The Defense Information Systems Agency announced the successful completion of its Thunderdome prototype. For the past 12 months, DISA has developed and implemented a zero-trust network access architecture, which will fortify the U.S. Department of Defense’s networks and deter the growing threats posed by adversaries’ intent on undermining U.S. national security interests and international order
DISA’s Thunderdome prototype successfully proved that commercial technologies, including Secure Access Service Edge (SASE), Software Defined-Wide Area Networks/Customer Edge Security Stack (CESS) and Application Security Stacks, can improve both security and network performance in an existing enterprise environment. Thunderdome is a set of technologies that are integrated with, but not dependent upon, each other.
“China is our pacing threat,” said Lt. Gen. Robert J. Skinner, DISA director and Joint Forces Headquarters-Department of Defense Information Network commander. “China continues to challenge us at every turn. DISA, and JFHQ-DODIN, are working tirelessly to strengthen and sustain a cyber resilience advantage above our adversaries across all the warfighting domains.
“Thunderdome will help us achieve this advantage by making DOD’s networks more secure and thereby more challenging for threat actors to gain access to DOD systems. And our Thunderdome prototype validates our success.”
According to Brian Hermann, Ph.D., DISA’s Cyber Security and Analytics Directorate director, DISA met the success criteria for the prototype including the integration of SASE and CESS to enable conditional access to applications and resources based on user and device attributes as well as the user’s geolocation and time of use. Thunderdome can ensure that the right person is accessing the right data, on a managed device, from a trusted location at the appropriate time.
Thunderdome proved, with real users, that the solution works. DISA onboarded approximately 1,500 test users at three locations to use Thunderdome’s remote and on-premises capabilities to perform their daily responsibilities. Results showed that Thunderdome increased network performance, and DISA independently validated its services improved security.
“This is a huge advancement for DISA, and the department, on the zero-trust journey,” said Christopher Barnhurst, DISA deputy director. “Thunderdome has confirmed its potential by laying a zero-trust technology foundation, but the work doesn’t end there. To truly accomplish the department’s zero-trust goals, DISA’s next steps include changing the culture to implement policies and procedures to make use of zero-trust technologies and approaches in every program.”
Thunderdome’s success is a major milestone and a key step toward meeting the DOD chief information officer’s zero-trust targets.
DISA’s Thunderdome solution also aligns with several federal cybersecurity modernization efforts to include the president’s executive order on improving the nation’s cybersecurity, the DOD’s national defense strategy’s zero-trust, automation and cyber objectives, and DODCIO’s digital modernization strategy.
Beyond the security benefits of a zero-trust driven architecture and the additional data provided by Thunderdome, DISA’s prototype displayed increased network performance metrics for remote access. One of Thunderdome’s greatest benefits is that its architecture has significantly simplified network administration through automation, which improves performance and increases efficiency. With Thunderdome, policies are defined once, and get applied to all relevant devices automatically.
Additionally, DISA recently began deploying some of the zero-trust technologies used for Thunderdome’s unclassified prototype on its classified network. By doing so, Thunderdome’s tools can apply condition-based access controls to data on DISA’s classified enterprise network, making this network more secure.
DISA will seek approval for a production other transaction agreement from the Office of the Under Secretary of Defense for Acquisition and Sustainment to offer Thunderdome, across the department, for at-scale deployment.