DISA to deploy Thunderdome to 60 sites, plus Coast Guard

Less than a year after awarding the $1.86 billion contract for the Thunderdome cybersecurity initiative, the Defense Information Systems Agency is preparing to roll out its zero-trust capabilities to 60 sites this year. 

The agency has also completed the contracting process to support the Coast Guard’s efforts to strengthen its networks.

“We just completed the contracting effort to get underway with the Coast Guard work. There are some site surveys and things that need to be done, but that will be additive work on top of the planned work,” Brian Hermann, DISA’s director of the cybersecurity and analytics directorate, told Federal News Network. 

The Southern Command, the European Command, and the Africa Command are also considering working with the service provider. This will help the commands get off of the legacy Joint Regional Security Stacks, a widely criticized program that once promised to improve the Pentagon’s network security posture. The Pentagon is rushing to sunset JRSS by 2027 as it’s working to achieve the target level of zero trust by the same year. 

The agency plans to bring the Thunderdome zero trust architecture to 14 more sites in the coming year. 

Hermann said the agency will first focus on organizations that are already part of DoDNet, which currently supports users from DISA, the Defense Technical Information Center and the Defense POW/MIA Accounting Agency and the Defense Technical Information Center on the unclassified and classified sides. The goal is to get those sites up to the required zero trust standards. 

Once more agencies migrate to DoDNet, they will have the Thunderdome zero trust architecture in place to enhance security of their networks.

“Over time, as they come on board to DoDNet, they will get the Thunderdome architecture as a basic part of their commodity IT. That’s helpful for them and it’s helpful for the department because then we know that those organizations will have achieved certain elements of zero trust target state, which we’re all required to achieve by the end of fiscal 2027. So we expect there will be more organizations that come on board Thunderdome,” said Hermann.

Key components of Thunderdome

The Thunderdome project comprises four key components, including customer security stacks and software-defined wide area networking — those were combined into one function that sits at the edge of the network enclave. 

Thunderdome also provides secure access service edge capability, which replaces traditional virtual private networks. And the final component the agency deploys under Thunderdome is application security stacks to provide protections and segmentation functions and prevent unauthorized movement.

“That’s a complicated effort for the department because we have at least four different commercial cloud providers that work with the department — Google, Amazon, Microsoft and Oracle. And then we have legacy on-prem data centers, which include some elements of cloud even in those areas. It was really important to us that we looked and found a way to secure applications in those spaces that didn’t have to be different for every cloud environment that we find ourselves in,” said Hermann.

Before rolling out the program to 15 sites last year, the agency tested out those capabilities at three sites. It then brought in the Joint Interoperability Test Command to evaluate whether the technologies were meeting zero trust goals. 

“Once that was proven out, that’s when we embarked on the 15 deployments and now expanding,” said Hermann. 

Hermann said the agency uses the Thunderdome moniker for all things related to zero trust, including identity, credential and access management (ICAM) capabilities, and capabilities the DoD has received as part of its Microsoft 365 E5 licensing, such as Microsoft Defender.

Security orchestration to provide automation

As the agency rolls out the Thunderdome architecture, the service provider is honing in on a key part of the effort — making sure the cybersecurity tools are linked up so they can share information rather than being stovepiped and adding automation to help operators manage large volumes of security data.

“We know that the proliferation of multiple tools and mountains of data make work hard for them. And so part of this is where that AI kind of capability plays in. Let’s take a look at those mundane activities that we know how to respond to and if that solves for 75% or 80% of their workload, then we can have those same people using their minds on the higher end fight. This is really important to us to get after that automation, and AI definitely plays a part in what we’re doing,” said Hermann. 

To get after automation, the agency is evaluating a capability called Perceptor, an AI/ML platform operated by the Chief Digital and Artificial Intelligence Office, that will be part of the Thunderdome architecture.

“We are working that in the background between our Thunderdome team and our analytics and data team in cybersecurity in the program executive office for cybersecurity here at DISA. We’re actually doing that now. It’s live. It hasn’t necessarily become yet the standard way that our defensive cyber operators work. That’s partly because we need to prove it out. And we need to have the tools to build the rules so that we can automate those things and be confident that we’re getting what we need out of that,” said Hermann. “There is ongoing work there. It has been implemented, we’re doing it in secure commercial cloud.”

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.