When a cyberattack hits a commercial enterprise, the consequences are measured in financial losses, reputational damage, and regulatory exposure. When a cyberattack compromises the IT systems connecting U.S. diplomats to classified communications, sensitive negotiation data, and global intelligence networks, the consequences are measured in diplomatic outcomes and national security equities that no insurance policy covers.
That asymmetry between the mission stakes of federal IT and the security posture that aging government infrastructure can sustain is the core risk that the U.S. Department of State’s Evolve contract is designed to address. And with Leidos securing awards across all four functional categories under the programme, the contract represents one of the most significant federal IT modernisation mandates of the current cycle: a seven-year, $10 billion ceiling vehicle covering cloud and data centre services, application development, network and telecommunications, and customer support across one of the most geographically dispersed and operationally demanding IT environments in the federal government.
The scale of what this contract undertakes deserves careful examination not just as a government procurement event, but as a signal about the infrastructure requirements of modern diplomatic operations and the security architecture demands that come with protecting them at global scale.
The State Department’s IT Challenge Is Unlike Any Other Federal Environment
The framing from Leidos Digital Modernization President Steve Hull that the State Department runs one of the most globally dispersed IT environments in the federal government is not rhetorical modesty. It is a precise description of a genuinely exceptional infrastructure challenge.
U.S. embassies and consulates operate in every region of the world, including in countries with actively hostile intelligence services, unreliable telecommunications infrastructure, and physical security environments that create unique constraints on how IT systems can be maintained, accessed, and protected. Embassy staff and diplomats depend on IT systems that must perform reliably across this full range of environments from high-bandwidth, stable network conditions in allied capitals to low-bandwidth, high-latency, high-risk environments in conflict zones and adversarial states.
Security requirements in this environment extend well beyond the conventional enterprise threat model. The State Department’s networks carry classified diplomatic communications, personnel data for staff operating in sensitive environments, and the operational systems that support consular services for millions of American citizens abroad. Adversaries specifically targeting State Department systems include the most sophisticated nation-state cyber programmes in the world the same actors that regard diplomatic intelligence as among the highest-value targets in their collection priorities.
Maintaining zero trust security, reliable connectivity, and continuous monitoring across hundreds of embassy and consulate locations globally with staff who need systems that work regardless of local conditions is the infrastructure problem that Evolve is structured to solve. It requires a programme scope that spans cloud architecture, legacy application modernisation, global network infrastructure, and end-user support simultaneously, which is exactly the four-category structure that Leidos’s awards cover.
Zero Trust at Global Embassy Scale Why This Is Harder Than Enterprise Deployment
Zero trust security has become a federal mandate following the Biden administration’s 2021 executive order on improving national cybersecurity and CISA’s subsequent zero trust maturity model. The conceptual framework is well-established. The implementation challenge at State Department scale is considerably more complex than the enterprise deployments that most zero trust guidance assumes.
Zero trust implementation in a standard enterprise environment assumes relatively stable network topography, consistent endpoint management capability, and reliable connectivity between users and the identity verification infrastructure that zero trust access decisions depend on. Embassy environments undermine several of these assumptions simultaneously.
Diplomatic staff in high-risk environments may be operating on constrained or monitored network connections where every authentication request carries potential exposure. Field deployments require zero trust policies that function when connectivity to centralised identity infrastructure is degraded or intermittent. Endpoint diversity across a global embassy estate creates device management complexity that centralised IT organisations handle with standard tooling at far lower scale.
Leidos’s experience in cloud migration and zero trust security for federal environments built through prior federal programmes including defence and intelligence community work provides the implementation depth that scaling zero trust across this specific environment demands. The combination of automation and continuous monitoring that Leidos brings to the programme is the technical architecture that makes zero trust viable across hundreds of globally distributed locations without requiring proportional growth in the centralised security operations staff managing it.
For the federal IT community tracking zero trust implementation progress across civilian agencies, the State Department’s Evolve programme under Leidos represents one of the most demanding real-world deployment scenarios in the current federal modernisation cycle. How zero trust performs across the embassy estate in terms of both security effectiveness and user experience for diplomats whose mission depends on reliable system access will produce implementation lessons with broad applicability across the federal landscape.
Application Modernisation in a Mission-Critical, Legacy-Heavy Environment
The application development services category within Leidos’s Evolve awards addresses a challenge that is common across federal agencies but particularly acute for an organisation with the State Department’s global operational footprint and institutional longevity: the accumulated weight of legacy applications that were built for a different technology era and have been sustained through decades of incremental modification rather than systematic modernisation.
Legacy application debt in federal environments creates security exposure that is structurally different from the vulnerability management challenges associated with current-generation software. Older applications were designed before zero trust principles, before modern identity and access management frameworks, and before the API-driven integration patterns that contemporary security monitoring depends on. They frequently cannot be instrumented for the telemetry that modern Security Operations Centres require, making them detection blind spots even within well-monitored infrastructure environments.
Application modernisation at the scale and complexity of the State Department’s global portfolio supporting consular services, diplomatic communications, personnel systems, and mission-specific applications across diverse operating environments requires the kind of structured, iterative approach that indefinite delivery indefinite quantity vehicles are specifically designed to enable. Rather than a single transformation programme with fixed requirements, Evolve’s IDIQ structure allows application modernisation to proceed in prioritised tranches as mission requirements and security risk assessments identify the highest-value modernisation targets.
For federal IT leaders watching the State Department’s programme, the application development category under Evolve is the component that will most directly determine whether the broader infrastructure modernisation delivers the security improvement it promises because zero trust controls applied around legacy applications with inadequate telemetry and weak internal security architecture produce a perimeter around vulnerability rather than a resolved risk.
Network Modernisation Across Environments That Test Every Infrastructure Assumption
The network and telecommunications category in Leidos’s awards sits at the foundation of every other capability the Evolve programme delivers. Cloud services, zero trust access controls, and application security all depend on network infrastructure that can deliver the connectivity, reliability, and security properties that the rest of the architecture assumes.
State Department network modernisation is a programme that operates against an unusually wide range of environmental constraints. High-bandwidth, low-latency connectivity supports mission functions in stable allied environments but cannot be assumed globally. Satellite and alternative connectivity paths serve embassy locations where terrestrial infrastructure is unavailable or compromised. Network security must function against adversaries who have both the technical capability and the intelligence motivation to target State Department communications at the infrastructure layer.
AI-driven operations which Leidos brings to the network management component of the programme addresses the monitoring and response challenge that this infrastructure diversity creates. Manually maintaining network visibility and anomaly detection across hundreds of globally distributed embassy network environments is not viable at the staffing levels any federal programme can sustain. Automated monitoring, AI-assisted anomaly identification, and intelligent routing optimisation allow the network operations function to scale its coverage without scaling its headcount proportionally.
The telecommunications resilience dimension of this category ensuring that embassy communications networks remain functional in degraded, contested, or disrupted environments is the infrastructure requirement that distinguishes State Department network modernisation from standard enterprise network programmes. It is a capability that directly supports the diplomatic mission in the circumstances where that mission matters most: crisis conditions, conflict zones, and geopolitically sensitive environments where network reliability is both most critical and most threatened.
The Federal IT Modernisation Pattern This Contract Reflects
The Leidos Evolve awards are part of a broader federal IT modernisation pattern that has accelerated significantly since the 2021 cybersecurity executive order established zero trust, cloud security, and improved information sharing as governmentwide imperatives.
Large-scale IDIQ vehicles covering the full stack of IT services infrastructure, applications, network, and end-user support have become the preferred procurement architecture for federal agencies managing complex, multi-year modernisation programmes. The structure enables continuous capability delivery rather than the periodic large-contract cycles that historically slowed federal IT modernisation relative to private sector technology adoption.
For the federal IT and defence contracting community, the Leidos Evolve awards confirm several market dynamics that have been building across the federal IT services sector. Integrators with deep federal security credentials specifically zero trust implementation experience, AI-driven operations capability, and global network modernisation track records are capturing the largest and most consequential modernisation contracts as agencies shift from component procurement to programme-level partnerships that can manage transformation complexity across the full IT lifecycle.
The $10 billion ceiling over seven years positions Evolve as a programme that will shape the State Department’s IT architecture across most of the decade. For Leidos, the four-category award scope creates the cross-domain visibility and integration authority that major IT modernisation programmes require to deliver coherent outcomes rather than technically excellent components that don’t collectively advance the mission.
What the State Department’s Programme Signals for Federal Security Buyers
For federal agency CISO and CIO leadership watching the State Department’s programme, the Evolve architecture IDIQ structure, multi-category scope, zero trust and AI-driven operations as foundational requirements is worth examining as a programme design model rather than simply a procurement announcement.
Agencies with globally dispersed or operationally complex IT environments face analogous modernisation challenges to those the State Department is addressing through Evolve. The combination of cloud migration, zero trust security, application modernisation, and AI-driven network operations that Leidos is delivering addresses the structural risk accumulation that most federal agencies have built up through decades of incremental IT management without systematic architectural renewal.
The security posture improvement that a programme of this scope can deliver moving from the reactive, signature-based security model embedded in legacy federal IT to the continuous monitoring, zero trust access control, and AI-assisted threat detection that modern adversaries require is not achievable through point solution procurement. It requires the kind of integrated programme authority that Evolve’s structure, and Leidos’s four-category award scope, provides.
For diplomats and embassy staff whose mission depends on systems that work reliably and securely in every environment they operate in, the Evolve programme represents a commitment to the infrastructure that diplomatic effectiveness in the current geopolitical environment demands. For the federal IT community, it represents a case study in how to structure modernisation programmes at the scale and complexity that the most demanding federal missions require.
Research and Intelligence Sources: Leidos
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
