On Jul. 22, the Defense Information Systems Agency announced a six-month extension of its Other Transaction Agreement to Booz Allen Hamilton for the execution of a Thunderdome Prototype, a zero trust security model that leverages commercial technologies such as Secure Access Service Edge and Software Defined-Wide Area Networks. This increased the pilot to a total of 12 months with an expected completion in January 2023.
The six-month extension is essential to allow DISA additional time to expand the Thunderdome pilot to include the Secure Internet Protocol Router Network and complete development, testing and deployment planning for the original unclassified prototype.
Thunderdome SIPR prototype development
The onset of the war in Ukraine has highlighted the importance of the Secure Internet Protocol Router Network and the need to ensure the U.S. Department of Defense has a modernized classified network that will securely protect data. SIPRNet is used by DOD and military services around the world to transmit classified information, up to and including, information classified as secret, however, the framework is antiquated and needs updating.
“DISA has made clear that we will not forget that the ‘fight’ is fought on SIPRNet,” said Christopher Barnhurst, DISA deputy director. “While we have been working on developing a zero trust prototype for the unclassified network, we realized early on that we must develop one, in tandem, for the classified side. This extension will enable us to produce the necessary prototypes that will get us to a true zero trust concept.”
While Secure Internet Protocol Router Network is undergoing a number of modernization efforts led by DISA, the Thunderdome prototype is an important part of the SIPR redesign process and will provide SIPRNet with the security benefits of a zero trust architecture. During this extension period, DISA will design and implement a SIPR zero trust production solution that is focused on improving and better securing the SIPRNet core infrastructure. This will provide DISA with improved visibility to ensure that people cannot access documents that they do not have the need to see.
Successfully Leveraging OTAs
By leveraging an Other Transaction Authority for Thunderdome, DISA has been able to appropriately scope the project as needed. OTAs have allowed DISA to be more agile and flexible to accomplish the objectives of an initial enterprise-wide zero trust solution.
The OTA also permits DISA’s Thunderdome program to collaborate and have more meaningful contract requirement discussions with vendors and sub-vendors in real time to successfully prototype a solution that could be taken into production. These ongoing conversations can better inform the program’s direction and can be revisited over the agreement’s period of performance.
Learn more about how DISA is seeing success with OTAs.
Integration with other DISA capabilities
Thunderdome will incorporate greater cybersecurity, centered around data protection, and integrate with existing endpoint and identity initiatives aligned to zero trust. Thunderdome will be a completely comprehensive and holistic approach to how the network operates – a major shift from the current architecture. As such, the extension will provide more time for better integration of DISA’s zero trust supporting capabilities.
Thunderdome’s secure access service edge will integrate with DISA’s Cloud Defensive Cyber Operations, situational awareness tool, Enterprise Comply to Connect, and Identity, Credential, and Access Management solutions. This increase in scope enables DISA to provide a more inclusive and complete enterprise deployment of zero trust capabilities for the DOD.
Looking to the future
While Thunderdome will modernize DISA’s cybersecurity infrastructure to improve its security posture, DISA continues to thwart adversaries and outside forces that affect its operations.
“This extension allows us additional time to better control the overall risk of deploying zero trust capabilities, prior to deployment,” said Jason Martin, director of DISA’s Digital Capabilities and Security Center. “With this additional time, we can conduct operational and security testing that was not originally planned for in the initial pilot. It will also permit us the necessary time to strategize on the best way to transition current Joint Regional Security Stacks users who will be moving to Thunderdome.”
Last year, the department made the decision to phase out the Joint Regional Security Stacks and transition to a new zero trust security and network architecture. DISA is actively developing a department-wide strategy where mission partners will transition from current cybersecurity solutions, such as JRSS, to Thunderdome or other zero trust implementations. The extended Thunderdome Other Transaction Authority will provide more time to better plan for transitioning JRSS users that will be migrated to an enterprise-wide offering of Thunderdome.
Focused on the warfighter
DISA remains steadfast in deterring our nation’s adversaries and accelerating our efforts to connect and protect the warfighter in cyberspace. We are taking bold and decisive action to ensure that the information technology supports our current and future warfighters and that our weapons systems are protected anytime, anywhere.
Thunderdome will help us to modernize our network and leverage industry advances in technology to deliver IT solutions that enhance security and data protections. Working shoulder-to-shoulder with our mission partners, we are focused on providing secure capabilities to the warfighter at a velocity of action to win.