -- from Cable & Wireless; now part of Vodafone.
ECHO 1's replacement has been long steeped in legal wrangling: In 2018, with ECHO 1 nearing end-of-contract and amid warnings that the network could be insecure, the FCDO launched procurement for a replacement framework. Vodafone won the award but following a challenge by Fujitsu procurement was abandoned.
See also: MOD to ditch 36-year-old encrypted comms system
(The framework was for a Network Service Integrator (NSI) running overall support to the network, private circuits (MPLS), satellite connectivity (VSAT) and the supply of a Secure Internet Gateway (SIG).
Vodafone argued in late 2021 that claims ECHO 2 was urgently needed for security reasons -- something being used to justify faster movement on the status of the contract -- were undermined by what a judge overseeing the case paraphrased as "the insouciant leisurely pace at which governance issues were addressed and the concern to use the time to help fend off any legal challenge, rather than address any genuine security issue."
(It had further argued that the FCDO took a "risk based decision" not to implement certain security improvements to the ECHO 1 system offered by Vodafone, "evidently" as Justice Kerr put it "on cost grounds. That must have been because any security concerns were not sufficiently pressing to justify the cost...")
ECHO 2: Fujitsu's tender response had "significant deficiencies"
A lawsuit filed by Vodafone in October 2021 resulted in the public revelation that the government's procuring bodies (The FCDO and the British Council) had determined that Fujitsu's initial tender response had "significant deficiencies resulting in a technical solution that is likely to be unfit for purpose, and requiring workarounds."
Vodafone's, however, had scored even worse. The company had argued, however, that losing the contract would -- per a judge's summary of its argument -- "delay Vodafone's project to establish a UK Sovereign Secure core platform hosted within UK non-public cloud data centres. The blow to reputation would be all the worse because Vodafone is the longstanding incumbent provider and previous winner of the aborted 2018-19 procurement."
The case went to trial in early 2022 behind closed doors for national security reasons.
Fujitsu clearly won its case (the company has made a strong comeback from a reported 2012 blacklisting by the Cabinet Office from HMG contracts). The extent to which Vodafone won sought damages is unclear. Fujitsu declined to comment to The Stack as did the FCDO. Vodafone has also been contacted for comment.
Follow The Stack on LinkedIn today
The ECHO 2 framework will now finally see Fujitsu provide the following:
- Implementation services
- Operational Services.
- Elective services available for consumption by the customer via optional call offs
- A resilient network traffic management capability using next generation networking technologies.
- Global connectivity services — multi-protocol label switching (MPLS) connectivity, "providing the customer with the ability to route network traffic over MPLS links from overseas sites to the UK and between overseas sites with guaranteed capacity and performance levels. Very small aperture terminal for sites where the provision of other forms of connectivity are not available or a backup connection is required"
- Secure internet gateway
- Software defined perimeter — "providing the customer with secure remote connectivity enabling access to its data and applications through a network security framework that dynamically creates one-to-one network connections between each user and the resources that they access."
- Next generation firewall — "providing the customer with next generation firewall technologies, enhancing and complementing the traditional stateful inspection firewall with other network device filtering functions, such as but not limited to, in-line deep packet inspection, intrusion prevention system and application awareness."
- Encryption devices for Official tier data in transit.
- Service management
- Optional services
- Session border controllers — "support public switched telephone network and cloud unified communications integration to the customer's voice over IP platforms, migrating from legacy in country PSTN solutions."
- "Technical integration of the Supplier's ITSM toolset with the ITSM toolsets of the customers... transition and cutover to new arrangements prior to the expiry of the existing contract."
- Common services and collaborative call-off contracts
Other public sector clients such as the National Crime Agency, the Ministry of Defence, Her Majesty's Revenue and Customs and the National Health Service are expected to use ECHO 2 also.
It was not clear who the third bidder for the contract was.