Insight by Verizon

DISA already preparing for what’s to come after Thunderdome to evolve zero trust

Through Thunderdome, DISA hopes to determine the abilities of SASE and SD-WAN to manage cybersecurity to the edge, but also knows that additional work will be n...

Even though the Defense Information System Agency’s main zero trust program is still in its infancy, the organization says it’s already looking ahead to see what it can do to improve cybersecurity with its application.

DISA awarded a $7 million prototype contract for Thunderdome early this year. The purpose of the project is to start building the foundation of its zero trust strategy, a completely new way the Defense Department wants to look at cybersecurity and network architecture.

“Thunderdome reflects a substantial shift to a next generation cybersecurity and network architecture for DoD,” according to Chris Barnhurst, DISA’s deputy director. “Rooted in identity and enhanced security controls, Thunderdome fundamentally changes our classic network-centric, defense-in-depth security model to one centered on the protection of data and will ultimately provide the department with a more secure operating environment through the adoption of zero trust principles.”

Planning ahead for cyber evolution

DISA is considering what is next for Thunderdome as it continues the prototype process, DISA Chief Technology Officer Steve Wallace said at AFCEA’s recent TechNet Cyber.

“We can’t jump to the next thing right away, but we knew at the onset that things like data tagging and decisions made based on that tagging were not part of the original Thunderdome,” he said. The agency must begin now to develop plans for what’s to come next, Wallace said.

To that end, DISA leaders are meeting regularly to ensure the most optimal way forward for cybersecurity and identity management.

“We are trying to pilot a set of capabilities that we’ve identified as promising,” said Brian Hermann, director of DISA’s Cybersecurity and Analytics Directorate. “We’re partnering with the Air Force as well. We want to evaluate both the performance of those capabilities, as well as the interoperability. Given the size and complexity of our territory, we’re not going to have a single vendor or even a small number of vendors be part of this.”

DISA’s laser-focused on SD-WAN and SASE

Thunderdome specifically focuses on software-defined wide area networking (SD-WAN) and secure access service edge (SASE).

Hermann said SD-WAN is providing new opportunities to manage transport infrastructure. With SASE, DISA will be able to help drive edge security by weaving network security and network services into a cloud capability.

“We merge that together with our cybersecurity infrastructure and then we’re getting away from a separate set of things for cybersecurity versus transport, it starts to blend together,” he said.

“In the Department of Defense, we have a design backbone. We have connections to the separate networks that are part of the services networks,” Hermann explained. “How we manage that transition from their networks to the design backbone will determine whether or not we get the performance that we’re trying to achieve with SD-WAN across the network.”

The larger goal is to build interoperability within the zero trust model so that DISA can accept variances or different solutions when using it, Hermann said.

Tapping OTAs to award prototype initiatives

DISA used its other transaction authority (OTA) to award the Thunderdome prototype. That method is usually used to set agreements with nontraditional defense contractors. But Hermann said DISA used its OTA power differently in this instance.

“The more I thought about it, the more I realized that the reason for using an OTA is because we needed the novel technologies that come directly from the vendors that provide those capabilities, but we needed a knowledgeable layer of vendor integration,” he said. “The integration brought those together so that we could ensure that we are addressing the complexity and the size of the DoD networks.”

DISA’s push for Thunderdome stems from a governmentwide interest in zero trust. Last May, the Biden administration put out an executive order on improving cybersecurity mandating government agencies stand up zero trust architectures by August 2024.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

Related Stories