The Defense Information Systems Agency’s (DISA) technology chief today offered a glimpse into the future capabilities of the agency’s Thunderdome program, and said data is at the top of that list.
At AFCEA NOVA’s DoD Enterprise IT Day, Steve Wallace, director of emerging technology and chief technology officer (CTO) at DISA, said the agency continues to make progress on the Thunderdome program, but he envisions a future where the program incorporates a data pillar — a critical component of the Pentagon’s zero trust strategy which is currently absent in the Thunderdome program.
DISA began work on Thunderdome in January 2022 when it awarded a $6.8 million contract to Booz Allen Hamilton for the execution of a prototype for a zero-trust security solution that aligned with President Biden’s 2021 cybersecurity executive order.
Booz Allen Hamilton, following the completion of the prototype, was also awarded a follow-on production other transaction authority agreement as DISA transitioned Thunderdome from the prototyping to the production phase.
DISA has deployed its Thunderdome program to 40 sites and overall plans to roll out its zero trust program to 60 sites in fiscal year 2024.
In its current state, Thunderdome consists of four components — customer security stacks, software-defined wide area networking, secure access service edge capability, and application security stacks.
The Defense Department’s (DoD) zero trust strategy outlines seven pillars necessary in a zero trust architecture — user, device, network and environment, application and workload, data, automation & orchestration, and visibility and analytics.
According to Wallace, DISA intentionally left out any data efforts because given the time constraints in delivering the program, “we couldn’t give it the necessary attention.”
While the Thunderdome team elected to not include a data pillar in the program, it remained a critical challenge for the agency. But today “the [Thunderdome] team is starting to dig in and trying to get at efforts surrounding that data pillar,” he said.
“How do we make decisions around data? How do we properly vet data? How do we appropriately tag data? That’s sort of the next frontier for us around that data pillar,” he said.